4928c563dc610a7c968f697e4ebcda9a441d94a4abd5013c38dfa8e8b62cc4f5

Analysis

max time kernel
124s
max time network
147s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
15-11-2024 02:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4928c563dc610a7c968f697e4ebcda9a441d94a4abd5013c38dfa8e8b62cc4f5.apk
Size

88.7MB
MD5

0e6b33ba825b5e5ce5e2caa03727cd1f
SHA1

0c2574193c88c35bfa70203f5bdcb73989683b94
SHA256

4928c563dc610a7c968f697e4ebcda9a441d94a4abd5013c38dfa8e8b62cc4f5
SHA512

d0f61b8f2f2b61cdf29026320d403ef96b6947dd6941d1d4b95885740880131215abd9bd19ea8b9a451b719ec3eb725afdd1e9fcfee2c3a9623da7975ec00441
SSDEEP

1572864:Ay/UiFkHpKS01NL4iasXbSyaYdtUvkXQ1eYJnrHAFbPlPv5hA+1:Ay/UiFD1No3lLAVPlPR

Score

8^/10

discovery evasion

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	ch.admin.babs.alertswiss
/system/xbin/su	ch.admin.babs.alertswiss

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ch.admin.babs.alertswiss

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	ch.admin.babs.alertswiss

Checks the presence of a debugger
evasion

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	ch.admin.babs.alertswiss

ch.admin.babs.alertswiss
1⤵
- Checks if the Android device is rooted.
- Acquires the wake lock
- Queries information about active data network
- Checks memory information
PID:4588

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ch.admin.babs.alertswiss/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
dce715462d348251a328c0f1644ae64a

SHA1
ea342925d81f1964bb309a39a0e4def4616be258

SHA256
f6ae9978cc0ba3a812883c5abcd16f23b68da7351bdfeec18f3db0cf83010288

SHA512
3e48f9a99345b094d626b1bdd591d81624e15621acdde469d9953a2eb60f5a13ce4cdf9afa3275a34f31b4da49b150f5b1db0b8aee83cce3b186bdc94e647347

Download Submit
/data/data/ch.admin.babs.alertswiss/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
3b22def81d38ed6e200d04e94df24c22

SHA1
30a112086c82923cd2700ff2c8c61a13244325c1

SHA256
470a405aa460e823162b88a6ea5e9450c55ea1a6aed0533080b6e7a4b3e4b644

SHA512
902b26570359441c13f395f636bb92c5fc3dd765ca645ce7be7a65fe2cc191b92951f61bed10215519317bc3e70296ab5d428334370fd07bd7689ca00a362ab3

Download Submit
/data/data/ch.admin.babs.alertswiss/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
c802cf0fd5acd5aed69d0b952c8b8f6c

SHA1
41480fff70bf7c24914094190021811999441aea

SHA256
5f101128a886a175abc5b7e5c36ac329c017c615ac48f1a2ba5f80770640a06f

SHA512
fb75db565535eb4df1c60f28ae40d5a21e01ff7d23837253dab5beafe215121cb276745222438a2c3d28d0a65151e83e4fa7dbbaffba5091eb87482559e65ff3

Download Submit
/data/data/ch.admin.babs.alertswiss/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
3e355b4769c8b52b388b9a648a022765

SHA1
74abf2acc53578fd829490046c89913e10e81cb6

SHA256
51723304658763226ef5a72d6699b1b5b6a7cdce89ed8edc1ef6153ca9d996ac

SHA512
a04c65261880d4f6f4089c1f09c0b9c7d4dfec4e802f33157becbe34eccbb1915960824990e464bb6f8595b873aeb20429f852a204685370d36f3240bd11e31d

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/com.crashlytics.settings.json

Filesize
720B

MD5
da62d504dd39c7f14d979aeb5b814387

SHA1
0df65419b621143f27b55d2e4117c9d8cfe84297

SHA256
418e9ef34846061a6238d33c5ac3ea6c1a19f2bf009d5f6116d9603877b5a688

SHA512
f6ca595478bc022db4087a159bca03855c8b697ee79a419970a1173ea327f45141ba745c98171341bb999e37b1e03bc2eea6160fa1259fe1d96c0e6dd199a297

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/6736B2250001000111EC5DC4D3B1A9A9/keys

Filesize
21B

MD5
49e64ef8012d9c9a06ac1f893a2f46b3

SHA1
52fe056b2e71b407952f54f7382d3fc99869da1a

SHA256
7d4be3b1f3e4391d3d5397b1083f639cb429360b9c43efad38fb03143d4f3e42

SHA512
f2f0fd7d38e49a4bb4d89a34768704e61ad5a383c82e539c9d8b79de2c70c63370602352ceae2acb20705337f043e1414348191dfc3603c72b723dcbf64c14eb

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/6736B2250001000111EC5DC4D3B1A9A9/native/app.json

Filesize
227B

MD5
d74536ca05a2b386e64c9d354188c8e1

SHA1
4f55ddb187b8032fe3361bfaf16be57c2f82ddf4

SHA256
03d37b0cf53b62719a71a74f50cccb7504ae4d8ac87d65d18d69a6c993519f02

SHA512
d1c85394c117c939e55280a5a35c520bf6d61e6612888d7faf24efcccc0c7acd9d3f1ddaec5670e305ca42e927816a292ac8b6a2316a4949100dbbaf5458f508

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/6736B2250001000111EC5DC4D3B1A9A9/native/device.json

Filesize
193B

MD5
5a096d8cc4ccc2a30aa229c2f4aa79b9

SHA1
ba94448d7df8d8c5c05a32d1df09d488cc6285ea

SHA256
43ddaa822a3b483edf54073ce1d57d546eb6964801e07e7daa01871b3f735ebf

SHA512
ca6d49b5fd68c07fa44021a825bbf797cd783ed3c6fac0d3a412c8490d6f7d719ac1306d4e07c5750187473c83b9233731f2663131671dd8e5dbc3567846f41c

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/6736B2250001000111EC5DC4D3B1A9A9/native/os.json

Filesize
55B

MD5
fc1dcee4e422d77e7fab7c08c8a41344

SHA1
d5340127e9d5f735b9d33b9dc61c772fb0e2dc15

SHA256
b843f05ed78cd137c272ba7f0ce8ede3aa853098a856863e51d5c223b58f21c7

SHA512
3ec07617e3e1008572f6f2528de9d4b827050cc5a7cf19a1604c961f9ec370ede6f5fd83bfcc252c0ee286fe244ee6734046ef1aa638dcfc689cd4407a6a8f61

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/6736B2250001000111EC5DC4D3B1A9A9/native/session.json

Filesize
127B

MD5
c2d3521eea09c5a24f931af8b8db220f

SHA1
5187a426a60cbae34340b8c99ee3489ab47b343a

SHA256
35cb36769d7866784de965795d7c5f90fc4916f75ffb3df2d074c3761ab384a6

SHA512
dd6f36d0b27dafcb3a7464bc5dd4d7f65c76a12bd5cbdf68c9a9463b831d41c17ecbabf1716683d0f44d42d57e302d0a855672bb58aa5668c780505427097f90

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/6736B2250001000111EC5DC4D3B1A9A9/report

Filesize
754B

MD5
ba1f8dee16157dc4246a5d4f655d2e9d

SHA1
ec641f66fc1861474d1cb17f9f064c6fcb899c9f

SHA256
000b5886daeb918db43f6d23784af82e8b0549d8c8e5678b48a31ab810d4ec65

SHA512
fe28a8316093207f8b305db07a55ef9e103bb46263bbe51c0edb303cdd415579e9f15a6f7f16e596b23c74f851ddebf77923f35aaff968b659c00e6370f0923a

Download Submit
/data/data/ch.admin.babs.alertswiss/files/PersistedInstallation251112164119677508tmp

Filesize
90B

MD5
910858159c937210d55bcaba54da47a1

SHA1
577bc547120f729f9bef857ac792952289b4670d

SHA256
a2c4e50d43200e47070c48d44d41f3d01db2e5de5c1ab7503ae02be0cb371752

SHA512
94a61c0dec0d9ec600b8bd185028b32f856869b129a80912d204c563a52141110337bb73eb1524addaa8ba3938f2d1ee3a988d07580c883a1b44dc130effa354

Download Submit
/data/data/ch.admin.babs.alertswiss/files/PersistedInstallation7645869244560346777tmp

Filesize
559B

MD5
af2c0bbbf7e64df7dc4dfb846707562d

SHA1
94b284094b917bc56b7b7aa6a30addedb7be8688

SHA256
8429ba80519df8be0552ab43d698c19c94fdf8725d088b7b7c6d5da73e07329a

SHA512
d4c994283b7e511ece78f77846441d93f4e14986af863cefbb5b36c924a873cac91a5d61f35bef6e30b5b1017560532862cafa0f738dfe009536ff6fd8cb6c33

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite

Filesize
36KB

MD5
21484a4329ca67bc6faec2127adf0887

SHA1
20e1e2bb67c5fa25f40b56647f4d7f30d018c6b7

SHA256
ad119f2ee98e8cd407e4ec70cf544421f78e5420a78698944f3c8ee722fd1cb9

SHA512
978002ff432053c0a2dc24af7f32116ac7ac7baec8714f18238879629f0160a79ab3d680043f00ca21b57a67298e0c773606b48b629617c6480860aa54bf9692

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
512B

MD5
04add943a45b9c402b31dc90ab8017eb

SHA1
9bdfec156f261bfad22e96c4dd7b644645f028ed

SHA256
c468999219049a55b1277907520d67ea0a2f46d846981ac05c8a3a87680674ca

SHA512
6a6aefd425b366de5e6b20eacdc339463352cc2f62d16c7da692b61d4e896418d6b671fae287e1feba274d7682266c88f97d81784b3b387282159491120d561c

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
8KB

MD5
ffb7cec5d1f1b5438249e49424ba7ea4

SHA1
07c595f316d94723e33ed0cc5f1369c8a0737876

SHA256
2c4afe2908fcbb2726a68696a55800e26a478215b005e02327ce5e371bace495

SHA512
5ac3459e86afaed77a6bcd76bc4d1fd50c540555e37148f88fc284b901ee709af97ec3fd5d66d44f4e6a87541410f821452a31fbbbde17161102848df042d779

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
4KB

MD5
9643047eb1ca760d8a19ddb3a804ab53

SHA1
45028aa40da63c90cf9578bb034fddbe8017cd3f

SHA256
c6a900d61e5c49b3131fdcacff92d2a33f595770ff6799baf9d2c11f0a40c3b4

SHA512
a98e623761bfaed8be972e9a89ce7ff0c8685e057f7b47c2f87fd3cc09e1737a3a36eebc441d19b6663cbe80e77593e64e91fba142059a6d797f7c9f7e2cb75c

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
4KB

MD5
cf39e25a25b8221a5c51b16fd756848a

SHA1
caa98930a09f69c11aba375b6645f4b337675069

SHA256
ef4e348ca1cba63b0805bede45dd2cba9dea93aada3b5795b08972585b6d3d80

SHA512
411b0d2dcfbcb230241438d438121b97f87dd6b04efe3dd8aaa9efd93a09ab5cd5d882f29137bc25944cc1e35b18af978051aba334521ed401aec05799ae5f0b

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
8KB

MD5
4cb6f7b96e00f842090ea248ae97291a

SHA1
545c2e999e4ec41c2a006286a0082d93a2c9e4c8

SHA256
4f5b6b087c3a400fdde0ae3b9730126a12781447fc08cc556deb6570cfc16b72

SHA512
c70a165f940e807dea6206d3ca16a08744f834a0cffbf62fde1ef86eaf0163e5f3474bd79caf412e53de3b8eb88775b095065b8807ff511094700ee711cdb594

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
8KB

MD5
352705bb8e9c3c0e30d4e9d89fece224

SHA1
ceed2d834aac2c158858fd107711f44b61b8293f

SHA256
e2c930cf8a58d1db072372236fd164ad3f2b99e45821c2a203ce0b7d3ce8793d

SHA512
19ebe21447bc7ab6ebfb25ee1bc5f31069b6a8c445b176810b9f032930c1c385065191ffda791bde7e30870f864cc26ea4126bfd4c05d28e9e5c2d31f8415401

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/dataManager.db

Filesize
8KB

MD5
2185fc1696822582cf40677699db12ac

SHA1
37b27c7674e066e789b3e3e302ae2eaabfda755c

SHA256
73a4459cc764c98c4f03b1be47420f9d1f48ba9d8cfb39af633b53194432e7dd

SHA512
4c2249fb1b0bb52001c1ce8dd18889046ad21d6f9f2f6f690482b4afce3adae7253e1af0bec97cce8fa8e7c745a20eed2638916a502ec159aedd8ac0dbb4c732

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/dataManager.db-journal

Filesize
512B

MD5
c093c16116c4b0f5fb541d34bdab81ac

SHA1
5043b983ac5cef9c56822adf36ecaef51baa4434

SHA256
8ebc06fbebaa3b90628f7e3ab1874079541edf4721b0d587962bc1ac3ed42a59

SHA512
d463ae4f4d801db67bbeb3a6941ea0b3adccd1bdf181ab1717aac4103e88b9fbce2a67683c9303e9416d691dfd91613a28b237cbb46676fca632e8e3e57bdb8b

Download Submit
/data/data/ch.admin.babs.alertswiss/files/tmpDB

Filesize
292KB

MD5
2601b84c694dfaf0235f6bc903fa61d7

SHA1
f550223c50408a04eb723422af2b36b192537015

SHA256
64eac3d94357b1af560382adeaccd1255aa21283cdb49452dca1dd83a400c704

SHA512
c4b1b20bc2ef61da79cee35951607203e6ae069c900b15a07b670a42ba9dfd83342120915d07c6737f8d06db3a21865c068b0df7a62f13baba0dd5f2caf058fc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads