b2de1b8af126a6a25e33bdd4ed29721ac65d4972b337714e1517efc0bc4dc0c3

Analysis

max time kernel
146s
max time network
152s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
10-11-2024 22:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b2de1b8af126a6a25e33bdd4ed29721ac65d4972b337714e1517efc0bc4dc0c3.apk
Size

860KB
MD5

9bf2cf63c8e6873baa765aa1a76a8044
SHA1

4ae0fb72b739754c1bfe2705fd732baf48da2192
SHA256

b2de1b8af126a6a25e33bdd4ed29721ac65d4972b337714e1517efc0bc4dc0c3
SHA512

560cea7217a14c0579ace84ad022b30454b80d7e9e8cc9ae0827f981396bee4f1d34d0695219e0c2576ab7c8fb437c3614cbf6fbb81cb14adf5580e0b94c9941
SSDEEP

12288:8PSr0oa1a8Lrez7kEoSfbr39obsJ5WmpYshXZPbGwidNpg2A:8Ptoa1a2ez7drbysJ5WmD9idNpK

Score

7^/10

banker discovery evasion impact persistence privilege_escalation

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	cmf0.c3b5bm90zq.patch

Requests enabling of the accessibility settings. 1 IoCs

description	ioc	Process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	cmf0.c3b5bm90zq.patch

Tries to add a device administrator. 2 TTPs 1 IoCs

privilege_escalation impact

Device Administrator Permissions

T1626.001

Account Access Removal

T1640

description	ioc	Process
Intent action	android.app.action.ADD_DEVICE_ADMIN	cmf0.c3b5bm90zq.patch

cmf0.c3b5bm90zq.patch
1⤵
- Makes use of the framework's foreground persistence service
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
PID:4782

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Abuse Elevation Control Mechanism

T1626

Device Administrator Permissions

T1626.001

Defense Evasion

Foreground Persistence

T1541

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

T1640

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads