6499730a01703cad20711803829862f3d19ee7a3fedbe72fea2f319394b29627

Analysis

max time kernel
18s
max time network
152s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
03/11/2024, 22:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Identitas Kependudukan Digital.apk
Size

21.8MB
MD5

c7deaaa7fece968cc24461261302cf15
SHA1

4e6fb0d472c206304f534cea438a57970b050908
SHA256

6499730a01703cad20711803829862f3d19ee7a3fedbe72fea2f319394b29627
SHA512

d988f0fc9fa905c6c38c2248445190bdab31a48d074fb9ef3cf4efc4a26879e1a6ce6b1d7906f660d49884a20218569d9e26f9af1a49b04ad91628726de2ece7
SSDEEP

196608:UH9Tk1h3dBQlogWNJs1sgAXFNgI7a7YSu33Zu9yzhLrZOOZ3mJB4iyyVbUr8hCLV:qkFTss3FNgIuc9zhL9XZ30Fknx

Score

8^/10

banker collection discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	com.anydesk.adcontrol.ad1

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Reads the content of the SMS messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/	com.anydesk.adcontrol.ad1

Enumerates running processes
Discovers information about currently running processes on the system

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
25	raw.githubusercontent.com
26	raw.githubusercontent.com

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.anydesk.adcontrol.ad1:remote

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.anydesk.adcontrol.ad1

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.anydesk.adcontrol.ad1

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.anydesk.adcontrol.ad1

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.anydesk.adcontrol.ad1

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.anydesk.adcontrol.ad1

com.anydesk.adcontrol.ad1
1⤵
- Checks if the Android device is rooted.
- Reads the content of the SMS messages.
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4414

com.anydesk.adcontrol.ad1:remote
1⤵
- Makes use of the framework's foreground persistence service
PID:4697

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Protected User Data

T1636

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.anydesk.adcontrol.ad1/app_crashrecord/1004

Filesize
232B

MD5
b83b5b6641a39287b3e92072ba9ddfd0

SHA1
0334c44a4be3a63c6c4c0f4ac7c93b09a7e203da

SHA256
29297ae457a5f5bab17ebe3ead4d207631c546f5abdaceb74af670bea89ec38d

SHA512
0c62e6e457b039a8219b3a09454fd9a1d5ca12bb9e3187d118e6ac67ca330abf8a53eb0f8822ce4b3d61c607d26a596b5abded15c9f424b3b9e84a0e9e288427

Download Submit
/data/data/com.anydesk.adcontrol.ad1/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.anydesk.adcontrol.ad1/databases/bugly_db_

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.anydesk.adcontrol.ad1/databases/bugly_db_-journal

Filesize
512B

MD5
ee9c1eebc5ba5915e702404547dea5b9

SHA1
858cd7edab04079db471da69c361bb8f6087cc77

SHA256
5f172137599adc5f287bac50ce092e5a2bcb5e5c94b5baa1c7f6bfccb741bf9c

SHA512
3a0e49ebe7ba6735a5a958ff87dec265cc09410c9d0a6ebe7b2361eae38cea258af71579602af417f70ee984913e54c2c45c59875534ba8659966cbed1d0b275

Download Submit
/data/data/com.anydesk.adcontrol.ad1/databases/bugly_db_-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.anydesk.adcontrol.ad1/databases/bugly_db_-wal

Filesize
88KB

MD5
11dcce0bfbced2617e8360b45c6b3521

SHA1
53ece8a3c3313a285674df97a97983b2aabfc3e4

SHA256
b095f20960959b5377a6d6687612b8b75287d44eb9912976c6703d2dd04aaa3b

SHA512
e9c9a4d71d08a8c8bbb2c2584a6a796def4f9de7822f19b9a048b6fcde2c65001312e7bff42d2968b0cc2a6977bde830f92137467709e115692cf1ecab3f945c

Download Submit
/data/data/com.anydesk.adcontrol.ad1/files/bugly_last_us_up_tm

Filesize
13B

MD5
eb1279b88369ea4caa4c2d0e5775c33c

SHA1
fbca8b603b9315675120f85e65930e0008e711b0

SHA256
bee6135ca07734d5e060a34366593df12aa51ed150d1dbdabb37835cf3201dd7

SHA512
f30f8f75ef8c62a77590df05c4c6289c4688fa3b8efcfc57270cf771150cc8e955e5501ddc6d518a5f208e4975c20e7c2b088259ddbcfa9aa81a09a4f5815f76

Download Submit
/data/data/com.anydesk.adcontrol.ad1/files/mmkv/mmkv.default

Filesize
4KB

MD5
620f0b67a91f7f74151bc5be745b7110

SHA1
1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

SHA256
ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

SHA512
2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

Download Submit
/storage/emulated/0/Android/data/com.anydesk.adcontrol.ad1/files/log_data.idx

Filesize
96B

MD5
b818debb378b6cf17eeea2c99d05155c

SHA1
50e2d07c1e5c1757e3914e74aa94c67f2742e5d0

SHA256
e103c17b121d191d582f2fac8d3261d57a3dae799033671986af1942920665c7

SHA512
592f327d97a1c7f5285f1a01ba114956ae7a2f11623e65fd99afc4427a1a77c999ddfc9f888ee54576c342c04c07c678a01f4cf42d221f1038fb552c20778efc

Download Submit
/storage/emulated/0/Android/data/com.anydesk.adcontrol.ad1/files/log_data_000

Filesize
5KB

MD5
dc42178a5ad8758616d32e851fd026d2

SHA1
84d91da6d8e44087ad25b92082529fcaea4e7686

SHA256
19146b67708268f1260460de3c46a2c54158a30a6deb652abd1c268ae0650d27

SHA512
4086ea7cac832390e5de8ff099d5943243db7b31efc26b4c66c93e2660fbb0e5be08e00ed53e08d772412f672445ca03fdcbb86f7f475a7842681993ec48efee

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads