Analysis
-
max time kernel
64s -
max time network
72s -
platform
android_x64 -
resource
android-33-x64-arm64-20240624-en -
resource tags
androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system -
submitted
31/10/2024, 14:34
Static task
static1
Behavioral task
behavioral1
Sample
Blitzer.de_3.8.9_APKPure.apk
Resource
android-33-x64-arm64-20240624-en
General
-
Target
Blitzer.de_3.8.9_APKPure.apk
-
Size
18.8MB
-
MD5
5cca621d68f91fd2637c2f5917fb4776
-
SHA1
2d7815452539dcfdfb9f489e025bbaf2fe29fbe2
-
SHA256
39f5e2e15475c16a26ec60b2bb5f83bdbe16152d567e75d817a012ac6af8c3ee
-
SHA512
4f5e57317c8242afa4d8263995f7a5e9c7c086293a3879b06e5b43f5d34b482bc3250e5fc8a6456a9ce976c042153582c35e232a149f2990c1de9b15727ff1b0
-
SSDEEP
196608:j4TkO0QFA2zTJ3ovd3n/diPN1iSm270MATk9WeWvz94gWXZmyCZAJoEu6z8C5mcZ:cuk+vd1UK270M19W/J4gWpgA+4zgcdqa
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /system/app/Superuser.apk de.blitzer /system/xbin/su de.blitzer -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener de.blitzer -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground de.blitzer -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo de.blitzer -
Checks the presence of a debugger
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener de.blitzer -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo de.blitzer -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo de.blitzer
Processes
-
de.blitzer1⤵
- Checks if the Android device is rooted.
- Obtains sensitive information copied to the device clipboard
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Listens for changes in the sensor environment (might be used to detect emulation)
- Checks CPU information
- Checks memory information
PID:4340
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
12KB
MD5bbfe3bff607e0c7ce73c1000befee27b
SHA14bc092db7a81b056b8cb2db8efee229be992491d
SHA256dd551dcf709bb620274428ee02e086561bd0e83aa7c820098e11821e8433d878
SHA51220e7713e83a10b8789cef75f19e47db868d10ebd8058a5cb312f66533145370aff2d2241f409fc95007d694fd8ede36f211bdeda12820e45973f9e5da1ff0413
-
Filesize
8.0MB
MD5ac04620908675d4362eb5bc97f5578b9
SHA1c38b780bc66683b768ae62e91577611bcfc1a079
SHA256c80b75e9d921fb80f53394bb387f7d50c665759d20010cc2159d40d2731df807
SHA51233b9d3f0b40dfa22c4945323819ce28e7841089889c81d3bf778ab45c74a234bd3104bcc8fd39de0a688db2f266234a5bfd91a50ebf3546fa6568ec45c48239b
-
Filesize
8.0MB
MD532285b16aa57ab37e5dc82f616c1eecf
SHA19ab8adf1e2cd51d892025cac2c2d8a244d1307c5
SHA256d7d12799a2ecfd3d46af5845ed36491ed434645d81bf128c0046467b0e7f491b
SHA5123333021469f93bea1dc078fba3990be46583af99f138891d1b2a81b264aa43cc19e3cef18186c7fd9694a47c3aebe65002320d494543a7d3242a3bddc0781597
-
Filesize
8.3MB
MD505a8e6a02d21da82a4a8609a68d3849d
SHA19c8ff6da176e252daef65f4704a429a9b4fff083
SHA256064ae5af21e7cb0d6b1418fb63d0ac2d5ff7645b5582cee94bc16a5e2547545e
SHA512dd298fdd2ee8e78acaaf6af3cc833f3e358990cb9f5aac6369a334a43bbdaf1dea5742f9170acada5aa5fc40488313a777d5c45df4b69caa7dc8071cbf65d9ac
-
Filesize
512B
MD54e5996709bd3b80eea241334f14cfc97
SHA17026d0b0392417a25a1fc8f366f6920814e49df2
SHA256f2d8033993c96c91cc725d7e68cdd0b62d36695bae8fd89f9ea3878525bdcc71
SHA5127a56c9de4aff68ca95f93a22ad7702819c08f61df7c5b9ffbaa8b8d42792d5694234419583dd3d0f92ef5fd942c4d03645bb913c8e7e4d082fdf6630fa775d83
-
Filesize
8KB
MD5d4ce8653aca650a3dd1b883d2949e42a
SHA1357b83acdeaa7c2d30537a863d95de5bd457c961
SHA256ed32429e2368c5241c3e271b9f03587d22f31ca261b32e0a7f784575128f8b9d
SHA512d17ae5491e746dc51093b0b6125a128affb8ecf0d098f9b703e9e64d410f936b4a2cc1c44944bd19e87d39e88f662c47ba6464a85fa0f0933c30850afae047cc
-
Filesize
4KB
MD554f251b0aaf748d08acbb1b262e8fa8e
SHA133f92bdf4dda5c223b017ec526e60e07bc65bbb4
SHA256023c2cccdeb9a58444952742c938e5839b2d11342e8d6cce6aff5c0631dd691e
SHA512a3ce32a069bb87d4550a34ddd9b450d6a59347d1a39a7ff27de68d70763f06c26c5949a994194fae53dd340ff6e7a995768bf969fd76457668ae4c28872769fa
-
Filesize
4KB
MD57e9280265f9ceecb4384dbc71eb522b4
SHA14d62f03b3a95cb292de7b5d933c0e2fa8a3bce81
SHA25678a78415075478c10c15f3b49bac2fc6fad6b867531f059ba9a87e4735b8108e
SHA5127b89a1a1101289720963a15280cdb40521c4a82b07672ee30c890826b7f378ec09d5c092a534cc967f98cf2cf22875497dad5c9f59fcca0ad977b1de6653f52d
-
Filesize
8KB
MD5b7cc89a13b860ca95a87a09e995680ac
SHA13ebbee846e2ad40a44ebc7a04f987e725939e586
SHA25687d4e608ab9ecd4a9c3b7228fbcdb28817c3779b0aa2041cec13e9e84a4a9355
SHA51208542c5f3154ba79dd66b52c5f8751609a39b554c40bcfb326365857eafbde72eb6c318783df06cdcee30d77ec2642de045f3c46c48cfe6d5d05d3e7daf4b99c
-
Filesize
32KB
MD54a789feeabde6b22129d265476f23fdb
SHA17df59ac0542f3d01349a453472e7da02e91b9a52
SHA2566ab4be240b60574dd760f0ce2ddcb78be7283be5bdd1bcf5d6a33787bb554bcc
SHA512577edbb8434365a9bfbdcece8da195aaad4d27a61a7124c1f2837ebdea510357c867ffdd23dc3473ec4205563837751f22721b197f38fa2200d18867bebd5cbd
-
Filesize
56KB
MD57e7750ca3f986d392525db31d6213201
SHA1baf718e36915ea3c1dba88bfd5eb3c3dff79128b
SHA256ae5b6b3ce9e8224808af4b7fced9a61a04e8f3f954c16bd229833ea0018cb1ab
SHA5125409a1918e565a60747f02cf5740f505c8b66d1fafaf887eddc0773d07e3b8ba9dd91f3d1dc2bc5e76ba4cb9eb90cbe9da878d4b3859238a5f55e0dd5b7cb5d6
-
Filesize
512B
MD5551a706c6663f193245978c648d19bda
SHA1f8fa65262df7866b70f2561db18f355c511c9e0b
SHA25602b78e684d58f6d48315a9d0e2298cf8af7dde3cb4f8951013e77f31ae83dbf1
SHA512068df963dac8ebf5b9e2ae0952c43ba31ea375446b990012f0ca8404f9cae86af884f27f7829b0cc06b262fefbf0b421661689296dc7246fb8937e96038a2bca
-
Filesize
8KB
MD51e7ad6fa99dd85de866b66c62782b5ad
SHA11d091aa35309d01c2c56a1aab1c5dde235af7e59
SHA256935064296b917273972c74f2cc74c95ffd72d68d8bbdf030732cbebca6cec89d
SHA51280e244ed673acb7424dc0158f3d0e5085c4c56f12c670d9587e5536b1bff9917c17f98e0cd13833958c218b6f7cec7ffece8f8eb880f35765f769bb45f3deba6
-
Filesize
8KB
MD581b65c2cee8880e4122199a133c7b1f4
SHA180ccd9747f3c6cb56e8d4425d42c264e3671fd06
SHA256782f72fccfa07e725f3a2c6be1f5324514673b9535cd16b179ae03486528e057
SHA5128bfccbe2bce142b5ba43f53420edcb357cca5e726809ec8aa6f329d9171ba3cb994c4d1d3e51b1946743a2369ac95afe6626b4211fd3936a4c90220aebe73245
-
Filesize
120KB
MD5ff69e011648a1b6797e143e02aa7b7ed
SHA1d82951d037a04502be776f67184b2e2bfbcf9b3e
SHA256a74fcc0e858377d091cfa4b583dd3551c1930e68fd3a09cb70adba408945562c
SHA512c9cb58aa9bda332e2d4ff4bc4f64d283b952e794b1517a262e6b5b8cff967a6396d4f7115512b8eb62af72722326d80b76d9ad87f38bde432e3c3ca160e0ec92
-
Filesize
20KB
MD59b7f8b873c5cc90b4946e8689704c79e
SHA17286aaf3b63609fb21e3623113996d88b50f979a
SHA256ac05bc62fb3e4bbf3eb368ae648e606c0a938419160883b4e2b93f0a1c13a7a3
SHA512fefdcd4f5ff5fa590e3cd5bc4f929a3abcb232192b6ec98c0a9fb19001604a70d286b049139856dea2b5346ee97451d2840be1aa1e9c2604373d357fe4afec2b
-
Filesize
512B
MD5fbf3cfa8705266713b79971b34aaaded
SHA13c1113f630e0aa86d9c410048077a6327ee27652
SHA25620a66a336152860491880010e84510181b0a03e60ed05aa44a003652116d6352
SHA5128f2f712189e02cf9b5fc0478e1d47094250ad3d596b7a31b826e582632f6dc5ea7c95e3fdf8184dbdd909c1d9f0b3aad1166afcd947365515e637d68ebe25e21
-
Filesize
8KB
MD5432397da97abac18f046681051058eba
SHA14a9292e1e84ef05cb8f8ae904726ba1e9284fd5d
SHA256ae910cd83e214942b7c87a495b27fc8c994a3cf72b39921c152b8048d36b2516
SHA5120eeb8f5410d7ae3686f96e6b15be67590323373de6aa165d496edada248d055f35af85e2ac55a00e03aaa5b8fed622eace57602119cc5aafcafac037a625d1ae
-
Filesize
8KB
MD501744234a9d0405683af6025a9485701
SHA169c170d691369771e729c2f321da97796a84d259
SHA2563e92f3847513f131b4e4b70772078567e27b40d68fa0342d238fc89c6fe5892e
SHA5121235b0d93116e7d6cb6b42718427732d4e7db03f5d51d45ca723412adec2fa91d5311026fc94156b791c4f223fb4346486a24f02d2be7b616e5420475871c2fb
-
Filesize
16KB
MD52449f35332550f85cfbff0a561853e39
SHA1b6cc4bb98853cb404242623113e0160206431228
SHA25605c2087978cee336f2df47c5d96afc61461c8d4d3b567fd9d413a55a2004f502
SHA5127097819d6b3ce096ed394760f94fb89fbc9ea63a272521cb75ab450e05293bd16e5001867b024476ddfb5a489c15135fa7afb2273611958392f88c5f66f7ca3c
-
Filesize
12KB
MD516ba9e35feadc0479fe757aff9949183
SHA1d4c9196f52206f694b955bd7195448276d8227e9
SHA2561778706a5e85ae40c6e7e380471646de12a665bce2f5eef001989f1fc23a0f21
SHA51211a134d3cc17466e9b7d748d1fe7172687f054217e825a95675b6a0d209901ec65e50f5f5fd9e7c4412f38a4536710031f592e484e2e5552665e1dbf02442cec
-
Filesize
176KB
MD586f30d5f6d045b720b01147ff7be35f3
SHA18b661d23126e466d5b82824935c0e57640f80de7
SHA256c6a0b458f91e6866d32f64635ee4c094b43889719985ce25642ad894dfc2e5b2
SHA5126448aaf1e0848627cdea2f5a78b4e74581452bbbbcf74b0a568606454bdb6d8da40ef183f8b62f9eafe1e797537819111f3927139db0da2f9ceedb96d0379e52
-
Filesize
176KB
MD5df8dcc141ef5d1ed3ef1e73737307f7f
SHA1d3c06752da5a0fd449e07f113ae04c0d0e43098a
SHA2568b7e5bbbd6722ff538dfcd07ebd594316fbfec56a84797bdcc4cc3bc0e27cbc4
SHA5120666e097d8a0440f565781788057eec6ab328446d542a748c5929186a4e1e81db7bd1aedfc609967df3db0125f5a1bcb1cd919eff087fdcd11eeb409b8380a1e
-
Filesize
1KB
MD5065e3b07d5554565b26b68a07869a59e
SHA12eb54c4f2348ab5ca715e5c5b3fd79c555a6b5d5
SHA2564711bb06d297973d97c48f921f6b2fa4320e0cf659ef21b62af8334d0fe264f2
SHA512785bb722a2fd1450eb97829c7939db85ce0d3e32139555daface68dfa9f46b0c8ac584db4d7507ac4fee372629566db43775421d810bed95a77411c86790f95a
-
Filesize
1KB
MD57416e2a2a23fd659716cffa628f28ecf
SHA1f1ecca5e6312fca93aa5961e1cc82516c6ba60ca
SHA256616649e520ddec35d3fcbbdb6e12473bed907ddae8c772c784c3259ba2320fe7
SHA5122e2b241b21b392de64b1d17a88d685ef9c405faf460742fb057f0734f0535afe69a60bc543ee3ab6be8c1dfd8525a52c0f1c88a2ae6bb06c748fd199f0ce8602
-
Filesize
1KB
MD5178d3d82250cf55345c8064f377687bc
SHA134b33f279b0c1e5d98c45e6018b6b48d3560375f
SHA25698db99fa6545da9cc503b2eb8343a0bb5f53a995fb184fba2f28ecd8a3768a14
SHA512c1b784daf755d2477187829dc47e1b617d447f2e1e6ccd156fbebd2095006b5614c51c7a7525557b5f445b41bac91ffb3dc47b91ae81ecd24588220e6aeab7c3
-
Filesize
9.0MB
MD5e5d7a0987faae3a20afba99f321de9c6
SHA10d76ea3654aae2331112816bb4c969415010bcdb
SHA256e704e8a145c71b864ac8b533a32af09752a3831906fcf9a7762b71210181e269
SHA5129e659f697afff4849356bc87c0922bcfcbf5621c070eea2d68ed41793b614b199ca6b186c9185d9126bbbd671d153b5f738457fc4e25d77e1318e447db97b50b
-
Filesize
9.0MB
MD52ae00bc37cd6089efcacb98ac53bfbb6
SHA1c9bdc0c0a96442a46f645914040f4b2fecececc4
SHA256e760f88211898d953451f281ebd2e3f0424b8da90d43621414f7445be6e80734
SHA512b5fc03213830b8a6e50cf2830276070005950076635cd6b7a12671c7aee261594c306cd7e56b38b70a8077f74b687bfd965d84ae62a53b59e9f77e127ff7d09b
-
Filesize
4KB
MD58af969945df3c87ffa3d7b7e6fa58a0a
SHA1a4a05862d65f2d410506784eeb033239c3ae70bc
SHA2562ba4ab2dc757323a9ea3c02fab35c48d0d9f03bf09bc4f5ce10d0fe0c6d2b95b
SHA512dfe0dff4d9ca5708f4ee7f084efc23af287e408d956503b164e42496eacf363fe4298a02ae10f459d3e8f12bdb6a58ba79b3711ee0eaddc51898ccbc43b2e17b
-
Filesize
8KB
MD581c96a08b250633cdbc5d14ec298d942
SHA10201797810faf18afbf9a961ce05ddd5b256fec7
SHA2565ebe391c6ecffa02c84c795b285119dcbb5f7e7200f599433f26319cec5bd9f0
SHA51290eae38a8c426d9a4a7a09b76aad050318c14f8eba2211ed12bf5a066a2d176720c4b3f1a3f3ee62762d57e2dc0ef71bcd0f09780e3b3142020da20286224c7e
-
Filesize
4KB
MD5336b472e992c94a4d13d2cd10af390b6
SHA1185d36c526c95ce11ca5c08a7f7ae232e47839b6
SHA25618134c9b16b753e0d07cd9c09c3105fc51f480748a37b41c26cc9e825d8d71b7
SHA512258b1c152197b21e372a4783bbc6b029768a1e925628d83299a30218afb036ba6a3c5d83a54239b7988868102a735c75e72f98ce433b3583f3057d5550a153ea
-
/data/data/de.blitzer/files/.com.google.firebase.crashlytics.files.v2:de.blitzer/com.crashlytics.settings.json
Filesize706B
MD5b99f37f66ea8cba7c54373c50b3cb33a
SHA15f0c2d60ee1f5ab9fd7f9cba77ce0fac8acfa728
SHA2565db82a9a6f97279a843e66fbca67c7f6214b5e65520ecf23c0aa2d55d19ab45f
SHA512df83fb5c41f76bebd369ddc7aaf77db76361d733cff71c5653cc587c205fe0fa0712f707f91f295cd83b4a3dab04d80e4f949150edf9e63bb77e7a0aa87d358b
-
/data/data/de.blitzer/files/.com.google.firebase.crashlytics.files.v2:de.blitzer/open-sessions/672395BB02AE000110F40A4093D47CC9/report
Filesize787B
MD569c2bfe055d7a04ec941b5f78b2971a4
SHA1dc1d0ced97fc61b127805293b68dc3a5d15a9f37
SHA256347b64f0afc9b3406ffc0a7a90af4c60bd0f3856f1998d58597557ae3c93f235
SHA512e7cce88eeb9e10ed5c45a02a191fbf8b11e887640fe0326c0a95483677ee5a332ebb8576e543f8167289b10708276d7a2af6996107eb4ed95c484f173f5fa36e
-
Filesize
90B
MD5ba2c1ab49a91cfa14edae50cb6da9f8c
SHA18948e3152e2acbcb930ad2455afd40ad0d640ac4
SHA256eed03e1df130286f3e68b91250e966a24cc4d2434156098fe3f0e1dc98be7e96
SHA512b9470ca9c2cff9ff77d0ffa0009fdf47668598aebb44d58642e7e495624d5ffd013f827ee98380fa841cc36fbe97e04dc0ef73f5914a816e76c4e5ebd5d0b610
-
Filesize
569B
MD53ae0c350c44252eee5ff09f7200331d4
SHA155891017b4dff5bd0f383cd76886f2409a488106
SHA256710bebe5e2e99c3fbce9c4352298741a851490c5ddd2f0f42319f5a73dda4844
SHA512e9d6c1ace49f2876eab177d990737aa757d7c9c8d8532e986e853cb023fa0bc1b1e05d47319801faafb0155693641a7a34afefb954d2d39f9995cfdede74a298
-
Filesize
5KB
MD5802d08a7bc5130ad3bcec04484e2c993
SHA14db72265e737ccec2e440c2a3f7b5a5b5a286a35
SHA256a6c8d6068eb5f9288af8b0b64ca935522486c67955bf575631c85583346a42ed
SHA512d67ce7c5ad3a1f8076288d212e2e9dfd51d27d36b43d6d723e43ea8c73b45105dfa5bcb80a3df55237f8a07b1286247764ca03b71310ae082dc091f214ce6f8c
-
Filesize
33B
MD535b51faac8b5af3886e70bb5a885dab1
SHA1e6cb282da46cd4bf113e25c8573268578dcd11b6
SHA256af5b3362ec35985974c6b73eeba53e5063861f2491252d61d8cd42168aa5ed6b
SHA5126ad5e9766cc03a4436e1440b9e47c44da6c6440a3c94b1cc988f8c5680043cde6f7b7e02b2b4c71b25df4209c39ed099fb65fdde02a9f09464609a1abe6af8fa
-
Filesize
75B
MD5944e6a5a08cb971370c65c06061f0ab4
SHA184d47725cc29bf167b782c702575bce4bf2ecc5b
SHA256ba8f4af0e35f93cc15649f4c51969f5279421fc12deeafaddec5e5c48aa58dab
SHA512bdc404233927a6a99160492d0b3e2cf00776d51b33612b8c9ecba395747b3572cf1790269fb199915aafe84c546d30e3259833c9d00af8c412823396882ca783
-
Filesize
121B
MD5ffcbf87665a36fc21782400bd0537e79
SHA13dbfbdbfdcde953317b089f9a9fa0bbe50c698ee
SHA256a21d3bf2cca0951e9e7b3fed43cafe9f89a4cf9d844c82279b260852d0ee473d
SHA5127f98ac150c422eb4f1126d86501d0435817ceaa7eb5549e4d21a295d57be3d3fed4388cda782c084130c4ac8d57a4f225139a2e42e8a12b34cc1679140d16b57
-
Filesize
163B
MD5dcf7d6c1cfd5e7b56074e3001577c78b
SHA1b8eba89aee9f6688ecda6675ef8ff4998da0b141
SHA256ba0830617929c78abca9391c2059f89c78049911f502ef5525d39341e4da2b91
SHA51242d75be824d69de23d2e8605d60c3608db20ed5c059f5b67c63ca2845484c67150aea88a3aae36aae12a4ea266fb6b469d09f765bbcd444350d836ab83f7695d
-
Filesize
212B
MD58ba7e53fbeb261ef646bbb4df1d779af
SHA17a2577722a913752160c276ca773d6a5d4abaa70
SHA256314d47f455360e9dbc2fec0025a79c5a14d0fec232d617552d6b87f65a4ba256
SHA512c5ae8ca2033c2100d08edf0bcddebbdc4bdde14bce68ddd4c9da9cea76b15aa698c19a3c972b381af8f76139775bfccea9141f968719c53f3d52a85aa65dd250
-
Filesize
505B
MD50648f941c4db67b4a67dbafe6de871e0
SHA1db387eb914e692d210635d8a8f486cde21a70573
SHA25682f6221e8fcc30a1b9287661f6b9b70e1cd6ec5ec1584b1b8f0a9e911cf31167
SHA512bd806f42d92f562500a3ef8356bc1cbe50fdf5e9425a18412d50c7b25398cc2d7ef0c00ca6ba9542c2adfdd10d307a208ce1fa3a712ef450af9861dc27632319