3e2a43d7889e7ed0c54c926c76978fb0e3785418c375c4e85c6aa43d6ba2165c

Analysis

max time kernel
124s
max time network
156s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
20-11-2024 01:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4928c563dc610a7c968f697e4ebcda9a441d94a4abd5013c38dfa8e8b62cc4f5.apk
Size

88.7MB
MD5

0e6b33ba825b5e5ce5e2caa03727cd1f
SHA1

0c2574193c88c35bfa70203f5bdcb73989683b94
SHA256

4928c563dc610a7c968f697e4ebcda9a441d94a4abd5013c38dfa8e8b62cc4f5
SHA512

d0f61b8f2f2b61cdf29026320d403ef96b6947dd6941d1d4b95885740880131215abd9bd19ea8b9a451b719ec3eb725afdd1e9fcfee2c3a9623da7975ec00441
SSDEEP

1572864:Ay/UiFkHpKS01NL4iasXbSyaYdtUvkXQ1eYJnrHAFbPlPv5hA+1:Ay/UiFD1No3lLAVPlPR

Score

8^/10

discovery evasion

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	ch.admin.babs.alertswiss
/system/xbin/su	ch.admin.babs.alertswiss

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ch.admin.babs.alertswiss

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	ch.admin.babs.alertswiss

Checks the presence of a debugger
evasion

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	ch.admin.babs.alertswiss

ch.admin.babs.alertswiss
1⤵
- Checks if the Android device is rooted.
- Acquires the wake lock
- Queries information about active data network
- Checks memory information
PID:5075

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ch.admin.babs.alertswiss/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
438b0e60f9e1039c9eaff3a4c136bd72

SHA1
40d05679403b0b86376e0d87ee00b877e5872f6d

SHA256
12bc07b89f9fc8f7c9d3b6aa500c4379cef860448a4dcc3c27bde27fb1b1cb63

SHA512
f167a994e0d5b4e2b6ae72d249c12ee1d02e5e72790721b72a366de7c007e39ae83acc70910ccd21a1430856ca00a4ac9492d60e789bc4af841b618478a049e5

Download Submit
/data/data/ch.admin.babs.alertswiss/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
4fe868afc4b138601dc5edb51250905d

SHA1
ac4f80b9ce5770096f5d2e9a9828de204c506461

SHA256
7181401e3bc8eb8de2fc1ac4bdb4daf2c6c09712576496972566d3abebee42b5

SHA512
c5a478c33b4ee0c3f44002b60c47551a330d5571f650c778ccbb06b72f9bea8eda072d1ed01dae73f4623be556dc1498e2ba0e42357d02904a14eea80b0366bd

Download Submit
/data/data/ch.admin.babs.alertswiss/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
07f3a62e7636e8387662530062d04b1d

SHA1
5aee91d760b9cfae77b2d4a07f1126aa889ca1d8

SHA256
51b49337dadb407c86b6261f1da016eda97781f95426fd9f5b7d2203e94dbc4b

SHA512
9ebabd3237987c12903536b11715b101f97625db5391d45503476cbcc5c7834a17aae07fada90cc442b52f0fa0a2c78bf9bf8c95369651177596e5618600b1c0

Download Submit
/data/data/ch.admin.babs.alertswiss/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
adc4eb54de2e1173614ac5554bce643f

SHA1
5ed5e92ea2f9bf8517923c10d1118f45f54b1a84

SHA256
c1f0d85e44612a4609612e5563ebc2fb22a5b054e115848ab7380f406be626fe

SHA512
2a3f8d4ef2aadd51f403f19ac54676d9557b0c17c89fe60f0e3a225ba2a36728eef56d1ffe66fe9416e0efa644afb51e636f4d9e148ed97543d3de9287f637c8

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/com.crashlytics.settings.json

Filesize
720B

MD5
f69f506e8a30658aceb366afbde9e2fd

SHA1
ba246eda33336bffd1f39398336d5d8007d09615

SHA256
cdab05b3cdee2ab41a1964ffa3bb458efa6c307eccd5fb9c8381ba4f75dc1d23

SHA512
401d3522d2c776f037e9316748c7ac43942f8437528e0344fcd11fd375b79c81e8874ab6c032c7f258fc3dd2a31dc67ce28b798b7e54bd2cae38442ade2d957e

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/673D41D70270000113D3E6966AE3538B/keys

Filesize
21B

MD5
49e64ef8012d9c9a06ac1f893a2f46b3

SHA1
52fe056b2e71b407952f54f7382d3fc99869da1a

SHA256
7d4be3b1f3e4391d3d5397b1083f639cb429360b9c43efad38fb03143d4f3e42

SHA512
f2f0fd7d38e49a4bb4d89a34768704e61ad5a383c82e539c9d8b79de2c70c63370602352ceae2acb20705337f043e1414348191dfc3603c72b723dcbf64c14eb

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/673D41D70270000113D3E6966AE3538B/native/app.json

Filesize
227B

MD5
59a2c455ccb73480e3640374f84911e6

SHA1
f4bb8db17b40e020732386247bd37a57a7990914

SHA256
566b82c01f2305828321bdac5d7c944ca2b808f3fdab415d41fdd811ebe21502

SHA512
09db68ff9daac7b7b882397c818c5f2eb98f14bd730745e7e908bd4ddbc014fbf1d177e989443f555fccd0bf1806764045159c13add22539c5310c63c2d76acd

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/673D41D70270000113D3E6966AE3538B/native/device.json

Filesize
193B

MD5
3a6bb8dcb43d7f984d56a5b290be45da

SHA1
f7af396cfcd7bfa8b04bce9d7c8c556351a8d1dc

SHA256
8fe0820203eb820d7fa4b437c4582c2925f912d02665db7106ca3781c23afd0f

SHA512
be0b2a78c58dcdd5ae0760d657b6db07be69a6d4211d8246d6fbe80d5aad3ded6126fb3eaedeca11f6f2fe25abeb5cfdf576aaed03009c68fc91b0805a0dbf1c

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/673D41D70270000113D3E6966AE3538B/native/os.json

Filesize
55B

MD5
5caea4b68c57072f7f52a5a41720566c

SHA1
4d9712f1702c7238949da43f7d8ae6efb233a666

SHA256
3223857b618b924c2b0fbc7bfb373a1aacf300a7b5ab585e18fffcf19039f363

SHA512
fe1455d21c521aeae3292bdcc386f6d2005dc253930c03e44dbcb972f96b849670d2aba039ea59e1a5ebc0350e6315151d17bcda55c161a62987d4bb01e91f9f

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/673D41D70270000113D3E6966AE3538B/native/session.json

Filesize
127B

MD5
ac1da0ce9c52d5fa7ff4fbbb4b854106

SHA1
ef7135e4193ba0d7080dae51db30b53cdff71219

SHA256
c15c1613e1fb833cdb0d571c05cd9af0a26a9c7d1bf7fa1ae320e4cac60dad14

SHA512
9802d700f1006cb9b65e4ffd2d81ef5bbf5d40138d5294e6f75afdf589fbec1ee697f0d688814696c917fb71d15af2a7ac1260e36d3623baa464eb0322d2a917

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/673D41D70270000113D3E6966AE3538B/report

Filesize
754B

MD5
9a82ef49b64883f7ec93208127f3194d

SHA1
44f44824c2cb5e448101d1e5d8c478147dba8a26

SHA256
59c744e9a12dceca898feb07ac2671adde542e306e64f8c92c07949dcabc3604

SHA512
cdbee50db8eeb0d001cb96d5deb80b81309f01c4c56d50fe6787d7cfcc930ba878af42e525177a9dcf3ecd7951e5ece0378dd4c8ec2fe69490449c94eabf60a5

Download Submit
/data/data/ch.admin.babs.alertswiss/files/PersistedInstallation5787468987189634789tmp

Filesize
90B

MD5
f5adce9a8f2946ba65ea63112c4b0f33

SHA1
ba158e451ded38f9b620d3471756b9b755e1d019

SHA256
f71f401525ab7b05f3397e856bdb74f7932f00ff7fa5973b996f86ff727d4b09

SHA512
248aebb9f90406b37723507bbdd124520f464d82173d7b5f77517451cbb3675959e047fbe3290484bb9d68a3a1632d4e374ddd105ab95c91be733781ff3464c4

Download Submit
/data/data/ch.admin.babs.alertswiss/files/PersistedInstallation9222524973097006314tmp

Filesize
560B

MD5
9b07a163ee03ff72e0c292239b074379

SHA1
8093061af279b71eda073ab047cbb8cc1037dc82

SHA256
dc464237a62be5e65a08b5b3a674d16f07ec9265478e45553d8db447a0178c60

SHA512
3aee0255c849a092ed46ef7815f8984fefd16116f39e14ef2c73b0e28f9a2be1d89d250f4b193f4e66730b382ccd17f66d279f5229c7450625352e748c9ed1b4

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite

Filesize
36KB

MD5
21484a4329ca67bc6faec2127adf0887

SHA1
20e1e2bb67c5fa25f40b56647f4d7f30d018c6b7

SHA256
ad119f2ee98e8cd407e4ec70cf544421f78e5420a78698944f3c8ee722fd1cb9

SHA512
978002ff432053c0a2dc24af7f32116ac7ac7baec8714f18238879629f0160a79ab3d680043f00ca21b57a67298e0c773606b48b629617c6480860aa54bf9692

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
512B

MD5
a826fef3a247a90fd39e2846db917c82

SHA1
fc34acf2b12feb73e8d15f7997b403c28cad8bc0

SHA256
9cf9275aed010c52b27f4db1687bfa67404e2ea497491a641e07bf413c41fdad

SHA512
93b61c1116b19589d13ff7ddf1fced9109f81b0745ba119fee1e506974f0fd661178ad63b4cc57e5a6ff59c300e9bf28a242052cea713f96d521e30a89aae704

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
8KB

MD5
261a3d80d8170cae2ffcae88d5acf5e7

SHA1
750e26e8bfedac0a04e2cd9702398e31826d7dde

SHA256
70accb794ae681b2c5124211fa243e9a0fd471cb57c2a3e758275a36ad815664

SHA512
2c8482a8259d33d4333a6feb5b3083f3eaeb02521d5deefb1d1e191bc2d7b1cdecd5bd9984d2f8b7231dfe55d5c19d828f40a9aa0698c71c6bbb288168c4d33b

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
4KB

MD5
04552353e66b557fb7b63d18cd61a91e

SHA1
5155cf018e493e9d7d7d06d188fd4969e309a003

SHA256
1a884b70c0d58795df22a4aa82f1f6d4454d3f96154074a334f809dde5ffbf5b

SHA512
04243d878cff2f406168f8cb6fb80f946aca6184fb4728b0104b258f0ae97cba3b9eccf1df55fa66f2f03ac0e50e63c84aa05029a8470c568a66d9d0f9ae610f

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
4KB

MD5
a8bda6a5f802a367c5e74ec7c40461d9

SHA1
94f1f9b27a7d9ea44e6bfd9b889335275cc4179d

SHA256
f772e7a0b43a5bead0a545ffb7f712017b052208a9c4d853ceb4b0ea6fae9858

SHA512
2d4acdb8b63a6bd787ed570fe02da82e15186a8960ddd59adce5f13a7552af008493cf11a132d1f20251b9021501bab18948d9bf35e83391a62be10bb674bf9b

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
8KB

MD5
d6f1aa8fc7b987b476aa720c78d9f0de

SHA1
a0eb5ce02ded073e3594b1d88ef73f27c28304bc

SHA256
342758752178a52e453ade1e30a703cc810cdfa8eb427652bd1ec99f1ddc9d83

SHA512
50be4ad4df5df4dfab2e1f35f9e4217e2e5b9730438230b731ef465fd089286e03e649933eb332e2747d2761bc17c6286a3c8a4d7e2774629520f7dac492e5ad

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
8KB

MD5
f55a3eeed7cc6c7ad2285a8930f22a75

SHA1
67b323c1928222a1fed4604f58f9e67e2c58790b

SHA256
cc3b4a51c449e0018a432755e21c79fcf12e5d94076cd93cdb59bc063bbc5b39

SHA512
319923a6135426d7df7197ff212ba4a81a8d858cbf69cab16e252903ae3663a0e11e0e8c99ff3f5856ad763241ff5d29325f59d7d0c3ec9db4c752b74d194bc9

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/dataManager.db

Filesize
8KB

MD5
2185fc1696822582cf40677699db12ac

SHA1
37b27c7674e066e789b3e3e302ae2eaabfda755c

SHA256
73a4459cc764c98c4f03b1be47420f9d1f48ba9d8cfb39af633b53194432e7dd

SHA512
4c2249fb1b0bb52001c1ce8dd18889046ad21d6f9f2f6f690482b4afce3adae7253e1af0bec97cce8fa8e7c745a20eed2638916a502ec159aedd8ac0dbb4c732

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/dataManager.db-journal

Filesize
512B

MD5
a135a7af50430209f7702fe8021061bb

SHA1
f7a48754edd0245b1fe16578694e20cfa9ce6c70

SHA256
5369aaad42fa92a73acbbd1e2b1c0f33cc70c523ee3631f55cbcb70cde2dede6

SHA512
4e666984f90669fb625b4230055f97b360559efb333617849ce83913a020e0012cd648a9599a35141a12d4733ccd774813ea7c7f86aaf9aae1e9c16600911531

Download Submit
/data/data/ch.admin.babs.alertswiss/files/tmpDB

Filesize
292KB

MD5
2601b84c694dfaf0235f6bc903fa61d7

SHA1
f550223c50408a04eb723422af2b36b192537015

SHA256
64eac3d94357b1af560382adeaccd1255aa21283cdb49452dca1dd83a400c704

SHA512
c4b1b20bc2ef61da79cee35951607203e6ae069c900b15a07b670a42ba9dfd83342120915d07c6737f8d06db3a21865c068b0df7a62f13baba0dd5f2caf058fc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads