Analysis
-
max time kernel
21s -
max time network
152s -
platform
android-9_x86 -
resource
android-x86-arm-20240910-en -
resource tags
arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system -
submitted
09-11-2024 23:10
Static task
static1
Behavioral task
behavioral1
Sample
acabb6b9cdd2549dae64f7cc9f0e4a402fdaf505958c11bec721eb2f0c3e3ac0.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
acabb6b9cdd2549dae64f7cc9f0e4a402fdaf505958c11bec721eb2f0c3e3ac0.apk
Resource
android-33-x64-arm64-20240910-en
General
-
Target
acabb6b9cdd2549dae64f7cc9f0e4a402fdaf505958c11bec721eb2f0c3e3ac0.apk
-
Size
3.7MB
-
MD5
cae1387f541b5192eb0e1b270337dc2a
-
SHA1
a686b9c9975ebf751c7e8766c3bdc1b87ba361b8
-
SHA256
acabb6b9cdd2549dae64f7cc9f0e4a402fdaf505958c11bec721eb2f0c3e3ac0
-
SHA512
0ddfed868c70dd2a221b932545dd2df3dfd485999f8e7c3b7a676847183161dfc31a08fe68b25fa1b9fe07dc8bc547b4b9e9c61d1489184dac2e9f5d144a6ec8
-
SSDEEP
49152:193mKOlV3Rk2ewTnI9cV1zhr2gpLUOC6pW09a1e9XvIeOcQcySYSWhyYl/BMr7/t:ubRx9Tnn7r2gpLUj6Np9XzXTXz19V
Malware Config
Signatures
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
com.yonoservice.registrationdescription ioc process Framework service call android.app.IActivityManager.setServiceForeground com.yonoservice.registration -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.yonoservice.registrationdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.yonoservice.registration -
Checks the presence of a debugger
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.yonoservice.registrationdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.yonoservice.registration -
Checks CPU information 2 TTPs 1 IoCs
Processes:
com.yonoservice.registrationdescription ioc process File opened for read /proc/cpuinfo com.yonoservice.registration -
Checks memory information 2 TTPs 1 IoCs
Processes:
com.yonoservice.registrationdescription ioc process File opened for read /proc/meminfo com.yonoservice.registration
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
24B
MD545f3da5f8e9fa17c461b5962dad1d31d
SHA1ea0565b3ac43fd0b3077888fe2d9286612fe3582
SHA256dc93d0d927d19d858004cd013a56f0f797f4e9a44cee2fb71b4322ce617cc84a
SHA512e79cefc2db926db8321a13770fc07c1dc6be5d11cf3785659c7b36457c3bdd6ef44013b9f36d0224e8005155dd6c47ba64291e65a303f68cd733543a780fe941
-
Filesize
8B
MD5c7c81fe1c160df9c011a1d2f952ac373
SHA158c49b2cb85074fa6089637fcfdab1aad909c8ae
SHA256b2743b7537dd656ffd2044727ddc213e5a930ad2674aaa91d5dac3b0350468e4
SHA5122399dac9d5ef158087967342488b34a583f235a4468c8e843626baf143f27b77a8e830f0f2dc79c013531ef9281ec7fd97ef252203afdbf63969503bc904a7de
-
Filesize
2KB
MD573f3fed449e037354c9bc19a2ee46738
SHA105ea0709c96b7a6297e950818fc2700222048b80
SHA2566d8bf79b46d067b649501ca93805c189b935cb28a47eb8ca23bb0f4585ce5698
SHA51247fcb246ae13c2189ad9d5fc551c24e1c61ca9bbd50d64281e77857e3169011925fb42be30d42152d3c0958db44a0cf4bcef4a7800fe8718791853a8970f1ec1