e9515238f096e249a73b7cce538cc54dd890f71dfb972e9b830fafa4b52051a9

Resubmissions

14-11-2024 13:54

241114-q7t9qazfrb 10

12-11-2024 22:07

241112-113bvs1nhs 10

Analysis

max time kernel
5s
max time network
151s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
12-11-2024 22:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e9515238f096e249a73b7cce538cc54dd890f71dfb972e9b830fafa4b52051a9.apk
Size

3.4MB
MD5

36794af87e599f3598490a24fb772b91
SHA1

8eb5e5e5092b5abb8d1f3c04c3baf5ab0321a890
SHA256

e9515238f096e249a73b7cce538cc54dd890f71dfb972e9b830fafa4b52051a9
SHA512

a2fc5e2cf2990f1d416129b356c37db7dc60e07ce5c74c2d54dd17b9fd66d34bcca8d7ad86c11082501c54b1702cd980106b7ce112c83c0348333a669424ef8e
SSDEEP

98304:PPPWl9BImOCp+CoR9b+0sGC9Pc89Sk5rY03Ldraaj:HPWl9BnO0+59iFx9Pf9Sk577deaj

Score

7^/10

discovery evasion

Malware Config

Signatures

Checks known Qemu pipes. 1 TTPs 2 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
evasion

System Checks
T1633.001

Processes:

com.example.mysoul

ioc process

/dev/socket/qemud com.example.mysoul
/dev/qemu_pipe com.example.mysoul
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

com.example.mysoul

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.example.mysoul

ioc	process
/dev/socket/qemud	com.example.mysoul
/dev/qemu_pipe	com.example.mysoul

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.example.mysoul

com.example.mysoul
1⤵
- Checks known Qemu pipes.
- Queries information about running processes on the device
PID:4637

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.example.mysoul/no_backup/androidx.work.workdb

Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/data/com.example.mysoul/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
575f393380d7ed99a5dc17a98845e1c1

SHA1
4965255715b1674df90b0cbf18fa940d89e6ab1c

SHA256
08495a410694254ad95ee03899da66502eb8469e8ae1378d4dc243cad70ed88c

SHA512
d9c93281baa3529a45209b3f8c9518978f0461e01c5e0d98ac929c96579579b9770bbbba4a5743b79d569a7e043d8646893dc0e96a832e27dcf4248367b9c1b6

Download Submit
/data/data/com.example.mysoul/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.example.mysoul/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
442fcc8b4414e35db5cd46269846c3c5

SHA1
f9fb4485dcf6f74a1390fd2f244c8799e89b4efb

SHA256
aa17b02d0e49ab06a336bed0c702733f5a6bd45b9d4d0bec757ded5f0f814937

SHA512
651154374b280a4cf6551ed993dc40d5bcdc0801c5e1c982b5b09b5727cf16ab9fcbf259660217b94c946d37c0cdca29b78e7a893f1ac223ecd8c970efeb0f06

Download Submit
/data/data/com.example.mysoul/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
83e792afdddbe48097753870e53ca846

SHA1
75e9a8e84d742c86b427ce6dc467ee1509d516ac

SHA256
f2ea1f6bd1c798ba9825e082f0ff5077314b30131beaca7f4d855aec686b99f6

SHA512
6aad6249341e654a89b76fb315bcff0681b5e6bafe7a85e9afd58251e273f2e58376390f982c69f523a8613efe753c7346cd43bc4140219768f0db28c07d4570

Download Submit