f69533838fdd075dfe98d3c36b7edf4df84176dc73203f5e0a0f03227b29c566

Analysis

max time kernel
22s
max time network
157s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
20-11-2024 22:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f69533838fdd075dfe98d3c36b7edf4df84176dc73203f5e0a0f03227b29c566.apk
Size

2.2MB
MD5

cec599ff3cd1776cafc708843dae321f
SHA1

ee1abd108e160f8f2b358679a189a438a49904fb
SHA256

f69533838fdd075dfe98d3c36b7edf4df84176dc73203f5e0a0f03227b29c566
SHA512

cbb431e1f77b53abbe4197dc06ee5c2cff9f4b1860e421d6b17ed0a81b24919a50f722c9ea19df5dac144bfc970c8d156ccd73c64a4a8e7bc7b8977e1f75b59b
SSDEEP

49152:eRKKry6UNSjhGfnVdgbv1geiIIbSb5qdxIa99nygSjRcK8L:egKrFUsjhGvVcgpub5kIa8Rc/L

Score

6^/10

discovery evasion persistence

Malware Config

Signatures

Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

com.htkorsupport.android

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.htkorsupport.android
Checks the presence of a debugger
evasion
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.htkorsupport.android

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.htkorsupport.android
Checks CPU information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.htkorsupport.android

description ioc process

File opened for read /proc/cpuinfo com.htkorsupport.android
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.htkorsupport.android

description ioc process

File opened for read /proc/meminfo com.htkorsupport.android

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.htkorsupport.android

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.htkorsupport.android

description	ioc	process
File opened for read	/proc/cpuinfo	com.htkorsupport.android

description	ioc	process
File opened for read	/proc/meminfo	com.htkorsupport.android

com.htkorsupport.android
1⤵
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4336

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.htkorsupport.android/files/profileInstalled

Filesize
24B

MD5
26519035adfb715c35c02a8484d8f6f7

SHA1
41f4528096f650c994e250b0130d8421bc839c5e

SHA256
39c4332b087aaabc962c1ae0eea4c3336599bca8d3831bef0bb8ab01ce866dbd

SHA512
afc3f7377a300eb28b4a9afd11791e54a846f21eba9f7bc35f58426bfc5ce6d1303530cbdb4eda06a632735fda95fefae7f3c3dd616770b46e612fe5186986ec

Download Submit
/data/data/com.htkorsupport.android/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
617cade86787f8e57240392ad1c763c6

SHA1
23d1ab35cb582cd65a8f3cc462414698c1a56008

SHA256
8db30aab59027d0b9e1bc604445207bd374f7e463b1d1d11c80c6175b6a45dfe

SHA512
02423056fe468f0ce2fd1d3c627ff05d11fe264452a48e0aa4dc5f3f519c70dafe329a87013aefcd96585fff36e2a165b54012c395d5f99a468ee4aca91fa6cd

Download Submit
/data/misc/profiles/cur/0/com.htkorsupport.android/primary.prof

Filesize
1KB

MD5
7140b7e842ee52b25d6055b689e0bee7

SHA1
df2d38e2d0e1e494eb371475309806171a302709

SHA256
3f817e24e344db23539ec33dee3f7cc0987479e6aec909bfa86ab3c6e5af12a3

SHA512
eb084ab85a5fb2efd98f6b654527ebd2e68d409426f28d34e4a71e8705e70c18821ddee757e19c9228a7b5ba4eddb7908d8003faae1d093d5216fac20ae93240

Download Submit