4928c563dc610a7c968f697e4ebcda9a441d94a4abd5013c38dfa8e8b62cc4f5

Analysis

max time kernel
125s
max time network
146s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
14-11-2024 11:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Alertswiss_bind_sign.apk
Size

88.7MB
MD5

0e6b33ba825b5e5ce5e2caa03727cd1f
SHA1

0c2574193c88c35bfa70203f5bdcb73989683b94
SHA256

4928c563dc610a7c968f697e4ebcda9a441d94a4abd5013c38dfa8e8b62cc4f5
SHA512

d0f61b8f2f2b61cdf29026320d403ef96b6947dd6941d1d4b95885740880131215abd9bd19ea8b9a451b719ec3eb725afdd1e9fcfee2c3a9623da7975ec00441
SSDEEP

1572864:Ay/UiFkHpKS01NL4iasXbSyaYdtUvkXQ1eYJnrHAFbPlPv5hA+1:Ay/UiFD1No3lLAVPlPR

Score

8^/10

discovery evasion

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/xbin/su	ch.admin.babs.alertswiss
/system/app/Superuser.apk	ch.admin.babs.alertswiss

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ch.admin.babs.alertswiss

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	ch.admin.babs.alertswiss

Checks the presence of a debugger
evasion

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	ch.admin.babs.alertswiss

ch.admin.babs.alertswiss
1⤵
- Checks if the Android device is rooted.
- Acquires the wake lock
- Queries information about active data network
- Checks memory information
PID:4320

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ch.admin.babs.alertswiss/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
c8bd960e6d0591af85be983730235920

SHA1
8c269af11eab9452c9df86bece4665279fcb978c

SHA256
276b169c78e6d5602fd62164e9906b6e8d88278fce206607f1d6df4062eff54c

SHA512
a54f56e5b70fed24e3c7426a0c84c73b2875d9de5f046046b8a0a6512dbd021f6b855b547bfba66bdee19485bd8df7d26a63e8d48ed8d8e708ebb2dfa7e1b3db

Download Submit
/data/data/ch.admin.babs.alertswiss/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
39355aaaf6c7ef4a92a4168d31f10051

SHA1
92e9eada1c361189bdea1914e1ffb0c8c618fe10

SHA256
284f1d6d69fe332688d9500cd4fa21d147e1c2718152c9f4547df0b7045c7c83

SHA512
8c35d953b9e8a86a730d43bc1f7b5b3f42d6128edf7f242ee2d5b50ebaa5bdd223a0fced377aeb7f1f0a96d0595998765be91949b20d1a19172a68025cb70334

Download Submit
/data/data/ch.admin.babs.alertswiss/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
d953c1bd3918ee1253e8d681f9303901

SHA1
00dd788d4410d47ae3086271932cb4635157991c

SHA256
531ac2b6742b0bc9e1c9d60b9d90ff55bf93bf2a9d391d44aa88cf7b74d8e976

SHA512
d0384acc9e01615b6a09ad69a1835c658f2b167518dce326581fb9f56fb86b336d73ad96d554fa1a5766af7f3028f72e5bea8279413526171326ba0366978f90

Download Submit
/data/data/ch.admin.babs.alertswiss/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
ae4059d931deb26897769861e72c478e

SHA1
1824911d81ab0207aa5828608375b9a778f89bf8

SHA256
b5e8df5b13c2ffd9b818e1bf247a25ecf36cc7a450dd10f3a70422182d6c83c7

SHA512
22ac87e5ebc552e80910bd7f0180722aaf799f23fc92f37ad1c9fbe4fac6057c0182e695223be3d238284f156afb1b24d0fb927c5c0c429c9d55a4251409a7bb

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/com.crashlytics.settings.json

Filesize
720B

MD5
22114ba0c11110ea1907826da3d3da0c

SHA1
b86ffaf15b7ed8ae7ecfabf0412ec32947c3ddbf

SHA256
a1b806e3ebde99fe0992eafa6528d10db995dbd464068ec35fb74c140713474e

SHA512
5be005df5e3411d353ce5b73f1fe702196f79465796ab4c7f4a355498858235b6595173d594770e7eda93dd373874bd7e772bfc090612cba29d2f7c5bbd7280d

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/6735E0530115000110E0EAE6C71ABC5A/keys

Filesize
21B

MD5
49e64ef8012d9c9a06ac1f893a2f46b3

SHA1
52fe056b2e71b407952f54f7382d3fc99869da1a

SHA256
7d4be3b1f3e4391d3d5397b1083f639cb429360b9c43efad38fb03143d4f3e42

SHA512
f2f0fd7d38e49a4bb4d89a34768704e61ad5a383c82e539c9d8b79de2c70c63370602352ceae2acb20705337f043e1414348191dfc3603c72b723dcbf64c14eb

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/6735E0530115000110E0EAE6C71ABC5A/native/app.json

Filesize
227B

MD5
12655503cd02132f251aace14e4092eb

SHA1
7eed2530d96fa1ae635a136ab1a7039c52e2a971

SHA256
00d04d7f2e0b7bc7f7f7a249c03a5f1200cb9605cd7347a5f141b96ae0974e9d

SHA512
cba9784d61dab5883baf802d3dd762a458bf10cfb9793b69286566af6377c78cf6519f612b7f1e8614599ab2eaa548096535c33181c1dea72e158aee33161adf

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/6735E0530115000110E0EAE6C71ABC5A/native/device.json

Filesize
193B

MD5
0c333f7d0e1d5476eef5a751d54181f1

SHA1
a07751346b823230e1ee4d1f6a966336648bda27

SHA256
a37e7edbf8dcc0e3cba6a2997ce4bd97031a5ac1a94cd6607396a87f9c1d93c3

SHA512
fb64fbe7cf08d0c25d03d26765c1b163c7509c8b8d39b19841eaa3c4809db44c2356de60bd5229d518793bfa1b4fbca0db6d6e873000757782a91a6eb3944978

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/6735E0530115000110E0EAE6C71ABC5A/native/os.json

Filesize
56B

MD5
87e2b9d6edc06545b88235933e703881

SHA1
b29448a47c87bfe3a59286e3cf4e02eb72581a7e

SHA256
77b886b74dd48e22effd172c38ee914ced97247f4516c319f09cb8c9ebce4c7a

SHA512
ccccd682e14a485c8c8d13ca0105d196d00fe02bed941d939154a199c14e741eac6522f378f509ed14a52efd38e479930ae223f6f317a35b0787d82e553db3a6

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/6735E0530115000110E0EAE6C71ABC5A/native/session.json

Filesize
127B

MD5
c8abcc09ef560d9bee17bba719e001c9

SHA1
2e5b0ca420d6eed666c4d13b3c4e40ada8ace203

SHA256
151515d9f7f18d34a38e1e6057c89eb3dd153350ae05ed49127aaa57d4761f54

SHA512
6b5be0a00b2995eb5994043dae00c9070ca2a746c524dc72fb757e87e058182ca3631a5e1f3e36f333081c09ee2c6959d2f911bc413ce2945d1edcd5716a76fe

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/6735E0530115000110E0EAE6C71ABC5A/report

Filesize
755B

MD5
46d36dd1f8a0560a36b4bc3483237e83

SHA1
397775bda55158cc5729805bd301687485f8011a

SHA256
cad83564829f9795a66da8487206a4b1624403c0295e0cf8178d1232a59aa654

SHA512
6a1f218c054df93b0b2067596b6e2d7580206b7252c599ea420897e9c2492a7cc860a01052a74ac9b65908761adb7dafec4321091d980e434ef9020fc0d62f45

Download Submit
/data/data/ch.admin.babs.alertswiss/files/PersistedInstallation5121857214672048246tmp

Filesize
560B

MD5
d9fea2b4cb8625f4c7efc26bf0d0bab1

SHA1
a286668a48eb56551d3d784e7a6f61d56963b7ab

SHA256
709163085eb38dd59d1d8de6fc02811652b5e781cfd796912a3418c76d3c89d9

SHA512
cb8e3027937090cf7ef8a9b0275c1569955b05df629d0750b38af41e5e7d7677a9973d21e85ce580006154b19dff8c4af3e60fb88cab4cce39b4b1c272e305d9

Download Submit
/data/data/ch.admin.babs.alertswiss/files/PersistedInstallation8206390859548586968tmp

Filesize
90B

MD5
d28c03c60b380e45a8f11511a6b24e89

SHA1
2ea124b9873606ab9ee3b58bc722cf40473f9ab1

SHA256
b74bbfaab855892f2918bb51458de064a0d5d23b63293107cc3107d5f885e4a4

SHA512
6faa478e1cfa6226b01795976f698684a9418eb9ed83c005abc2c4fe95eebb562bbb10fa991c13e04d517508dd2601e54446d5571d7e1ca17eb30aca2347bcf7

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite

Filesize
36KB

MD5
21484a4329ca67bc6faec2127adf0887

SHA1
20e1e2bb67c5fa25f40b56647f4d7f30d018c6b7

SHA256
ad119f2ee98e8cd407e4ec70cf544421f78e5420a78698944f3c8ee722fd1cb9

SHA512
978002ff432053c0a2dc24af7f32116ac7ac7baec8714f18238879629f0160a79ab3d680043f00ca21b57a67298e0c773606b48b629617c6480860aa54bf9692

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
512B

MD5
c948919b46fa6c6d49b27976e876512e

SHA1
e63c1450e90ee69222b9d71ed87573be7c8b5602

SHA256
4f62a4bb90db2cac6cc9faaa9665c212fb562245acc2173d8a1cdaa12a82d53a

SHA512
ba742756e7571099902ddd7f5980cc9acb6fc6298b73bf1ba0d6d672e21072b3b96d8b5439ba6520d29b4495d9a3fa07e3099b2220000497b6749790d5715b17

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
8KB

MD5
525ba84fb7586b9f8f2d382b6be071ca

SHA1
48072f0f7138c765af4ecc2ea1869f1fe38f1427

SHA256
1a1a091b63adf70beddbd653d70eaa2ce48535d69e2cda880abcab04737ae8d4

SHA512
39a1cadf3a240e7c78c2d6e2819be47f21a59f06999b7c9111b0f2c0b7d6f798bd320dba97c522d47995d7ec4a05dd5cb7e65d10db489a52fbaa891694509b63

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
4KB

MD5
2d11c289f1f848045e57bfd24cfb2b45

SHA1
2e484eb7dad4f44e61b7c906ecb0ef3cd0a402c5

SHA256
f624b4bd5393f6072d1693bba1125e037e1af500406628ae832d8135b715302c

SHA512
5df6f26bbc1d53621707e9a51e218c86c4a9ce7f13c4daf2986ea9ec8bd646f19356ce8085017ce524e77fb5c3743a28e017b50464636a7d78c698243a1b70d0

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
4KB

MD5
75a98c7cef300425eda69257e2788f63

SHA1
18c00e2f7ff44dc5f10b4ff26736179fd3cd1cd9

SHA256
5638400bbb8415b9f1b064106da0edd3465d8e106820638a5be4d9bfef748118

SHA512
82850515aa1bbaeb6892e2cd1088f7dc60f310a059ed96f70fa08cbf0ffcaa2b13efdfc916f6e728de1641043e0d995124376fc6ac392e33678f18bae59eedf4

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
8KB

MD5
35e7c8aa695f42406516bac9a2379b58

SHA1
4c431ce651387d008b8b59d60e9de68ac4ea2dd5

SHA256
f958364e37cc5ea04101e03ca1f2701b50964cf1fa9ee1ec99939046ac2d436f

SHA512
df4b79eb2b7a85675904817d2bf3cbaa54c099e31c54cde91a696fd822b3dfd875b3f52dd0c9303699017ddf497200b8b260ee210570f78c50445585fa0e96c9

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
8KB

MD5
e3387ae2af8823abaf236eccbdc42f37

SHA1
9da5c4779ddf4561a14eecabf80bc93b8aa3c27f

SHA256
631af036e1cd66f18af7ad5d661a6a72c74d21238a6048d3a6a56ce234160fdf

SHA512
4e422e455d5290432fb0dc38025344f571e275b143067464888226f079b9bf972f93fd578aa78d746dd1db0068d512fe374e31ae8394a701e4147802cec541ab

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/dataManager.db

Filesize
8KB

MD5
2185fc1696822582cf40677699db12ac

SHA1
37b27c7674e066e789b3e3e302ae2eaabfda755c

SHA256
73a4459cc764c98c4f03b1be47420f9d1f48ba9d8cfb39af633b53194432e7dd

SHA512
4c2249fb1b0bb52001c1ce8dd18889046ad21d6f9f2f6f690482b4afce3adae7253e1af0bec97cce8fa8e7c745a20eed2638916a502ec159aedd8ac0dbb4c732

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/dataManager.db-journal

Filesize
512B

MD5
d5b1ca92689cfb9dc4c5a158a4dce94c

SHA1
7af06ba40e24b32c446ed527180fcb940f254eed

SHA256
6b12130114bdec1b0dc1053342c2f75bd9a057a96a76ebbafa1596c3d2bddb91

SHA512
29a0ecbf5543ff1e1e7a5e548c1a3bb0c6ff58ef50164df72dc812d7f2b55cea514006096cc6f7a266b8915f3bf5d62d05d506ef25a9a38a5e1c679bfcb42f5e

Download Submit
/data/data/ch.admin.babs.alertswiss/files/tmpDB

Filesize
292KB

MD5
2601b84c694dfaf0235f6bc903fa61d7

SHA1
f550223c50408a04eb723422af2b36b192537015

SHA256
64eac3d94357b1af560382adeaccd1255aa21283cdb49452dca1dd83a400c704

SHA512
c4b1b20bc2ef61da79cee35951607203e6ae069c900b15a07b670a42ba9dfd83342120915d07c6737f8d06db3a21865c068b0df7a62f13baba0dd5f2caf058fc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads