Overview

overview

10

Static

static

10

e9515238f0...a9.apk

android-9-x86

7

e9515238f0...a9.apk

android-10-x64

7

e9515238f0...a9.apk

android-11-x64

7

Resubmissions

14-11-2024 13:54

241114-q7t9qazfrb 10

12-11-2024 22:07

241112-113bvs1nhs 10

Analysis

  • max time kernel
    101s
  • max time network
    151s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    12-11-2024 22:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e9515238f096e249a73b7cce538cc54dd890f71dfb972e9b830fafa4b52051a9.apk

  • Size

    3.4MB

  • MD5

    36794af87e599f3598490a24fb772b91

  • SHA1

    8eb5e5e5092b5abb8d1f3c04c3baf5ab0321a890

  • SHA256

    e9515238f096e249a73b7cce538cc54dd890f71dfb972e9b830fafa4b52051a9

  • SHA512

    a2fc5e2cf2990f1d416129b356c37db7dc60e07ce5c74c2d54dd17b9fd66d34bcca8d7ad86c11082501c54b1702cd980106b7ce112c83c0348333a669424ef8e

  • SSDEEP

    98304:PPPWl9BImOCp+CoR9b+0sGC9Pc89Sk5rY03Ldraaj:HPWl9BnO0+59iFx9Pf9Sk577deaj

Score
7/10
collectioncredential_accessdiscoveryevasionpersistence

Malware Config

Signatures

  • Checks known Qemu pipes. 1 TTPs 12 IoCs

    Checks for known pipes used by the Android emulator to communicate with the host.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 5 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries information about running processes on the device 1 TTPs 6 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Acquires the wake lock 4 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 4 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Checks CPU information 2 TTPs 5 IoCs

Processes

  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Queries information about running processes on the device
    PID:4210
    • /system/bin/cat /proc/cpuinfo
      2⤵
      • Checks CPU information
      PID:4238
  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Makes use of the framework's Accessibility service
    • Queries information about running processes on the device
    PID:4322
    • /system/bin/cat /proc/cpuinfo
      2⤵
      • Checks CPU information
      PID:4383
  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Makes use of the framework's Accessibility service
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    PID:4409
    • /system/bin/cat /proc/cpuinfo
      2⤵
      • Checks CPU information
      PID:4443
  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Makes use of the framework's Accessibility service
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    PID:4471
    • /system/bin/cat /proc/cpuinfo
      2⤵
      • Checks CPU information
      PID:4501
  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Makes use of the framework's Accessibility service
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    PID:4540
  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Makes use of the framework's Accessibility service
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    PID:4655
    • /system/bin/cat /proc/cpuinfo
      2⤵
      • Checks CPU information
      PID:4691

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.example.mysoul/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.example.mysoul/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    c90fa26af4f090639ee066836a50ca49

    SHA1

    2f450c899eda32e4f17d8fb318d26becfbc75a0e

    SHA256

    32b00e876d1a75663f1e3d6b1bd53f496a8459e038b63ce209e9e0e3a916e997

    SHA512

    8ad839176abe2c3d08e80b9f966e37180445084d097bce03ecb6eb7c8e8092cd207542a816d48228680f0d6b846713adc949cdb975853a8d830472a35465fc8a

    Download Submit

  • /data/data/com.example.mysoul/no_backup/androidx.work.workdb-shm
    Filesize

    108KB

    MD5

    9fffbb02a9717b15e514a253faa6b72c

    SHA1

    396b39ca655762d761452e0b4e35f33a041e5bc7

    SHA256

    acc5bef9771afb8ca50d65f42977ba7c6664c75c2835dc3092a47baf0a4b46fc

    SHA512

    313bd921e1303c578fd86a7b4512272da52fbd9870442a5da4307ff35d633819ef253fa814b18e124a33716d881eb57275c3b51930acaa84eef209eb23a2f928

    Download Submit

  • /data/data/com.example.mysoul/no_backup/androidx.work.workdb-wal
    Filesize

    28KB

    MD5

    10c52c6d23727d9ee42f1dc782dd8bc5

    SHA1

    4fad71518aee6ca6c2a96de12f3930d6f43bf87d

    SHA256

    fbbcc3978597bdf0b7626c21881bd2f7a280954c33e87315dfff2dc6b919ba0c

    SHA512

    5560a85fc9b268e125c225602b24e66a9e7395807e88b7aedba1813ad3db508ad0f59f454937af4405af937b783b4f15e53523cbf21ca44455279bf5953f39da

    Download Submit