e1a0e5b8f02424e046d674e721cc6ded514c4131b61464d9a6115184d41181ee

Analysis

max time kernel
7s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
19/11/2024, 12:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e1a0e5b8f02424e046d674e721cc6ded514c4131b61464d9a6115184d41181ee.apk
Size

69.0MB
MD5

694e52a59bd0552d404e8bcdf52ee7d4
SHA1

f1d0dc6205f82b9e4c723698a7e9dadfd0d9148a
SHA256

e1a0e5b8f02424e046d674e721cc6ded514c4131b61464d9a6115184d41181ee
SHA512

bd5dea14c9f9a7fd9b83fb30e542a1072449d9b4b356ef39512a386cf49e53d41aa9c10267e8ca8edcb13dcdda7015bdeb4a30272803f7709cb3054a201fa870
SSDEEP

1572864:TIbgU9BSqPO1vl1hrZWGh0pEAfvy4FYYdrkcJP0w:0SqPO193877vfFYYdrkcJH

Score

8^/10

discovery evasion execution persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.skt.nugu.apollo
/system/xbin/su	com.skt.nugu.apollo

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/system_ext/framework/androidx.window.sidecar.jar	4517	com.skt.nugu.apollo
/system_ext/framework/androidx.window.sidecar.jar	4517	com.skt.nugu.apollo

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.skt.nugu.apollo

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.skt.nugu.apollo

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.skt.nugu.apollo

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.skt.nugu.apollo

Checks the presence of a debugger
evasion

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.skt.nugu.apollo

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.skt.nugu.apollo

com.skt.nugu.apollo
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Schedules tasks to execute at a specified time
- Checks memory information
PID:4517

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.skt.nugu.apollo/databases/alarm_database

Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/data/com.skt.nugu.apollo/databases/alarm_database-journal

Filesize
512B

MD5
a23c6dc4f5de40aeb0b99d68db0e7b13

SHA1
68c854820318a4f168e6b5a9c74bbede508ba5ec

SHA256
86f8b19dc8d800b43d5cf2850477a0568a7da6902e9b8d42a57c6dc3c89dd471

SHA512
4ea655e4e41d54d6bf28bacd3599ca4474fefc88e0aa7671e1bfe978321b12311c5c01262f6ee2f0cea8e2c16accc26ba56551be93367c93a060482a2c1ccf43

Download Submit
/data/data/com.skt.nugu.apollo/databases/alarm_database-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.skt.nugu.apollo/databases/alarm_database-wal

Filesize
16KB

MD5
b4155fff9f7baf798348990089c49e17

SHA1
47be972f2acefb0d00877788a2390cfcc6973a50

SHA256
7c4e5a3216f6c03b8cfff1cf7c0c54f3d6775995f96a47dd8d91c900ed6f8989

SHA512
1cf2be2fb0112e526baaad876eeeef04aee42f55e43344e072e72800c3be4f95ef30df1fc9a23ff96522e45e1bf78759c12bb7c1eca3651f1cdf2cefdf70a07b

Download Submit
/data/data/com.skt.nugu.apollo/databases/alarm_database-wal

Filesize
84KB

MD5
1557b161d771b2478546186eceb32767

SHA1
fd689131db8105f6554e0a54fe50bd1165f68539

SHA256
29273bd529c5e8e169fb1f8711cde4e2946eb9e9b98f2ca77a69d34cd7ec0128

SHA512
b1a43da81e1d34d781a6a5ce1a0c6fdbe399cc3fbf1533c6e4429697a8a5dabca93c8cf2ad2e813ef6f29c1a8b1c1e835b91bcb7bb059dae21898d433cc13adb

Download Submit
/data/data/com.skt.nugu.apollo/databases/alarm_database-wal

Filesize
104KB

MD5
785a6b40d6d8d5d9a72663d76fdb7152

SHA1
53a57c3fc4984092f2e9ca8e89010d07e80c1145

SHA256
d7e6e788369fd251a8ac74cfc5b556f1e3ecb001e3ad42a3d15d7a562919a645

SHA512
cb44d62edb8243d4ab4027c2c50c2e1630f3ab86c498d8d1168ee4683a933ab986660714ee4697d4ecb90e89d50281e19cf9f1846e008df6765c32f9e86f21b7

Download Submit
/data/data/com.skt.nugu.apollo/databases/com.google.android.datatransport.events

Filesize
100KB

MD5
e242d2052d19c4d9fda118332d585385

SHA1
3b44f36c46c8ebcda4b0a6f1bf3f80fe523c071e

SHA256
1a25959d0bbce2a5ad457849a114153ba51ea831c78a70238c1b329a958fe023

SHA512
7ee0ea5d70af850e857d141b294951e9862a2a168d386b1baf085dc6edf0101b6909b2585918eb32255b3a97b14018afbddb75f3f204d231ded51c6973539964

Download Submit
/data/data/com.skt.nugu.apollo/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
521b01ecad389b96199464a577cfbbb4

SHA1
3db32427c29915d02f49334f98926a8bb368ac5c

SHA256
9b0329d546d39913bafbe3c1ae2207acf01ad0c6034aba1a227bcb12ee5e9571

SHA512
7d33e441a654eca238124ae63670f359a73318281097f70fe647a99eb9cacfc2c58cbeaed7f7d0b22d9244180d60fff0ad7f821e725b08cce6507d88944ff5d8

Download Submit
/data/data/com.skt.nugu.apollo/databases/com.google.android.datatransport.events-journal

Filesize
28KB

MD5
e58e386574978e80695ea041367224d6

SHA1
1663213b65fb3e7cf0605ea38c340fb30a2781a1

SHA256
642089eea1cdd65443d716d53d647fad0f7b5e6e78c9aa6ca703259f61a1a755

SHA512
903d3eb4c0f636439682d50932c6293291b9b8f61ac0d6909be6161add525d945e91a0a8d6de671ad8f0fe81085eb43ac7bdf95c7163e6d01ad639d67c33bd74

Download Submit
/data/data/com.skt.nugu.apollo/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
970ddb2d56398ee5c8b17946a2e86286

SHA1
1c95e5816de160477ee3d0a3dcd16649f3be4524

SHA256
4fe52bfc138c02f1d9c0918c5c48fa5439e1ee60da5717d08269c02a87699049

SHA512
ebb6b6a33e65005853ff3a6c784cd3abfb372c951e57698280eed8a91496702bf50038cf3a805b5b88df8d6d1e5a231b9333a96419c66b47fe23f4fb4fc73127

Download Submit
/data/data/com.skt.nugu.apollo/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
e2838fb5ef11b8395c5e910a014c6c7b

SHA1
0c14e4a27e41675e5e3dfc000ed4efa545ee0b18

SHA256
12fd7df01ba5ddb6cd3a6c45de5b8de509337cec60127b28f12eb0c564cbad5e

SHA512
32f8c66312b11e669353c3294717c395131575fc1839a6bddd10b3be6d498960abf5b2ca95d485213e1fad4e761929cecbc46f35d80b4f4688485d34544df4a3

Download Submit
/data/data/com.skt.nugu.apollo/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/com.skt.nugu.apollo/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e4470fc61a0333e948c26572c7eacace

SHA1
1c15f3c56afeac9c77935623f25d55b2530d1788

SHA256
56b1d8b4978c05ce07414380fb777547b692d04ca1b73b27a2e292ffb6ea29f8

SHA512
2a5d09bd9b30f0bcce65d4e50f2f46239a100f01c05c8d721fd2456136a8c0f064356225202ce98d3c519238752237e8e2e8e8e60416ed4db7819f9b829e7794

Download Submit
/data/data/com.skt.nugu.apollo/databases/google_app_measurement_local.db

Filesize
16KB

MD5
76f501f9e1465b51f1fc363baf0d663c

SHA1
e9e3ce64a6bd3f25e2274109c774691642c11a23

SHA256
39bce04d61204a544c55f4ad08d5e7a56e7712ef60f7b75f0af8d11672315483

SHA512
69b1618e5bce99b90d2c06eef92308e67852dbcf1ada682cce1a6c09dd5c63ad193c351ace26a9c6a0db2b5299f004d9cfd988fc0711d7fd42c08502b87787b9

Download Submit
/data/data/com.skt.nugu.apollo/databases/google_app_measurement_local.db

Filesize
16KB

MD5
56270f163a8aa3fe6fcc8624d469edcc

SHA1
78dff9fbf9a7c011b73619fa0f6c346b82dd93af

SHA256
3f438887737ed743be487ea257231f99cdaac8ac0d27e06bc2133087af6bbd4c

SHA512
88f2ad0ff00a9e7297d4d01fa15a43e5b2496490996ec176c554ada746e82eccff51ac91e422eb621a580fe2bb0e13f8f3db07c4baa006b1c646b138c3ab5d0f

Download Submit
/data/data/com.skt.nugu.apollo/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
cf9ec6c30f28043b627750297f66181a

SHA1
098f2060824d3c68689b1a22ba1e950e2d6aa710

SHA256
43872c0a654f18128fa176be222f943446dc1c41fbf649857eb7e1e4d3448e35

SHA512
b57f91af13b277e969f0e4d2859d8228ec071c3bc36cc3751343c05b63e38cc7e1d6d759ae2a27aa9891ebdb0c1b5b74478086a08f810bb58947a7fbc547eace

Download Submit
/data/data/com.skt.nugu.apollo/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
9347bc711ad392a30d1d059f3b564d30

SHA1
8b1de05d79f482f623b9533629177cd58bb51e89

SHA256
b405c7a0cc75bfa79e3b959a0b1836dcbc19763a2bfa3332d9bdf377e970f1f4

SHA512
8fe08f9b00dc13d3294d518e3e82ae94a2e018f8e082210ee6da587ef43c6d65aeca33631fcbdf548e9aad09d36cf50bf791ad7abccfea2f0a231445cff7a254

Download Submit
/data/data/com.skt.nugu.apollo/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
5be549055edead944cc00691cb6683c6

SHA1
721e431bcd7928697a3dd9ae356d037a49fd52de

SHA256
1c6c75632c5f14c768f0ed08a21fa7653c6b27b94b029f365b911890f5cb7289

SHA512
604b31a6df30bfb44282613ab4304b3638c7633ecd82ea8401f6895c90fde29678699e38e62321b5bc759819e7e1209827c9a6966bbfae89d21f908b74b5f16a

Download Submit
/data/data/com.skt.nugu.apollo/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
c3e6142f9bd018a198da0aa36dccf3de

SHA1
72b9689c5c05799a56e939052d602b1d8474a58b

SHA256
49c411cda4db10896e34e6f0d0686a83b87e4643caf3b66304ebd84c57863a3f

SHA512
3855f7b48a4bb93bf8a2f99ed0fe2a7e79de7e7f6eb12ae61b8a08e41dbe76cf63a08bd0f38102ac49784dfbf457ee4c1000aab46285a6b85991a6bb61da7860

Download Submit
/data/data/com.skt.nugu.apollo/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
6ce4ce5950a6de952a40248cd6a58193

SHA1
b21b83e159c536f20dd0ca059d8a277aa8a7ff08

SHA256
8bf284714d0782d8502878933f5a8a292994760fead32b31c5489d157b7aaf17

SHA512
34238123b30026ec24adf03287c830f8e314fbe9d691076703d8a8578644d623e501ddde19a698f15c0b0797601907682a8ef9426f4d2a74166cbef82eb72acd

Download Submit
/data/data/com.skt.nugu.apollo/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
58c9c6b70826540660f2bc54f03695c4

SHA1
7a37a9fefbcd5aadc5a3a4862ed8a6fdf8bbe16a

SHA256
b358dbe9c700be3a50da70e31d47b03e16bf1d2593abaf5685c001bbdf4d1cb0

SHA512
bd08b5ffb66746ef3ca46fce7b53762b5fe617db6464fff4d553e845247349c8d79fa2d472dc413509cd682e168327425ce22ef56b5e11844203e4d0d18a8e5d

Download Submit
/data/data/com.skt.nugu.apollo/files/.com.google.firebase.crashlytics.files.v2:com.skt.nugu.apollo/com.crashlytics.settings.json

Filesize
715B

MD5
58799995c8cf12149c278a9bb3ad4010

SHA1
d87f0f9c849cdc2f27123f7179a93646acbc12c0

SHA256
88da1e714b2fb528c8f948bc067197b8c54f2e3568348ca1650e660ab2d89dc1

SHA512
238a4509bdc3c008fb90b26dd8916e6e30a93a1a3b0791115e53be820a81102d4e26d0de598e1e107a4441448bb8185b2831ccb7507d21b27641f42abef769dc

Download Submit
/data/data/com.skt.nugu.apollo/files/.com.google.firebase.crashlytics.files.v2:com.skt.nugu.apollo/open-sessions/673C8CC100C4000111A5543CAFD7EEF0/event0000000000_

Filesize
43KB

MD5
62695cd61b01c8a7c6fdc1f14b9f0531

SHA1
5394364b449abe658a88aa9d10fc8bc43ca47698

SHA256
3614ca4ae97a3e5180731f8cba2f999b9b2c2c0041a78d43538e47986f501c85

SHA512
8f3b916b28a92a2a5d66dad80b862f8b0c2b1b32c92535adf7952f13b8aeafdeb79dd27e8b28895e33feb1f7daed1c25ddad69e54886ff5ae2e10bf807b7a580

Download Submit
/data/data/com.skt.nugu.apollo/files/.com.google.firebase.crashlytics.files.v2:com.skt.nugu.apollo/open-sessions/673C8CC100C4000111A5543CAFD7EEF0/report

Filesize
753B

MD5
f92c81ee3ba1a0ab927c1276785a819d

SHA1
620bb4186d91f4072eeb8cc883223e52457a4ac6

SHA256
1ac3964b9e57a697ebc28c49c2fc37897bfe9e75e10770025d7d947c1fd92e60

SHA512
a7060f415bbbdc575cbd46616907f68d81478b2e0b7b1b317b0272788e300ce68bf4eb999468dca2e32fb0af38573694d494ccbba7fb5d992b14896a0967afba

Download Submit
/data/data/com.skt.nugu.apollo/files/.com.google.firebase.crashlytics.files.v2:com.skt.nugu.apollo/open-sessions/673C8CC20374000211A5543CAFD7EEF0/report

Filesize
753B

MD5
c6b3e320afdfb159f23e9a4f6a1bf30e

SHA1
c3f2204100105c6e69d4603c3c4328266caff3ad

SHA256
f3ff76e6769a960ce1f14a1e1576fc4bac2ca95b496eaafb983dc93517621d1e

SHA512
4d4f4e6371923937b2aabe8c1b5b78feac9850944aa24b6207c89e509354208e47c3544776f8aeb0834802db0b2df5320d82d52eae98c2b26a4b65da6a3aa216

Download Submit
/data/data/com.skt.nugu.apollo/files/.com.google.firebase.crashlytics.files.v2:com.skt.nugu.apollo/priority-reports/673C8CC100C4000111A5543CAFD7EEF0

Filesize
44KB

MD5
74e7db7d6aaad4f177f60cffe3fd7754

SHA1
dfdbb67dfe80f582caffa9b3a6cc8cf2aa1c0d56

SHA256
3d5da05a0540660d4cc36c5fee1fe3d4e34765f81da477a1eae5ba75803633d0

SHA512
c4bde266314a881559acd8883e67716d7ee44cb733d2948731890abf653ec693f9ff72166d9424e6ddedc0c2e0980f274203f98282003be69748ad7406946d6f

Download Submit
/data/data/com.skt.nugu.apollo/files/PersistedInstallation3962298668458461576tmp

Filesize
566B

MD5
eb1499f809bdbda0176c22416687ac33

SHA1
1edefcca43a8501a895908615199e7f3bc0b7eab

SHA256
2cefb7e63fea364a25ab91de6c5b706e5feeb352d873b5ad8667ff589cdf1fa5

SHA512
78b798435d779be1525347e66b2428a4f505438d4caa61cb84a9e8b6fc537ca65db4a31e4869d7dddbfde381e5c46eb23159255bd9528af0dc546c5ce6645fe8

Download Submit
/data/data/com.skt.nugu.apollo/files/PersistedInstallation4925569424491198709tmp

Filesize
90B

MD5
a31c700524802d7dd3259b12af7e9095

SHA1
460681381fdbed46dc91b94b3862a10690298af1

SHA256
e242f1b0467febe2d5efea2985436ade7ef5fe445b54590d339f4b99368a4015

SHA512
73d8cd26c2fcc3b9163f4fcf00f3311099ee8ba1d7457f6fa4fe01450b0c6d198e6df0ea1221419a9c41b20b6e784428262aae8a29a433c3493a27eccbb61b3a

Download Submit
/system_ext/framework/androidx.window.sidecar.jar

Filesize
12KB

MD5
bdf3529e80318eb14e53a5bf3720c10d

SHA1
25c9ace4b1af6e80ebb2572345972c56505969ba

SHA256
bbc8300dd1e9cd08de8f66560c1ac2c928615b72b51cef9649f88974f586d64b

SHA512
48b9c2d01171bb651b9b54826baa51f4add48431a3efd8ceb5f7cc3bcd6f8f37edf47fabb24349dd15b3a02329cd450f90a8d164bf4f8dfae554bf3b35a8a55b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads