4928c563dc610a7c968f697e4ebcda9a441d94a4abd5013c38dfa8e8b62cc4f5

Analysis

max time kernel
124s
max time network
144s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
15/11/2024, 02:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4928c563dc610a7c968f697e4ebcda9a441d94a4abd5013c38dfa8e8b62cc4f5.apk
Size

88.7MB
MD5

0e6b33ba825b5e5ce5e2caa03727cd1f
SHA1

0c2574193c88c35bfa70203f5bdcb73989683b94
SHA256

4928c563dc610a7c968f697e4ebcda9a441d94a4abd5013c38dfa8e8b62cc4f5
SHA512

d0f61b8f2f2b61cdf29026320d403ef96b6947dd6941d1d4b95885740880131215abd9bd19ea8b9a451b719ec3eb725afdd1e9fcfee2c3a9623da7975ec00441
SSDEEP

1572864:Ay/UiFkHpKS01NL4iasXbSyaYdtUvkXQ1eYJnrHAFbPlPv5hA+1:Ay/UiFD1No3lLAVPlPR

Score

8^/10

discovery evasion

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	ch.admin.babs.alertswiss
/system/xbin/su	ch.admin.babs.alertswiss

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ch.admin.babs.alertswiss

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	ch.admin.babs.alertswiss

Checks the presence of a debugger
evasion

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	ch.admin.babs.alertswiss

ch.admin.babs.alertswiss
1⤵
- Checks if the Android device is rooted.
- Acquires the wake lock
- Queries information about active data network
- Checks memory information
PID:4274

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ch.admin.babs.alertswiss/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/ch.admin.babs.alertswiss/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
8da6cea16dd2042d58f93c69fe594870

SHA1
f89407062e35e878ec7ed2709b17a466af053530

SHA256
0a6d65c32a15b9cbdddfbd7896c1e4ce635c1ebe4ca73a5f6287f5fc9c4f3f31

SHA512
7081d6d7f3ae0bd64a2ad1ff20c7dc90b9ee3a5d3b5e04037d96514cc5adc91bde546de0a2c7455cfea6c4d635d0540d8e0db8ccc91d9cf1fad38e0fb3cc6c37

Download Submit
/data/data/ch.admin.babs.alertswiss/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/ch.admin.babs.alertswiss/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
18dd0931f332ef55b81964c3becd9e40

SHA1
8ebdc3f9c936ceddfc71d600a91d70c91769b375

SHA256
b71b5198a19eef72e6cbf76f1e618f3adb6b6d2e0f073116a5e2bb0e3b54eb67

SHA512
9f48f75b5355348f81ff0eb4e4e4ab3d8c479819b1714a2c0bfa0de3c0a5ff73216f438a935be152816abd63b7b0bbace71e0cd3739ddb044378d978b659c84c

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/com.crashlytics.settings.json

Filesize
720B

MD5
d7813d94679b7d0740989a6de9f33a98

SHA1
9906cd9ad33fe0a62e682a41910eb1e842c4350e

SHA256
d26bf651e03ae8dd2b417cc508836cd7af690186ed02eb64d5fbb4255368e6cc

SHA512
9e8275b7715989682b69a2f2c4622e370b71b94e8e8921c4e8780c02553a8f04347d1f03053c06d96cff8a2b786aabc3da4919ff02d58230a74c53643c4dda5b

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/6736B2260204000110B21D33BC394729/keys

Filesize
21B

MD5
49e64ef8012d9c9a06ac1f893a2f46b3

SHA1
52fe056b2e71b407952f54f7382d3fc99869da1a

SHA256
7d4be3b1f3e4391d3d5397b1083f639cb429360b9c43efad38fb03143d4f3e42

SHA512
f2f0fd7d38e49a4bb4d89a34768704e61ad5a383c82e539c9d8b79de2c70c63370602352ceae2acb20705337f043e1414348191dfc3603c72b723dcbf64c14eb

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/6736B2260204000110B21D33BC394729/native/app.json

Filesize
227B

MD5
472a2395e1bb769ee6e844892731218e

SHA1
a62edc74d6b569678d5098b4d5335919999fd048

SHA256
400ddbf57c5553f165a160d4904405e23707ab4e5876000272959a3f398e5d16

SHA512
ad87a4cd81f2dfa1e6a4577c9c5cd4f420f3c46efe281aebe8199475be73a0b377c30e609d611cffc717dd260c4af09ce4988e4282e6f21deec256ae780a34ea

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/6736B2260204000110B21D33BC394729/native/device.json

Filesize
193B

MD5
7da63ee7971f089ccedcdb4fb7bf0afa

SHA1
48dff61b1caeee036b7cb59bf6031034e6249263

SHA256
84a3bb12deb77d1f327204051d565064b402b591ed9ec76c452fec770a1fcb9d

SHA512
85a739087dcfdfb9ebc264e702b7bbe921446252596d1918f5c35d672fc3b43ee849865c383422dbd7cef377a6a9ffe76a6d512b8966af1794073f42d1ea21db

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/6736B2260204000110B21D33BC394729/native/os.json

Filesize
54B

MD5
93023624eb8dff5c20050da136aaae0a

SHA1
acfd1ffed752c28fb135ba83c0c6345ddf2f6995

SHA256
968bcd7c4f1abed89a09cc0e6dadd238a81e8655e64196b39a86be49ceecd39c

SHA512
bb25dfa144d3f0e17203936c503c5fedec5f9ca710e177f99e273010ba4a682199d4bda5684151d65f3cb1549f4611b3a645ce39646d3db9a1b2c17d6b160579

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/6736B2260204000110B21D33BC394729/native/session.json

Filesize
127B

MD5
e6c54e4c945973a6abd061768fa3f620

SHA1
207f4fd2b846c627196131230113bd3715bde3b4

SHA256
2af37dd7d7196971d6e3929aacd23289c0c061aa978a251b74f39a8bef37f950

SHA512
597b14cd48cffc41b584fa7806f85c19f2e1697083d74f6c3d23a1a55bc93d56ed08d1585ab4710f7059ce0ef9d5b249c51d6254a61aff0650eedf43ea95ebed

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/6736B2260204000110B21D33BC394729/report

Filesize
753B

MD5
7849d48a2ea1b5dc5cf6c8ff3a4bd562

SHA1
d3793618ed7f1818e68bc28ea1a7b1e341e1b2e5

SHA256
8f6ac19916722f0fb45df8dd68e765b1f1b65d783e4b4abcfcd6076c305478db

SHA512
37cf0a37852b395e313a17a120d1efb9a1e8a0ea58fe4746b1de99cefdc90d8caf4c9d606ff29ddc48d721c851389b74035f00532ded01596db0e4cc697b465b

Download Submit
/data/data/ch.admin.babs.alertswiss/files/PersistedInstallation4836689292086386491tmp

Filesize
90B

MD5
f2fec843e246f5365cfe460f1456d93c

SHA1
ce83f70c96bd88d5bc4ca058427094edca8b9edc

SHA256
fa4403130592f709006ec579eb5fb6eeabdc0df71f6fcf67b4ab9485fb7b3dc0

SHA512
499c8f025d24ca3cb54f36e3d21a70ab9e500e62a1bf94c7e716142547bb968fa6133fb81018e4be4628a2b6cca0d69757e11b6b3b112b2279e8eafdf596a9a8

Download Submit
/data/data/ch.admin.babs.alertswiss/files/PersistedInstallation5620503174803160169tmp

Filesize
561B

MD5
bbe6db7b5182325cb5cb5abf49680e7d

SHA1
6df8e3ba606e041a7f3b9ad4f1ed12b2d2cd9c85

SHA256
318f6043affc9a973a13714aff22602988d176ea88cf1ed8c43988644738c90b

SHA512
1536ba1f1e9ea0a07f5c4a5bf9b93d9eeee361f344157494a12e67f8ebb7fc69ec1654ee862bc7038db111d20e06c0fd2b2a86242ff5984e2e46dd7dd3952539

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite

Filesize
36KB

MD5
21484a4329ca67bc6faec2127adf0887

SHA1
20e1e2bb67c5fa25f40b56647f4d7f30d018c6b7

SHA256
ad119f2ee98e8cd407e4ec70cf544421f78e5420a78698944f3c8ee722fd1cb9

SHA512
978002ff432053c0a2dc24af7f32116ac7ac7baec8714f18238879629f0160a79ab3d680043f00ca21b57a67298e0c773606b48b629617c6480860aa54bf9692

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
512B

MD5
4db8ef0ea20933d067fa9f98afa983b4

SHA1
c63d18d9090ddf28da306c699499f462e8835692

SHA256
40e54b378f772343c5ba9c926663df1a9f3b9d98fc57e4579f875df8c0a74d82

SHA512
ef0580b16e4c9e31bd232d2dd51ce91e16ce04389346110eb887194b1e8286ff8d7175af486967ef3140a952d0ec6df0892a0ff573a9c6ec786d398669516c94

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
8KB

MD5
b61643a3ab787f079f48d443575241fa

SHA1
5094e644e0ce073b412a1e746ed326372cb271ff

SHA256
e8c23897f94ae7080dfe9fef6796e68672654510779653abe0d42f89cc3a9c0f

SHA512
db24539bc84f244ce5de8c76e6d0d3fb87ab3823b41159272ecc64cec6e42586daaa8b9dc107256f020991bfdfcef8d0c100233d48ee5151229e2db744f71af6

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
4KB

MD5
6105379336562df236d4b0599fdbff84

SHA1
da98e2584b44edb64d2ae550be81aaf1d96dd544

SHA256
1c25a8b2578639839ee14a8e1b0cd68a5acdee6c0efc9d77d41c8e5224598baf

SHA512
51cf6dd18657cd36c13896cbc36f2a1b78dddc925a7f4b78a7b7b8d50caec5835831c270cf34ffe52c3944e9ef9854357bffcdf1656ac36eccf4e36e747707a0

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
4KB

MD5
ec56bdc575ffd3a3878034eea2dd6f4f

SHA1
91bd6c6f65bb2f69bebb963d8e9a8239bf38cccc

SHA256
eb6b3db2fac36ad2cf2b9492c1bde504457922418c72c954c0b4b5c949adb041

SHA512
9ce0d42c783c20a1cb7bc1eda209b64139094bc3ada1922e9ed4903da4cbb0dd00d9512f31f16566a4b7639278a18972048d470d510ab89af7c8ea1710063e43

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
8KB

MD5
1fa4d3182f741b22172fbf952ab4215d

SHA1
3053e13d97a43fe1a7999fcfcba4946db671d05a

SHA256
8f7763730e3b40acd485dbe5b85b7b51b953a57a30931eac38f8f079ce6dd150

SHA512
cf1c8dc157388cfe8c973c6d33461aa3ceac52c5926caa1178d21df4bc8016fcfba0f4b9a1cbdb5282ef6385e0127a68cd77275f6db1b2d5b4ddb6e6a94abd8b

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
8KB

MD5
1d38b4bd3ef0a5e81e8e8f807194c60a

SHA1
b0de23c0bc2aa3360782444e711aec1ceed85fbe

SHA256
9b4952380d135c21709a828a2884837efd3b66881f38d11fb8936e220f3dd532

SHA512
2439eea6e83c6f9846e64b893c825dc6d113b5f0fce1532a9cb8183c252976a5faaab5f70f730eee99ef00ba1e3b8529fd1e9523139c6cd97d1612a723fb9281

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/dataManager.db

Filesize
8KB

MD5
2185fc1696822582cf40677699db12ac

SHA1
37b27c7674e066e789b3e3e302ae2eaabfda755c

SHA256
73a4459cc764c98c4f03b1be47420f9d1f48ba9d8cfb39af633b53194432e7dd

SHA512
4c2249fb1b0bb52001c1ce8dd18889046ad21d6f9f2f6f690482b4afce3adae7253e1af0bec97cce8fa8e7c745a20eed2638916a502ec159aedd8ac0dbb4c732

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/dataManager.db-journal

Filesize
512B

MD5
54f8ffa90b84e1da71f3225347a0fb1c

SHA1
dfdf000b49a814f92ff0d044a6b48931a34c4262

SHA256
4ab641edc3d8626a2360d4c8421f2d0473f93206047dba945e6cac03d803f299

SHA512
c0424952b419e6aa2f88423f5d85ecb54d2f13d2befbd211c6923b67f87b14206ca4a211a8a77dd88d05c0f70ac137538e9b37650257c4de5609b853cbcf731b

Download Submit
/data/data/ch.admin.babs.alertswiss/files/tmpDB

Filesize
292KB

MD5
2601b84c694dfaf0235f6bc903fa61d7

SHA1
f550223c50408a04eb723422af2b36b192537015

SHA256
64eac3d94357b1af560382adeaccd1255aa21283cdb49452dca1dd83a400c704

SHA512
c4b1b20bc2ef61da79cee35951607203e6ae069c900b15a07b670a42ba9dfd83342120915d07c6737f8d06db3a21865c068b0df7a62f13baba0dd5f2caf058fc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads