Analysis
-
max time kernel
24s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
09-11-2024 23:11
Static task
static1
Behavioral task
behavioral1
Sample
cb0c4fc65c556ea4fd9bd9330c1714eb904a1c21acc9badafd85a41831a8beea.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
cb0c4fc65c556ea4fd9bd9330c1714eb904a1c21acc9badafd85a41831a8beea.apk
Resource
android-33-x64-arm64-20240910-en
General
-
Target
cb0c4fc65c556ea4fd9bd9330c1714eb904a1c21acc9badafd85a41831a8beea.apk
-
Size
4.5MB
-
MD5
0844a9d8af8bc9495bae88a1fd21aa24
-
SHA1
702d51ecb2efc0cb6d7224842a2f695f175c7621
-
SHA256
cb0c4fc65c556ea4fd9bd9330c1714eb904a1c21acc9badafd85a41831a8beea
-
SHA512
630164a8891eb8bbe984a957a170e2811681b582686b2640a274ca577efe0ae72fdff3262eba00f0f14dc8cc6e6e33d674c823d8f9ce301b5c587520307c3f07
-
SSDEEP
98304:f/u6A9J3ff8D37r7wHgK1rNTPBEyhfkvB4/IcG+Sp4q5VuN:f/udff/3d/jfEj+8c
Malware Config
Signatures
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
com.yonoservice.registrationdescription ioc process Framework service call android.app.IActivityManager.setServiceForeground com.yonoservice.registration -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.yonoservice.registrationdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.yonoservice.registration -
Checks the presence of a debugger
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.yonoservice.registrationdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.yonoservice.registration -
Checks CPU information 2 TTPs 1 IoCs
Processes:
com.yonoservice.registrationdescription ioc process File opened for read /proc/cpuinfo com.yonoservice.registration -
Checks memory information 2 TTPs 1 IoCs
Processes:
com.yonoservice.registrationdescription ioc process File opened for read /proc/meminfo com.yonoservice.registration
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
24B
MD57024e015187523109f5a7cfbf3ce0758
SHA1fb152905d98e9b5759d3f39270871c8871d5407b
SHA256750a1238536538ea99ab412a2ef8fb9a0a508f1cdcf514c89d6f1a004a194dd1
SHA51282d694ca55eed10c212e09fd1116e6d32bc28e958a8bdd41aac75a977cbae0f80edad7d1a99bd850d729146ad115abb7e76b53129089ae310b0000502c88a793