3e2a43d7889e7ed0c54c926c76978fb0e3785418c375c4e85c6aa43d6ba2165c

Analysis

max time kernel
124s
max time network
144s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
20-11-2024 01:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4928c563dc610a7c968f697e4ebcda9a441d94a4abd5013c38dfa8e8b62cc4f5.apk
Size

88.7MB
MD5

0e6b33ba825b5e5ce5e2caa03727cd1f
SHA1

0c2574193c88c35bfa70203f5bdcb73989683b94
SHA256

4928c563dc610a7c968f697e4ebcda9a441d94a4abd5013c38dfa8e8b62cc4f5
SHA512

d0f61b8f2f2b61cdf29026320d403ef96b6947dd6941d1d4b95885740880131215abd9bd19ea8b9a451b719ec3eb725afdd1e9fcfee2c3a9623da7975ec00441
SSDEEP

1572864:Ay/UiFkHpKS01NL4iasXbSyaYdtUvkXQ1eYJnrHAFbPlPv5hA+1:Ay/UiFD1No3lLAVPlPR

Score

8^/10

discovery evasion

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	ch.admin.babs.alertswiss
/system/xbin/su	ch.admin.babs.alertswiss

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ch.admin.babs.alertswiss

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	ch.admin.babs.alertswiss

Checks the presence of a debugger
evasion

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	ch.admin.babs.alertswiss

ch.admin.babs.alertswiss
1⤵
- Checks if the Android device is rooted.
- Acquires the wake lock
- Queries information about active data network
- Checks memory information
PID:4250

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ch.admin.babs.alertswiss/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/ch.admin.babs.alertswiss/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
dde73d6dfce4220fd539ffe81d56b18c

SHA1
6974be6be37a2c5cb1b091d9a76d62379b972148

SHA256
486b66ef162c03e0a6e3a6bd68e753ecb44dfa92f6778c4197cc134292aaa889

SHA512
47b1fbf7c6d77c35c0859af86cfa6755e75194f58cf32146b0f6edec5b3354f907376c981bbc34a6a32b5d6c55b02c82c5e0cddb0b1a8386d88bdd86c932b8b6

Download Submit
/data/data/ch.admin.babs.alertswiss/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/ch.admin.babs.alertswiss/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
60d43146f7ffc6d439b42ebd809d0bed

SHA1
60779eb08ab5f9991e8eb764741374ee917013b8

SHA256
6494031c2d96f6964828911a3d7b2fc2bb0b27d561b3ee52c56fa58c6bb98000

SHA512
be0c871f23f743dca4f0c1c308469a3985a602b51198eb6070d6216b31f559b808512e11bc010208bf6b182bf26d788fb2a6e6b64bbf45033d0c5736acf29789

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/com.crashlytics.settings.json

Filesize
720B

MD5
a8464c2d5b2fed95d8714d20158dbb62

SHA1
51b8b5fe9e35b729a63e8709c7725840dca1cf37

SHA256
d347c8b147487fcfab8e38b8fabebff1136fba271e1e68c3a9090a51c9e55407

SHA512
0f5fc2e936a5b7a4213afe2a0002f1c3ed5d9cbe7851034cd67d93aa7dcaeb5e4c5b03656d79dee5b1b0ed71a77bc973e50a02fc914e5c927c59de1128d5a459

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/673D41D7028B0001109A6BAE6D8E860F/keys

Filesize
21B

MD5
49e64ef8012d9c9a06ac1f893a2f46b3

SHA1
52fe056b2e71b407952f54f7382d3fc99869da1a

SHA256
7d4be3b1f3e4391d3d5397b1083f639cb429360b9c43efad38fb03143d4f3e42

SHA512
f2f0fd7d38e49a4bb4d89a34768704e61ad5a383c82e539c9d8b79de2c70c63370602352ceae2acb20705337f043e1414348191dfc3603c72b723dcbf64c14eb

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/673D41D7028B0001109A6BAE6D8E860F/native/app.json

Filesize
227B

MD5
6111a9ca7fe878eb5ac65a0af481992e

SHA1
968804e9622b0c7b73ccf52a934f3e2854616194

SHA256
b37bf98e42cbb398216f7da9ba13f443da9c349b41bd0a15e2101a2d987d80bb

SHA512
b31d4d12989465725bf0427804b552766c1562b2316496efebacdb3f402ceaa6e641ce227db1bc074822fc86cff5948a38ffdc416a8934c5c9c378c929acdfa3

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/673D41D7028B0001109A6BAE6D8E860F/native/device.json

Filesize
193B

MD5
7da63ee7971f089ccedcdb4fb7bf0afa

SHA1
48dff61b1caeee036b7cb59bf6031034e6249263

SHA256
84a3bb12deb77d1f327204051d565064b402b591ed9ec76c452fec770a1fcb9d

SHA512
85a739087dcfdfb9ebc264e702b7bbe921446252596d1918f5c35d672fc3b43ee849865c383422dbd7cef377a6a9ffe76a6d512b8966af1794073f42d1ea21db

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/673D41D7028B0001109A6BAE6D8E860F/native/os.json

Filesize
54B

MD5
93023624eb8dff5c20050da136aaae0a

SHA1
acfd1ffed752c28fb135ba83c0c6345ddf2f6995

SHA256
968bcd7c4f1abed89a09cc0e6dadd238a81e8655e64196b39a86be49ceecd39c

SHA512
bb25dfa144d3f0e17203936c503c5fedec5f9ca710e177f99e273010ba4a682199d4bda5684151d65f3cb1549f4611b3a645ce39646d3db9a1b2c17d6b160579

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/673D41D7028B0001109A6BAE6D8E860F/native/session.json

Filesize
127B

MD5
5148c8a4527e3b3619d28d18152fe81b

SHA1
962123ab7727613bd33b09b5e80c51afdf2d495a

SHA256
22a4880faf162a6795c641f850cbb7ab64bcf2b0585c1e9e7fb9cc319be2bb96

SHA512
5209ed1aa6a901dfaa22472a11a978d788d5fe83e3f4f09969b09d00c1885d52eb7d22d9589d8cc6d38e4a1a7d58d924980a6d3554643b7285593a6f5d3f2d45

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/673D41D7028B0001109A6BAE6D8E860F/report

Filesize
753B

MD5
1c845b1eaa966a17fac9fa5dc53bb3e1

SHA1
5860f7152e558701465bc412ec1067dc7a7d6ec5

SHA256
6b3d1a0bc5960cb05f76b69cd9531c27f2b686f71215cea19b0ac405e4c5509b

SHA512
3e45368bf4e1228dc5c45ef8b5d3d5d69416ba7629cee309a32eb96ad8b29da52b0c4412681ac2721407a2a43ece6405146f0f99c6639a02d2bbd620a55e3367

Download Submit
/data/data/ch.admin.babs.alertswiss/files/PersistedInstallation3807881325133639832tmp

Filesize
561B

MD5
5d0736de0aebf746de17d651fbdd9bbd

SHA1
2f17634ba7f0c83fd63e25390458935e8c139ca9

SHA256
cc6dc36889c074a9188fca604377da7865bccd187e3b6b967a1998986c538d7a

SHA512
45f535ba6b63f4f4e63c76a6083b16583a3970c2c655118eb4d53f0862f4804f62f64965a9b622776f520db6d0cb883eae0ce5794b26f4ca9f7ab159ca764ffb

Download Submit
/data/data/ch.admin.babs.alertswiss/files/PersistedInstallation5956022348305859881tmp

Filesize
90B

MD5
411b495eba258bbdebf4b760673f0c77

SHA1
9c4ea16dca9d6bb360318c1fcefb30e86099fd48

SHA256
2ace8bee66addf447813e7604c51916f80d0ce57231abd530ee377ee9a1bac4d

SHA512
e5720315fbb0d3ebcf8c31124547d332e24177865c8f1c40f9f93bea552a705ddbeb66f653e35ed72879f17249868026d3f1d1e0866eebee3a1387ee995eb3d9

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite

Filesize
36KB

MD5
21484a4329ca67bc6faec2127adf0887

SHA1
20e1e2bb67c5fa25f40b56647f4d7f30d018c6b7

SHA256
ad119f2ee98e8cd407e4ec70cf544421f78e5420a78698944f3c8ee722fd1cb9

SHA512
978002ff432053c0a2dc24af7f32116ac7ac7baec8714f18238879629f0160a79ab3d680043f00ca21b57a67298e0c773606b48b629617c6480860aa54bf9692

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
512B

MD5
3b022a4ec7786a4082a27b8be9d8710b

SHA1
80061c293b34d3c3032565cba674d1ef92b0b9be

SHA256
4b9fce5b9b2707c121bcfd6ef3371c0948973c1b1ecfd64482409be53e6ed4b0

SHA512
0be1d2d8de8909d70d94c01b7b13bd61ab9e4a8367cdc47c1bf13206c494801295fdd675ec12989f5f1ec13930f23b0a99a44d81142649cc1ffbd5ab0fd49332

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
8KB

MD5
b2c5d6119a0582034b3e5907fef9543a

SHA1
f7b5be19037c9ae062c574fce99c290b6c5cf4a1

SHA256
7f71fdae7f5633c688b5f82b6a892ac5d9a8a9b013001428cd447f36926d3321

SHA512
7a366ecfa7df37d2b532ee57a8c85b514fa7d7db09ea955f578f62ed5ffa6be3fe9a3945cdd3a7139d959f8adaa78a798da8b4c41108fb5f2d6c54f098d88f1b

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
4KB

MD5
d5faca329e0fa5d5a1b91b17f0b026e8

SHA1
30ca3b4f433757f9e8e3291be919ba9543b28fb9

SHA256
4ba6ef47590d180dccbc1a3b9858341fc36430d526e2b1eb8f982db0187aff15

SHA512
4ed459516f23775d00b418ea33d66671432c486f3b2dbcaad318c1b22042bf8da5109ad8d1b0d623acb491895325991247b2ee338a9bbb0df33296c9ffd29bef

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
4KB

MD5
5df47d8035c1360d7f6ccbda5c53d8b0

SHA1
e83c05a93f4db901235da7f9af0554b8300a81a4

SHA256
542a790c70b3f42caf14a2132b123c4e87f7eb8b78493e22f1bbdbcc7372fef7

SHA512
dae2f7656bc5bf7afd97e22add3ed178b341fe241c600599fd0c1da33016310ac4e6f272245237e3f22ebc9807dbef709acf9bbd2595a3c9aa30af4de2ee9e04

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
8KB

MD5
9c408bd46f9fa3b74934460c6c3d2340

SHA1
9e11195a3966ba03567e324882620a0f6433aedd

SHA256
b9068f648f3390f8b121af713875121f8d1ac27467229fa1dba8bf998b8ef3e3

SHA512
ee88b710fe38887db2bbcf803d442e8284f25492ff6113263de92ce3817667cc05bfb0aa1470cd5d5b8f65d92f64720c3ff6f6580682901ded7beefb6a646815

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
8KB

MD5
ee0a2b534e1c1dd7b7b4bea835b98072

SHA1
5c9de44b350f00e6cb6d38475c343e83e368b444

SHA256
1c8147a904b94d8ed1a0a2789b032db30f12c9471f1c0e356d3e83453a7e0fd8

SHA512
0bb2e0cb485ccf6a97ff578c5d2c189e7d4232d942b4be9425c8f477acf28a21a0a04f9641e0fcbd9a490445c164d1e331bc07ce70d4458356a8095b8b34ef21

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/dataManager.db

Filesize
8KB

MD5
2185fc1696822582cf40677699db12ac

SHA1
37b27c7674e066e789b3e3e302ae2eaabfda755c

SHA256
73a4459cc764c98c4f03b1be47420f9d1f48ba9d8cfb39af633b53194432e7dd

SHA512
4c2249fb1b0bb52001c1ce8dd18889046ad21d6f9f2f6f690482b4afce3adae7253e1af0bec97cce8fa8e7c745a20eed2638916a502ec159aedd8ac0dbb4c732

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/dataManager.db-journal

Filesize
512B

MD5
8f1535e8808a76f3adec13e9bcfd0054

SHA1
e8f09457b460062bfaf073b7f6b8b6e95213120b

SHA256
268aa83f00493596a4e4e6a8347fb4647c9a7790fa7dca4d86e236b731b5ec83

SHA512
c1b23ad6d4100fe0e556e879a8a6a9dd0121d33c4a1aad39e86e298fea54a2512d86f0f44488d415e0b9efbfa3239afff1e28e03d76427ecc9db15abe2eef43f

Download Submit
/data/data/ch.admin.babs.alertswiss/files/tmpDB

Filesize
292KB

MD5
2601b84c694dfaf0235f6bc903fa61d7

SHA1
f550223c50408a04eb723422af2b36b192537015

SHA256
64eac3d94357b1af560382adeaccd1255aa21283cdb49452dca1dd83a400c704

SHA512
c4b1b20bc2ef61da79cee35951607203e6ae069c900b15a07b670a42ba9dfd83342120915d07c6737f8d06db3a21865c068b0df7a62f13baba0dd5f2caf058fc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads