Overview

overview

10

Static

static

10

LATAM Airlines.apk

android-13-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    158s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240624-es
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-eslocale:es-esos:android-13-x64system
  • submitted
    13/11/2024, 03:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LATAM Airlines.apk

  • Size

    13.8MB

  • MD5

    8ada57d186ea5d659ad9af00db631b59

  • SHA1

    62e9b66f1b8846f4587e8e75f0e05f5abb63d5f9

  • SHA256

    0e0ce73acfe2c4fdead8fa8f25aa665fcd989884be0bb480cce24aca2a53dc0d

  • SHA512

    371228b0069dcc627c163b62b4a1e22414d3effce934aece9d92986601ec71c808cb02b34c98937552fa4ccafc06909b3059ea9f3183042325b9bafad53635cb

  • SSDEEP

    196608:E2yGZ4Fh2ZSBbCj7Retx+ZMgSuU7zxXsuyRwAAjd3aRhV8DBMeUsGJDURjNY2yYp:9yh70xMggzxX59aGlM7MRyR+y6

Score
7/10
bankercollectioncredential_accessdiscoveryevasionexecutionimpactpersistence

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries account information for other applications stored on the device 1 TTPs 4 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Queries information about running processes on the device 1 TTPs 4 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Reads the content of the SMS messages. 1 TTPs 1 IoCs
    collection
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 4 IoCs
    impact

Processes

  • com.gagniterni.gnoweniee
    1⤵
    • Makes use of the framework's Accessibility service
    • Queries account information for other applications stored on the device
    • Queries information about running processes on the device
    • Reads the content of the SMS messages.
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about active data network
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4363
  • com.gagniterni.gnoweniee:fore_temp
    1⤵
    • Queries account information for other applications stored on the device
    • Queries information about running processes on the device
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4481
  • com.gagniterni.gnoweniee:main
    1⤵
    • Queries account information for other applications stored on the device
    • Queries information about running processes on the device
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4447
  • com.gagniterni.gnoweniee:mr2_process
    1⤵
    • Queries account information for other applications stored on the device
    • Queries information about running processes on the device
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4488

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.gagniterni.gnoweniee/cache/image_manager_disk_cache/journal.tmp
    Filesize

    31B

    MD5

    8c92de9ce46d41a22f3b20f77404cc1d

    SHA1

    8671a6dca00edb72be47363a7071be65cf270373

    SHA256

    68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

    SHA512

    30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

    Download Submit

  • /data/data/com.gagniterni.gnoweniee/no_backup/androidx.work.workdb
    Filesize

    100KB

    MD5

    24a69ad4b63187d5a54e8bbd32a5985f

    SHA1

    9a6d9b83fe21ba7d154ed85dcd0e75b2dc41a29f

    SHA256

    1e8ea2f0781987922b6faa9401a24c55342d5271a603d1c77bde5e45407f3ad1

    SHA512

    bdd1668dd364f4dc392383cdf17585ba4e15b99253ad53f2ef3a77765d8213c3f2d27b9e3040fba7c08b1fc589006368523d6d549a1271952a2c0c0b98669067

    Download Submit

  • /data/data/com.gagniterni.gnoweniee/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.gagniterni.gnoweniee/no_backup/androidx.work.workdb-wal
    Filesize

    402KB

    MD5

    5079ad67cf24e40b3e6d67f8f864e61d

    SHA1

    53ae4ed9f46f388cba9be7f64b8bc32f7cbe7df0

    SHA256

    f6fe8f3264083b5c76ac120d59dd167df419a0c75eacae51673e27ae988b10ba

    SHA512

    5d05712b6b446016238b9dd1678fb853b3d7377c20473042779e618a0209bfbcf21abdbbccb17f37531b8e1377d6cdc81a362d6a6908fb6c80b2e7ef5f420cc4

    Download Submit