3e2a43d7889e7ed0c54c926c76978fb0e3785418c375c4e85c6aa43d6ba2165c

Analysis

max time kernel
124s
max time network
144s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
20-11-2024 02:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4928c563dc610a7c968f697e4ebcda9a441d94a4abd5013c38dfa8e8b62cc4f5.apk
Size

88.7MB
MD5

0e6b33ba825b5e5ce5e2caa03727cd1f
SHA1

0c2574193c88c35bfa70203f5bdcb73989683b94
SHA256

4928c563dc610a7c968f697e4ebcda9a441d94a4abd5013c38dfa8e8b62cc4f5
SHA512

d0f61b8f2f2b61cdf29026320d403ef96b6947dd6941d1d4b95885740880131215abd9bd19ea8b9a451b719ec3eb725afdd1e9fcfee2c3a9623da7975ec00441
SSDEEP

1572864:Ay/UiFkHpKS01NL4iasXbSyaYdtUvkXQ1eYJnrHAFbPlPv5hA+1:Ay/UiFD1No3lLAVPlPR

Score

8^/10

discovery evasion

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	ch.admin.babs.alertswiss
/system/xbin/su	ch.admin.babs.alertswiss

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ch.admin.babs.alertswiss

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	ch.admin.babs.alertswiss

Checks the presence of a debugger
evasion

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	ch.admin.babs.alertswiss

ch.admin.babs.alertswiss
1⤵
- Checks if the Android device is rooted.
- Acquires the wake lock
- Queries information about active data network
- Checks memory information
PID:4257

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ch.admin.babs.alertswiss/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/ch.admin.babs.alertswiss/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
dbf4cd78af608752cf00530f7be2ad8c

SHA1
9176bb91a5947cdd3eb2639d2a58b0dbd2c2be1c

SHA256
0b6a638157cc86cb3bcf72254e4ba4f8e50ace9bd1d04c52f56ad7320f5c88c6

SHA512
9a1a97f76a779f82de64bc5f81853cd013bce7583c79165f43e8cde1a061dac65505492d7849776b18d221d990690d587e2be8888c3f9fb4d3e235e25035345a

Download Submit
/data/data/ch.admin.babs.alertswiss/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/ch.admin.babs.alertswiss/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
8c613b2628eefae3fbc4f6b60f2ff8c4

SHA1
273eb1ffba773f16c11aaceb6591dace1e3f4c57

SHA256
27c0429c32fba09281e0f4aa4756919535aea230cde05fd0e3b3f226b837bef1

SHA512
50fceaa54647abdc51e46f1e922ca07dc58dea195cbbca5c7a51dfe53fe4e5e22037e2368c2c323132555909167224aea423ad953495878c6954ee1bc01d82bd

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/com.crashlytics.settings.json

Filesize
720B

MD5
5807b65c24a8c89ca488d9a1bf175a0d

SHA1
65dafe73573a11978630a9e89ee05eaa0de13be6

SHA256
a5961b0bab16d6156473ffc7bd818aea413003a4e880fc448b0f263f138e3018

SHA512
cdc6cbb424af42eab8115f97217d101898270b23c1ef8c0da9e48cd57996afbf665328bad947389ffaed23a631d44cea320358667c47e5cc85a4802cb7e658fd

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/673D42D001EC000110A1F15174EE4041/keys

Filesize
21B

MD5
49e64ef8012d9c9a06ac1f893a2f46b3

SHA1
52fe056b2e71b407952f54f7382d3fc99869da1a

SHA256
7d4be3b1f3e4391d3d5397b1083f639cb429360b9c43efad38fb03143d4f3e42

SHA512
f2f0fd7d38e49a4bb4d89a34768704e61ad5a383c82e539c9d8b79de2c70c63370602352ceae2acb20705337f043e1414348191dfc3603c72b723dcbf64c14eb

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/673D42D001EC000110A1F15174EE4041/native/app.json

Filesize
227B

MD5
04512ee32b36220bfedd715158c5a714

SHA1
27a3d465b362676d9488c64bcb7f62a43c358cd4

SHA256
3be66c45ec6943cb4624d960c41a5bc1e07c22fba6fb8d756dd6ce400154d645

SHA512
002592bab5972401319af64dbae65f429a12f8a4715e852d67afc5753db0172a6ac90f98d9caada030d7a42c4812421e756e83d7aa75b062fd9578dcc2291c49

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/673D42D001EC000110A1F15174EE4041/native/device.json

Filesize
193B

MD5
7da63ee7971f089ccedcdb4fb7bf0afa

SHA1
48dff61b1caeee036b7cb59bf6031034e6249263

SHA256
84a3bb12deb77d1f327204051d565064b402b591ed9ec76c452fec770a1fcb9d

SHA512
85a739087dcfdfb9ebc264e702b7bbe921446252596d1918f5c35d672fc3b43ee849865c383422dbd7cef377a6a9ffe76a6d512b8966af1794073f42d1ea21db

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/673D42D001EC000110A1F15174EE4041/native/os.json

Filesize
54B

MD5
93023624eb8dff5c20050da136aaae0a

SHA1
acfd1ffed752c28fb135ba83c0c6345ddf2f6995

SHA256
968bcd7c4f1abed89a09cc0e6dadd238a81e8655e64196b39a86be49ceecd39c

SHA512
bb25dfa144d3f0e17203936c503c5fedec5f9ca710e177f99e273010ba4a682199d4bda5684151d65f3cb1549f4611b3a645ce39646d3db9a1b2c17d6b160579

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/673D42D001EC000110A1F15174EE4041/native/session.json

Filesize
127B

MD5
ae807d85cc671d58abb77b4220038db5

SHA1
62e67c3b3703caf2a4ff23f751e59cf0f0db5a82

SHA256
079b6b098bb35ab01844c6677a883432cacfd334c37f5651177ea27a022d3674

SHA512
b6423a1610b06c7ff5c0ac982d5e7bbeea9b3e84ab907c3abfe1e1e727bb89fd8e61687a831d46c848514be56611a083770a56f5f75778725ef95e990f8ac68c

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/673D42D001EC000110A1F15174EE4041/report

Filesize
753B

MD5
e776a617808362f31da5213a76707626

SHA1
d5b77e4ce1907c388c5c4c802c6eabf7b815e440

SHA256
4b36800c3ff7efb6608b7a3c47615f2336c6fe0100ad4dde42f45162048aba8a

SHA512
0d98796ecfef27dee47040c530f57198311166206d02f246353073091efdeea6b16042a403adb47cc416794c87d9bce7bde271b84aeb430b50b939c8c47ba785

Download Submit
/data/data/ch.admin.babs.alertswiss/files/PersistedInstallation6228486598237437092tmp

Filesize
559B

MD5
dec1a9b6d55a49b1d64247cbfc5cb2c0

SHA1
6dddf1604e05ace1285e5dd545d1b175604d7015

SHA256
0163b8eb72e568db844594b076e4ad619ca408ef6d6cac7bc25f9d2d66372939

SHA512
807f340ba5c881a1d761ac536b05ebb0c20e467ee4ff7d4e8e06a317f5a38a46953abf935954d0c2ee79b44a13e4197e64a16132f8505484d24d3e73a9777b76

Download Submit
/data/data/ch.admin.babs.alertswiss/files/PersistedInstallation774352172535538598tmp

Filesize
90B

MD5
e8634d72bf900c012dd3e4a5934d7da9

SHA1
99134a75c95f3a54df503c838bd94f690dbecc84

SHA256
1babe2ac42b094c968830b9b954f23fbd5fdba86d7a495e5776d3b8bf022cd09

SHA512
d9ead1f82cb229ed8c1295f2b8fed8ef0174a94f4cda99dd036063f3ced13851a906baf5d5e85504146abfbfd7c07b08ebb443fbec8108f1b7a995c5ad211050

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite

Filesize
36KB

MD5
21484a4329ca67bc6faec2127adf0887

SHA1
20e1e2bb67c5fa25f40b56647f4d7f30d018c6b7

SHA256
ad119f2ee98e8cd407e4ec70cf544421f78e5420a78698944f3c8ee722fd1cb9

SHA512
978002ff432053c0a2dc24af7f32116ac7ac7baec8714f18238879629f0160a79ab3d680043f00ca21b57a67298e0c773606b48b629617c6480860aa54bf9692

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
512B

MD5
12a53007be2e75c0f15b87c6f039f5df

SHA1
9fca9370604651e550e7754e2db7b4f290743209

SHA256
b6f73662476f5e2f5c89fdcec44f973c5ff5049393fe36a7ba7b505a44190eaa

SHA512
07fd9afbb00030871d3f8991cc4ccff274ece7aa0d908511da38cf43aeb1efcd5b8e2eb81728917db7af6347e7e0938a0e2922205eb18687cede44b4263a08a6

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
8KB

MD5
631409cbf59d2f03aae5ea1dd5a5bbf7

SHA1
62c7bf173d1babc0852efce714a6cc669f4795c1

SHA256
ea1c1bc5551f98d406ea869f8e0e60123cda6bfea6a2495218bf7cc2c55d293c

SHA512
e1d5bca59adf28de64c7d06761e2ec886a995847f95bcd9a13e760792b6f378cd4cb75e57c962652bd50108e9afab910f9aa92d98910c2bb84bea6990eb86bad

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
4KB

MD5
8ba4ae5fca38349d293ddb9ca00acb1c

SHA1
dfcd9313eb47537c29ee13f64b4518961f79cedf

SHA256
628c6031c15e0237e3504f3d22444a19c2c069f521a5d2e8c1773bb9a895b5b7

SHA512
c6438b4c93dd8600ff7a936948fe93d015abff3f0e70945695a85167febe0078103095eb0a81ea2a224774af737ba54cf6ab57f8d30d73469695aee7830b8fec

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
4KB

MD5
150b6d00b5a2bffd349c8d77855d1571

SHA1
e433fc77b7cc4d5b6771b1b3f058dbb3b840b1c1

SHA256
e6630463aa22daab94a9d48db804a08b1d995cce39976a12415370a88055fb79

SHA512
8ab0b31ac15d0c8912712a10d99b31140bc33eb975f6c41fec171a3b3707d371822669813c7ac1882ae9474b0c95de3ea916b19450615637e887326e64179817

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
8KB

MD5
2b627e49cfa21179bb1356c681ed99f3

SHA1
b57d91015fc31f3b06689bbc5d3b0a8acb7c432b

SHA256
a05104f673fa3f3d41f785400f155f4fdc8d4a55e79cc8faa810f6fdb394b0e3

SHA512
cb320c2d147cbb82232a3b89176ff42785a8a5c303ecd538eac30226de16b24b0d198d5b09ec5a8a63142f5ab34465d1914dc41f738f428077daf0cdbeda7531

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
8KB

MD5
2c2cfb83d97c82b38fa66cf32fec125c

SHA1
1845903c98e09a106187009a7b3e55c4cdad2012

SHA256
c7c42a1c0e6994a1e538fe658b0aad353fb8baa7f65462e577eb5f5ac1a54814

SHA512
abed3fd144e41d45ecffb68abe0a2d2e1d5cbe7b9f1f9c4df6898b88cc4b66762f3a07fb713bc3f25e51f6669cf61a137180aba617aa49a4c2ba67220484cf94

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/dataManager.db

Filesize
8KB

MD5
2185fc1696822582cf40677699db12ac

SHA1
37b27c7674e066e789b3e3e302ae2eaabfda755c

SHA256
73a4459cc764c98c4f03b1be47420f9d1f48ba9d8cfb39af633b53194432e7dd

SHA512
4c2249fb1b0bb52001c1ce8dd18889046ad21d6f9f2f6f690482b4afce3adae7253e1af0bec97cce8fa8e7c745a20eed2638916a502ec159aedd8ac0dbb4c732

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/dataManager.db-journal

Filesize
512B

MD5
a5232bdb0a41ae2bf1d5e34e3faceb23

SHA1
8e539e2471e4bd0cd38aeb1f5092d1205bd9198b

SHA256
77429814ec303a4579b911a85ee702cc0a7b830d5988ba8b4f0e3ed1e750b113

SHA512
0cf274a5f7831f2d739ea0d272510ddc532e01208aa8a680f0a7d3d3566a52061c8da5d8cb3b3bad21cdb7ad014afda193369c99ffcc46d2747ecd3a78dbc6f3

Download Submit
/data/data/ch.admin.babs.alertswiss/files/tmpDB

Filesize
292KB

MD5
2601b84c694dfaf0235f6bc903fa61d7

SHA1
f550223c50408a04eb723422af2b36b192537015

SHA256
64eac3d94357b1af560382adeaccd1255aa21283cdb49452dca1dd83a400c704

SHA512
c4b1b20bc2ef61da79cee35951607203e6ae069c900b15a07b670a42ba9dfd83342120915d07c6737f8d06db3a21865c068b0df7a62f13baba0dd5f2caf058fc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads