b803d3ca77088f4eb559653680c4513503e34bd63c8582108819c020f2027b29

Analysis

max time kernel
146s
max time network
155s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
10-11-2024 22:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b803d3ca77088f4eb559653680c4513503e34bd63c8582108819c020f2027b29.apk
Size

2.4MB
MD5

585a6762bef1722fab754a49dc932f1f
SHA1

fe6fdc95304b744a7c7c4746c02c29a5f3e35828
SHA256

b803d3ca77088f4eb559653680c4513503e34bd63c8582108819c020f2027b29
SHA512

652ca106a9b30162478104b8fdd51415a61f3d09ba6e7db00c050feabcc28b617c3d56f785d643ca0cccd5b317ba06749797814d5a2401b610902c390dfc2d66
SSDEEP

49152:ja1aa7f51DlgVAYApeDPtf1vN5r/qfvR27gagjJJmcYtdRWk0d/v:E1DlghsKx1vTr/qfvR+UuvS

Score

8^/10

banker discovery evasion persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4763	cmf0.c3b5bm90zq.patch

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	cmf0.c3b5bm90zq.patch

cmf0.c3b5bm90zq.patch
1⤵
- Removes its main activity from the application launcher
- Makes use of the framework's foreground persistence service
PID:4763

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads