Analysis
-
max time kernel
138s -
max time network
152s -
platform
android-10_x64 -
resource
android-x64-20240910-en -
resource tags
arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system -
submitted
15/11/2024, 22:07
Static task
static1
Behavioral task
behavioral1
Sample
d058d1d1ab781cf11302ba9ff270b1e84e70b05f54b6330079a1ea7f648dc50c.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
d058d1d1ab781cf11302ba9ff270b1e84e70b05f54b6330079a1ea7f648dc50c.apk
Resource
android-x64-20240910-en
General
-
Target
d058d1d1ab781cf11302ba9ff270b1e84e70b05f54b6330079a1ea7f648dc50c.apk
-
Size
2.2MB
-
MD5
1d3997cf8c06348ca01a02b35997f54d
-
SHA1
a2c5674eb15e44f61718d348d630ac3b3daa1534
-
SHA256
d058d1d1ab781cf11302ba9ff270b1e84e70b05f54b6330079a1ea7f648dc50c
-
SHA512
eb4e8e7e52385ebbf26ae644af0d2d44ab0e6b880c57073136196c662e325633a2995d0439f648c73d3bb5b6aec718812da41a9cf8b44149c7b4b58d5466731d
-
SSDEEP
49152:5/Wy7fJLjWFMdPoTwNm2ohM9LqLNQ6HtIwttgEi0frpQ7:5/Wy7fpjntoTkm2ohM9LqO6NIwt60frm
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
description ioc Process Framework service call android.accounts.IAccountManager.getAccountsAsUser qxfuugux.pnclrzqk.ktulspgfjkgv Framework service call android.accounts.IAccountManager.getAccountsAsUser qxfuugux.pnclrzqk.ktulspgfjkgv:kygwd Framework service call android.accounts.IAccountManager.getAccountsAsUser qxfuugux.pnclrzqk.ktulspgfjkgv:Daemon -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses qxfuugux.pnclrzqk.ktulspgfjkgv:kygwd -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground qxfuugux.pnclrzqk.ktulspgfjkgv:kygwd -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver qxfuugux.pnclrzqk.ktulspgfjkgv:kygwd -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule qxfuugux.pnclrzqk.ktulspgfjkgv:kygwd
Processes
-
qxfuugux.pnclrzqk.ktulspgfjkgv1⤵
- Queries account information for other applications stored on the device
PID:5156
-
qxfuugux.pnclrzqk.ktulspgfjkgv:kygwd1⤵
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Makes use of the framework's foreground persistence service
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:5193
-
qxfuugux.pnclrzqk.ktulspgfjkgv:Daemon1⤵
- Queries account information for other applications stored on the device
PID:5413
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
28KB
MD51687e14abbd04397a3d6d85f92a5031b
SHA1a68b74d501cd10d75b610d92dd4b4beb4904c274
SHA2561f8cbe0f5e9d04eb8504de74f840766e6ee43ed5a9af092942ec78aca8392ce7
SHA51265f945c65e6cf4b95de1ba0b1d12354b68d33225865e500cbfff5cb890cd3721683d2e8d49e566ba003f1f453fb0d2a9f9770f29326dde08cdfab6154aeb1bcb
-
Filesize
512B
MD5f1a461c5647b6a2aa9461c1986f39579
SHA1aad61f91c7151b52aec319046895db037e426569
SHA2564462557e81795e382e3d6c95e186e4eeacba2f23ed679b042885376dfaea9def
SHA512ec300dc28f8480b6d8ec245983702e76c930a3d1ea413dd6907e19072edc1f1d1555d4b4af30c2a8a55779521d51cb7fd78fdf66f52f551eaf3bd5a547cb4af7
-
Filesize
8KB
MD58aef7a0ff74994175f17071f6190f1a8
SHA17d688887926af7e09747df15dcbc51035d8ac35a
SHA256ebdcd1e399932a8654081a14d774fe0dcca4f5a6b56c65aeafa16840548ccd5a
SHA512f68b57e0edd675845231792ab6aa8ddbad84d43edcff241a79626334e26de9940a64fd602ffa0316d18b45568c2a7814441d267426816bebc8688e4dcc6a10e3
-
Filesize
8KB
MD506b506a3a5f92451e2f49b8373c34ed2
SHA158b2efc175dd3d5c5a419a3741b6cacde11b899a
SHA256a76984271a9c5eadf45eb492798577d8ab88c8fa0d18c67d23c75c3f8f987d04
SHA512da5df7d567f7fbaa8c310eb044be1a0a7d5b6de1b1d59aa15b42116e14a5b3f2e6cf56209519babae037fb3ea4ce9ed6999f3c1b55caeeb1c37efc3ec1dcff30
-
Filesize
12KB
MD52a397f4f0be768ee05bd8ef001b3634d
SHA11ecce391016f7c7043c3c151be3c9c7beaa0875c
SHA256abba37e4932f4af24f5a0b55939705049564658a91753d6dec4a9783d2cecb0a
SHA5124cf6380dc8b65c6f038b6ca4c30306861fec4c6e5897fb38ba748aac2970bab408eca40d909c40279d91cf37c66df895571db1de7347a87e8255758e3c120b93
-
Filesize
12KB
MD5a8c4f913a3eb6b3bb5853ff0824248d7
SHA1bbc9d3cbdfaf3918f17b52c4d0d9539c669d86bd
SHA256b816809bceb967372eceb40985bcafdef8ed539f2b82d28b12b9d29624d4454b
SHA512c4f65d7db58064c0e34d72a64c5f9d3c6c12076c92556d05e458e6e1a942a52e3256417746815781b5a34e911a3fcda4c40c1d8a903119bce4e55a63b37e40bf
-
Filesize
12KB
MD57117b8115af2ab8ca4c581176094c06b
SHA1176a82cfaee5a81a3c7809af9713683b424db005
SHA256789779fd775da4c0958d755e45e87eaad130abe1624716ece85b2fd28fd872f0
SHA51291ca457e2e2d4a1b42b5a4a240ec3aaf685510bfa27bebdbdbd4636a5d5c90488f381e46d5e1336795fb715e9c294b23dfafd46fa06889cd68751c16df346713