Analysis
-
max time kernel
26s -
max time network
132s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
07-11-2024 22:00
Static task
static1
Behavioral task
behavioral1
Sample
6bfa4ec31eded318330f12abe8d1675c192264124bc0ed5a475eefe8f2b0ef79.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
6bfa4ec31eded318330f12abe8d1675c192264124bc0ed5a475eefe8f2b0ef79.apk
Resource
android-33-x64-arm64-20240624-en
General
-
Target
6bfa4ec31eded318330f12abe8d1675c192264124bc0ed5a475eefe8f2b0ef79.apk
-
Size
3.7MB
-
MD5
8d0159701bccd4c63c2098fc05955a4e
-
SHA1
5de396a555d415c833b575a83e51cbd9d21edfab
-
SHA256
6bfa4ec31eded318330f12abe8d1675c192264124bc0ed5a475eefe8f2b0ef79
-
SHA512
671fa73ccab12e6f5ff415d5ac1b66611c9de50ed171d98a7835a0f1facf8b352d271acbfdd367d26ae7dde495f950b27a8f0e52730aa3429fdad712559326a6
-
SSDEEP
49152:193mKOlV3Rk2ewTnI9cV1zhr2gpLUOC6pW09a1e9XvIeOcgFcypMl+qPBOr7/zNH:ubRx9Tnn7r2gpLUj6Np9XEDXz1w2
Malware Config
Signatures
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
com.yonoservice.registrationdescription ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.yonoservice.registration -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.yonoservice.registrationdescription ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.yonoservice.registration -
Checks the presence of a debugger
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.yonoservice.registrationdescription ioc Process Framework service call android.app.IActivityManager.registerReceiver com.yonoservice.registration -
Checks CPU information 2 TTPs 1 IoCs
Processes:
com.yonoservice.registrationdescription ioc Process File opened for read /proc/cpuinfo com.yonoservice.registration -
Checks memory information 2 TTPs 1 IoCs
Processes:
com.yonoservice.registrationdescription ioc Process File opened for read /proc/meminfo com.yonoservice.registration
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
24B
MD59c9b9b7aae53526f08bee1f21ed10785
SHA11b659ffd8dd1ab7810c280a8968a0382c7b51dd5
SHA256d69c2684c0a28bf279e1a5416cf7c4a85cb10ef6f0ca0f83c978e26c9aed7fe7
SHA51246a6654597c3b448853a4411f88d96e55bb55afbe8afaf880200149008a7e5b578ebc8509668e0c5b7b95d349803c4bee575ccb65c596de9370b857fff0014c9
-
Filesize
8B
MD5b55e223ac51313ad2edc8fbebde5b71e
SHA18cc57426c1726827d0fea89385fe6880875e969f
SHA256885c4bb43e2fa5e4402519ef950db1f9d357140042e40b3920fc6c7ba163dbd8
SHA5128c730de31e631bcd412eff882e476ff98b201070c3eeb3a2d6261823bc716cad273954d3e7d4738d77fb60d6f498517450a037c2b948dbcc2d6c18baace00bf1
-
Filesize
2KB
MD573f3fed449e037354c9bc19a2ee46738
SHA105ea0709c96b7a6297e950818fc2700222048b80
SHA2566d8bf79b46d067b649501ca93805c189b935cb28a47eb8ca23bb0f4585ce5698
SHA51247fcb246ae13c2189ad9d5fc551c24e1c61ca9bbd50d64281e77857e3169011925fb42be30d42152d3c0958db44a0cf4bcef4a7800fe8718791853a8970f1ec1