Resubmissions

24-10-2024 03:22

241024-dw319sthrk 10

24-10-2024 02:40

241024-c537ys1blh 10

24-10-2024 02:34

241024-c2p6xs1aka 10

Analysis

  • max time kernel
    13s
  • max time network
    151s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    24-10-2024 02:34

General

  • Target

    92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk

  • Size

    3.6MB

  • MD5

    0366ae0abf0ada8aed90322bfe07dfd5

  • SHA1

    2f0779ce64f02944e87674745cb446c5bc620607

  • SHA256

    92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

  • SHA512

    52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677

  • SSDEEP

    98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Malware Config

Signatures

  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Processes

  • com.systemservice
    1⤵
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4216

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    512B

    MD5

    296213d459b8635d88bcfc6b74cae843

    SHA1

    893cffabea38e62becad78186d9976fdccfed390

    SHA256

    b729ebdd9b19a49574e102f60fcef24992568c0a4884686ae1d86932ab3eead6

    SHA512

    3c7a71dac09f4768de40745afd728c0c9bdcf17dfeb1030af143cf72eec145099d00f6dea65ce39592cd364bed04aafd3e3c276fd203c03297b714e5d69b2f78

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

    Filesize

    68KB

    MD5

    e8211c71d5428c23ec87e7fd6967925f

    SHA1

    52b86fb6d5a09a77f53dd5d72b528a28632a3d04

    SHA256

    ed1e01c17012d9a71facea2311d439b5b492485a497d31302595f146a3b22c81

    SHA512

    cd3e3ec0eb51edb7099ff3401dc4439ad3aa3fb7aee68ca3591ee8fe73061d3b287c8ddff0a039cfe599ca4a5d86f866a67e92e084e5d9f2777e7831842551b1

  • /data/data/com.systemservice/databases/core.db

    Filesize

    36KB

    MD5

    045489a0639eee27bca52f48828cd93d

    SHA1

    436e7966e7c019273c44faa4d8c5709b816dfda3

    SHA256

    0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

    SHA512

    c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    7237409e0640cfab7bdbd429bf821a3b

    SHA1

    4c3da934842f8d4835dfe2a9c275a300e5123309

    SHA256

    5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

    SHA512

    c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    1c5923072c07db4fd697c9cd2650d68a

    SHA1

    502a57c341a844f63dead0c528dc3083971acdd8

    SHA256

    6b745ca410c547bf9eafc50a2f271e8e75fd512892976d494921f67c1b762251

    SHA512

    d2082660f70e6e0dca70040842d3817059f7dda7c406e7aa864ca62d07676c10567688a5b491f54c128dd0a0a1724b7452d702780915d2bd114bd1da42b28d46

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    75eb1aae5d759ec6476e678201f598e5

    SHA1

    47e4e58864e01032b304758d0157194e5d5dc1ff

    SHA256

    a92c9482eb476cef795e7ca79d59cdad7d24a8f14373b2a83426868bef43b694

    SHA512

    4100749d7b467e88375be9021440d65c66f20bcb939ea50ff56ef2ce06223b22ac74768df14c97a51613359651861ea854f38be5fb3c6be414ab0d1f9a53d1e6

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    e569e9ebb37419cb325299ef569b8f82

    SHA1

    5e3897a29ad02f87155369befc438caa5a81049c

    SHA256

    f7c363e596261e0498ac1ff688bb5cf24aa6a1390c654c01c39dda8d1c7c8329

    SHA512

    e7cc0debee8fc0a6ba718255b32ca3342db66fe5473f8758ea367024ffdfa0665ea72f898ad79b7bcf652af8c2abd7befc1af459ae7a40410b238acb2a8ade23

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    99ed781c12a191e19056e23342119cc1

    SHA1

    76cceee46a670a0ae752e65fb02c6978c91d4081

    SHA256

    3a14629d7eca4a87efff50400c67c80c27140c5be9c71833632ed49d548a5daf

    SHA512

    b6258f1beababd68715f04b33f069062c7957d2a8fd4ae21ee472790dfd10f767df1cdff6c34968a827445cf41f35b48bb0cb364c95f3d4c59fd086369aacdba

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    835cfc7decf507cdc5e54f602e3f9699

    SHA1

    4a55d424cb32e766554672cb2d0b3804fc47552f

    SHA256

    29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852

    SHA512

    2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    3cef1f510d760daa076a5d93e86ba655

    SHA1

    2f27b776fa92b3415273b1117450d02be6740d27

    SHA256

    875338ebf41effd33e64733909ad0b5b1d7fd24bcf1de624945c4b2cf83980f7

    SHA512

    b53affda2f340ff569a52bdab264f21f79566e91244d8bb38e4178ecffbcf73d8f7ed8794323201cb05cd7a80388230d21d7a0b4cdf98c3fd13063fc4e77dec1

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    36KB

    MD5

    51dd404807febd360df337fa57a0ec4d

    SHA1

    787e42a524ac024fdbb1a32e1c747fd7177e63f3

    SHA256

    ebcb3642ac514e4017cbcfe7309e2b4a234667860f4ebd9abecc6c89b7f74a64

    SHA512

    4c28737e7685380b6427180f6e26fdd89680b1c2d63a77f03127a67457a0c0084192f76ec7b7132d3121454594a039321030440cbae52cfbf1f0d8cca9ef9c0a

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    4b5d7320f4b33de3c4f831fb9cdb4aa0

    SHA1

    1e4760ed5f79ceaa7cf9679544bc6d17e38298ee

    SHA256

    31e87253ebc0e661abf9800f481f70ce13d94e75305c8d39178240f52bbf5bae

    SHA512

    6ce25900e7cdca4683ac43387dac49cca88b702eeb2eea0983f2f187c95443a7669c36bd440fb272ade7f7c4ccefee5d4e19e1009214ad391eb373e4fe95da59

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    020b7f3ba147eb94bfdca75030b1033c

    SHA1

    dd2fb72ef7523454fa25f21c784723a10acdb444

    SHA256

    69f9695c99f7399caa3a7872905f4484ad5af2b3763c03e27e84d966a49bd439

    SHA512

    49acd3deb132cb65771a378c4691aa47335236c37d1d381fa275f570c2cd481de9295bd31dbc32b548aff119de4f62909ec6159472f3cf6bd8e1b822e5b3f405

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    3fab8f38a63604874b152e9ac6d38a69

    SHA1

    9d9a2675725b9fe1bb496eedb2b1a55370496950

    SHA256

    2f6d222b0315ce56cf9a0760d76c66bb93c09083bb5a6f9c765b7d2828b9fa05

    SHA512

    ac1b88eb21b91489a8e83d5697877d0c7b00db940c6d8acaa9c42ffdcb0b48c6acd89751ce44976bd29b2421b768a3c5c4e92076a9db7816d3663b09bfc81d7e

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    562914909aa8bd497d749235f62aaeaf

    SHA1

    5899f26964e6c55b5a6bf7d4b711405ffcd1ff5b

    SHA256

    d5cbf4fee59d4c66eb28025590f21a69f657ad220d8605291cfad2329ab6c016

    SHA512

    703fdcf5e2760ba56ebd5075bdad9376c200b63369d765942e115ddb73403e40f5af48407d7ac54554fa7f38dd1ec73207185f1d63fe69ac3b8140e40bf5a004

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    47bc90ac4062be0e65dfd4392591dd98

    SHA1

    b28cbc7cf180b940c547a65f36c5aa770c0d5943

    SHA256

    a83c2c9fb402993faa28d971f57478d84c683e622c23fe0d404712ffc54918b4

    SHA512

    bbfef553f26e201a1863f4a8f3af7da06c03e298dc1e34c65c66437c664a5909205f59d949bcdc243b70b7c38541e0d56c68cfc4b536e79847c4ea021f842ce9

  • /data/data/com.systemservice/files/PersistedInstallation1627972475223890630tmp

    Filesize

    556B

    MD5

    cee48238ecc5dd60aa9f85dbb1c4a79d

    SHA1

    734fedc41de21139df0f20bcee971bba178f280d

    SHA256

    3d1b475787407c0c999f58a24b2b505c97c7eb8aa29fd6b36b5727381ee35fad

    SHA512

    10195f6cde2511be45c588e7301f86d29ec08696ba691ca2b671b779c4ad3efedbe6630ff0c9f5aa1222ef831ed49f4af5ebe4ed43a79ce7daffc7e1a9b883c2

  • /data/data/com.systemservice/files/PersistedInstallation6898678983399534206tmp

    Filesize

    90B

    MD5

    2886f07a56f83ee48b54ed69dd37f00b

    SHA1

    00476241c99bcb851eabe416f47427b118e8f197

    SHA256

    b5ad5c490e5debb63d77e78af47e841d2a175748cc4e89fd0160160dd48ff2d5

    SHA512

    1d59793e4a12ff9ef097991d84db8e621b8264d65f61eff1ed00ca21e6af0e36116791625e367fd9dc2340db9dda5f3dec665d322fe2d78330825200a5183707

  • /data/data/com.systemservice/log/log4j.txt

    Filesize

    6KB

    MD5

    029356eacf6c94aac497ee65b827a001

    SHA1

    7eef3426a3f024b6d7514cf110e65fbb0f6c57f5

    SHA256

    26bf3a2977d864c322fec0f6cc6726a96a151fbe03983ef153b7e4dfbe6d9712

    SHA512

    a5d88dd7dff920ec6f1972e0dad14efc5bcec3be064884cc2f1bb7cf82498124806bc24db6e126c8f15f8bdd0db8d13f801c6884d7df95c9a2bc4ca8a5c0ad79