4928c563dc610a7c968f697e4ebcda9a441d94a4abd5013c38dfa8e8b62cc4f5

Analysis

max time kernel
124s
max time network
145s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
14-11-2024 11:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Alertswiss_bind_sign.apk
Size

88.7MB
MD5

0e6b33ba825b5e5ce5e2caa03727cd1f
SHA1

0c2574193c88c35bfa70203f5bdcb73989683b94
SHA256

4928c563dc610a7c968f697e4ebcda9a441d94a4abd5013c38dfa8e8b62cc4f5
SHA512

d0f61b8f2f2b61cdf29026320d403ef96b6947dd6941d1d4b95885740880131215abd9bd19ea8b9a451b719ec3eb725afdd1e9fcfee2c3a9623da7975ec00441
SSDEEP

1572864:Ay/UiFkHpKS01NL4iasXbSyaYdtUvkXQ1eYJnrHAFbPlPv5hA+1:Ay/UiFD1No3lLAVPlPR

Score

8^/10

discovery evasion

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	ch.admin.babs.alertswiss
/system/xbin/su	ch.admin.babs.alertswiss

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ch.admin.babs.alertswiss

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	ch.admin.babs.alertswiss

Checks the presence of a debugger
evasion

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	ch.admin.babs.alertswiss

ch.admin.babs.alertswiss
1⤵
- Checks if the Android device is rooted.
- Acquires the wake lock
- Queries information about active data network
- Checks memory information
PID:4240

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ch.admin.babs.alertswiss/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/ch.admin.babs.alertswiss/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
9f9fabcb573cd9decc8bb1f46ba027e5

SHA1
b3263c4a47b4086f478c4b19847eca44534e912f

SHA256
a05f46326b999a37527921204d4168289d8a965ac324d50800038e74d5c0e2cb

SHA512
15f479ca11b59beb83c14933208b0f92882d5b16443a63e80419eaa52b38bea644060686485e2374376d26d3696368cfd6d75066aca6172b5e90665fe59cdc13

Download Submit
/data/data/ch.admin.babs.alertswiss/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/ch.admin.babs.alertswiss/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
d55223ffebf0e423ccf6854e73eec535

SHA1
043a94a07d3594e9c208809e3f142ca69db35ea5

SHA256
ba8a7f4ba29be4cb407ecdfd3d9f6533d513b44a29213b53495d06f3fb72a904

SHA512
d828865d822cc717d115ce62bb55e5f8bda43251068b4123a7c8dd63e5c18643d14d9c619250626144f029683723e1f63154d3108192d152ae33ea2edf961947

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/com.crashlytics.settings.json

Filesize
720B

MD5
ee5d1bde183d8bc5c8adf06d0ea4c5fb

SHA1
d20e4ce243411d3e9a43986c9ae1a7eb70d70c08

SHA256
3e012b6b9f2aad1ffbc9558629cbc7e05dda63445d6ea32fcf8f1427e0c1ec5b

SHA512
851f468462ebc9c2a5531d5b94f4fd6400d6145528172052f6fa9b5bf3253353506f9feefd0b7fd7af257d5f91ae8f35e1e7dae403182d5fefe8bd0bc09d85f6

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/6735E05101C800011090FF99E8C59B1D/keys

Filesize
21B

MD5
49e64ef8012d9c9a06ac1f893a2f46b3

SHA1
52fe056b2e71b407952f54f7382d3fc99869da1a

SHA256
7d4be3b1f3e4391d3d5397b1083f639cb429360b9c43efad38fb03143d4f3e42

SHA512
f2f0fd7d38e49a4bb4d89a34768704e61ad5a383c82e539c9d8b79de2c70c63370602352ceae2acb20705337f043e1414348191dfc3603c72b723dcbf64c14eb

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/6735E05101C800011090FF99E8C59B1D/native/app.json

Filesize
227B

MD5
c8187961220b33333f665c924df0ea5b

SHA1
de6fd60acff09bdde5ad270d660f9ebeed27f609

SHA256
3ef1ab061040dc10f078a03b4a548057865180ac60ddf4e4ffac0c83594d953e

SHA512
ae0509127d0f4e09c588fcd82b79c98ff1adef7ba987a89fe0abc25ba15ac28bbedd853ad2d60132bc5e996d628fc0ebaef9371a194cff9f3b38cce4f6f4dc89

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/6735E05101C800011090FF99E8C59B1D/native/device.json

Filesize
193B

MD5
7da63ee7971f089ccedcdb4fb7bf0afa

SHA1
48dff61b1caeee036b7cb59bf6031034e6249263

SHA256
84a3bb12deb77d1f327204051d565064b402b591ed9ec76c452fec770a1fcb9d

SHA512
85a739087dcfdfb9ebc264e702b7bbe921446252596d1918f5c35d672fc3b43ee849865c383422dbd7cef377a6a9ffe76a6d512b8966af1794073f42d1ea21db

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/6735E05101C800011090FF99E8C59B1D/native/os.json

Filesize
54B

MD5
93023624eb8dff5c20050da136aaae0a

SHA1
acfd1ffed752c28fb135ba83c0c6345ddf2f6995

SHA256
968bcd7c4f1abed89a09cc0e6dadd238a81e8655e64196b39a86be49ceecd39c

SHA512
bb25dfa144d3f0e17203936c503c5fedec5f9ca710e177f99e273010ba4a682199d4bda5684151d65f3cb1549f4611b3a645ce39646d3db9a1b2c17d6b160579

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/6735E05101C800011090FF99E8C59B1D/native/session.json

Filesize
127B

MD5
68f586310cac936190d2b7b09e15b6cb

SHA1
2a032107abd3dba3e0fd5511253f3ec17c51af08

SHA256
8b54b8e6448e1ff61df91cd9c524127e388e41422ffa0219722921674049b6a8

SHA512
cc5e9fa12c3585ad1bb337121af3307a9c98550f90f4e8bbc6d6ee3f415470bdb4f68819ef06d3d31930561e9f255de1b17813448e1c160a7acdecf73c4886da

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/6735E05101C800011090FF99E8C59B1D/report

Filesize
753B

MD5
3ed9fc7d743147a68bd9f71601e45aad

SHA1
23b09425b859f402f247a28f3b2c47a813c5595d

SHA256
57bbfd3c38882cd6a09d061a9d45b20c29742fbc46f0e9a2caf8d4c1681e133f

SHA512
1f61c0fda025d74cf383dfc8d4e7672d3c7f86df472e2bd38ae9eb5d86f1fa6fd594f96eef8a2f67129828e7f96350fe8dc37f9b6a4f667e53f629f2ce19e5a4

Download Submit
/data/data/ch.admin.babs.alertswiss/files/PersistedInstallation5940880653721364368tmp

Filesize
561B

MD5
100729bca9f187671b4dedbbc9eda249

SHA1
79a7be02586a6addf0e8e38618658ddbe20d070c

SHA256
94e82a4ba8dc11f0507872fe3bcf3ea152361ecd783bad98e042e9917e395722

SHA512
40874388827bdac53172514d2647de9d6feba8ff76c131e83c2705dbe7548ba091668088e64f02039a963adb23b581e2e0455652d993cdacabf41e0bb6026130

Download Submit
/data/data/ch.admin.babs.alertswiss/files/PersistedInstallation6234797957243389664tmp

Filesize
90B

MD5
a362b6550412a24b962d201746ff4652

SHA1
78fc3bd8988c2ddccbf2cc0812add8b54795c0cd

SHA256
d20489dea55b70cef5a7ce5f4077c638a1c951656d81836232861a4cff026da1

SHA512
028ef7f74ae36882539b41adbabc158eac99c917e87d4cf3aff6b00703af1d5617fd5f52a3994457ce38df1e9ab39d692e921b7851f0f86fb62f3ba2ae901e6f

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite

Filesize
36KB

MD5
21484a4329ca67bc6faec2127adf0887

SHA1
20e1e2bb67c5fa25f40b56647f4d7f30d018c6b7

SHA256
ad119f2ee98e8cd407e4ec70cf544421f78e5420a78698944f3c8ee722fd1cb9

SHA512
978002ff432053c0a2dc24af7f32116ac7ac7baec8714f18238879629f0160a79ab3d680043f00ca21b57a67298e0c773606b48b629617c6480860aa54bf9692

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
512B

MD5
a09a9ce36cad54aa374a5e0260bbd55e

SHA1
b6c8b4a1b8b10edf92e82393881ff952e04d490b

SHA256
00ba229dae458cadd0c74dc3349f90802c235fd8e59517693517a4342704f480

SHA512
2018ead4084c4966cdadb4d5560a978ac5da9aa71cdb892f2760a2f2491998c90f9b355a3197bc337f47adce58590b49933b8300599bcf0d00622c773e6de814

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
8KB

MD5
391bbffd67575b88318cc891ea3f3ab8

SHA1
3f7b836189cddfd3874b85d64dd5fd7b09781a65

SHA256
95343b2f5fc63fab7c39039c3b131efda60429245abd5502ca8d413959e66850

SHA512
c27c7b67c466968a47b3af341744eface9d32fb50358fb80eb0f1d45f394e307f2e83717dbd56787548f032bfa24638ad9ecfa6439c3a1aa41b30c8ec522073f

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
4KB

MD5
74974ea36510dbe49dbb955432ae85e9

SHA1
b9e911df91d2e66ebc10f45745071e83058ad80b

SHA256
9b7385c2b71ba84d37cd68d168429f4412cbfa4173b893ed1b9534517e18d98c

SHA512
56489f78c1cef72b021568a02e900ee2bffaf32651a29af410088e2db5af0fb69943527c40af48c297a6c3ef5be08e6383527c2a3cc0ef593b37d3292dc1ff03

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
4KB

MD5
8740ef9bab21916aa8777c7d67a6d140

SHA1
49594a4ced5df6b7c7fbfefef814146a470b6ba2

SHA256
75ad99724758a65c6625ea867cffcda6378c9ba1a040f0ca428d0e8f52b45dd0

SHA512
2f6c6ed37bcc2e6406b9d866f644c2dbf945847b80dde69b5fc450cb8b333a7a8c55b3bfd5182663a5145200292956ef5bb4bc3344b3c1bb77215c28cd50bd27

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
8KB

MD5
b28e158b2f5834fcea21a9c1ba900de5

SHA1
1f27f2899107ec7dff932acaa79146fc921b0218

SHA256
d1ad69859c056ac97556328117532b2f2b5858b00a2d91dfd36ea9892c8db3d2

SHA512
3beca6f831a9200e01815bc6efc8a86a98071a16e04356f14aaf8126409d7f5ad705c7e4733fba918bcb3e291d72928aff104f37fcf88a3746c7df8a5d0f79d1

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
8KB

MD5
7c7b5a20e90ff99174b7f82bee9ed0f1

SHA1
ae3f501a2886e4ea51284c15c6284b02bf0ddae5

SHA256
1a16bb06f50aa14279d153164ae6b47b8b25d3b792abfc02d9f706f6364eebd0

SHA512
3bb4110eccb4a36e539ca00574518c8cbc4e732651b5ab0db3b192be3d963f3d4ee10c8b3f73ef81e7c53a416cb642872d34efa97eb6426445027a81536f2389

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/dataManager.db

Filesize
8KB

MD5
2185fc1696822582cf40677699db12ac

SHA1
37b27c7674e066e789b3e3e302ae2eaabfda755c

SHA256
73a4459cc764c98c4f03b1be47420f9d1f48ba9d8cfb39af633b53194432e7dd

SHA512
4c2249fb1b0bb52001c1ce8dd18889046ad21d6f9f2f6f690482b4afce3adae7253e1af0bec97cce8fa8e7c745a20eed2638916a502ec159aedd8ac0dbb4c732

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/dataManager.db-journal

Filesize
512B

MD5
220a130e56945b2f06c2dac1b3f80dfd

SHA1
577172289f220705c232342450cbfc1f31f19e5c

SHA256
e510868394cffec57df40e05bc22e04e61eabe63f31d98cdbac2b7846328edf1

SHA512
43d5c0b4d68d0d502c1ece461b2b0be20e08e3179e5e20d474fc984e70a3f6d37a429bdb3ab50535b4b167c1b4def62c4dc737e829f20bc5c9c8f21ccbdbfa3e

Download Submit
/data/data/ch.admin.babs.alertswiss/files/tmpDB

Filesize
292KB

MD5
2601b84c694dfaf0235f6bc903fa61d7

SHA1
f550223c50408a04eb723422af2b36b192537015

SHA256
64eac3d94357b1af560382adeaccd1255aa21283cdb49452dca1dd83a400c704

SHA512
c4b1b20bc2ef61da79cee35951607203e6ae069c900b15a07b670a42ba9dfd83342120915d07c6737f8d06db3a21865c068b0df7a62f13baba0dd5f2caf058fc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads