3e2a43d7889e7ed0c54c926c76978fb0e3785418c375c4e85c6aa43d6ba2165c

Analysis

max time kernel
124s
max time network
155s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
20-11-2024 02:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4928c563dc610a7c968f697e4ebcda9a441d94a4abd5013c38dfa8e8b62cc4f5.apk
Size

88.7MB
MD5

0e6b33ba825b5e5ce5e2caa03727cd1f
SHA1

0c2574193c88c35bfa70203f5bdcb73989683b94
SHA256

4928c563dc610a7c968f697e4ebcda9a441d94a4abd5013c38dfa8e8b62cc4f5
SHA512

d0f61b8f2f2b61cdf29026320d403ef96b6947dd6941d1d4b95885740880131215abd9bd19ea8b9a451b719ec3eb725afdd1e9fcfee2c3a9623da7975ec00441
SSDEEP

1572864:Ay/UiFkHpKS01NL4iasXbSyaYdtUvkXQ1eYJnrHAFbPlPv5hA+1:Ay/UiFD1No3lLAVPlPR

Score

8^/10

discovery evasion

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	ch.admin.babs.alertswiss
/system/xbin/su	ch.admin.babs.alertswiss

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ch.admin.babs.alertswiss

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	ch.admin.babs.alertswiss

Checks the presence of a debugger
evasion

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	ch.admin.babs.alertswiss

ch.admin.babs.alertswiss
1⤵
- Checks if the Android device is rooted.
- Acquires the wake lock
- Queries information about active data network
- Checks memory information
PID:4972

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ch.admin.babs.alertswiss/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
01e9b77dd78ca2bcd94982308b988ba0

SHA1
98fabb3f977aa63c91fc25ee44142ea00c21d29e

SHA256
721a79915d94ffc75e73c4c8ba456299ce8c18ab44da56ead5358035039b108c

SHA512
9bb3cae4b84f6f22c150bd416bb5f7fb8422256b16266964661b963faa2ebbf67d3d14e7c8d6fced737a004027367b76831c2dec40f2f97d301522c9ea18ffa6

Download Submit
/data/data/ch.admin.babs.alertswiss/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
3b96a611973bcab676108996d45583d3

SHA1
3a590fb85086fbf2736665d5e3460c925aae009f

SHA256
ecb0137a3ab5099b58765b0edbbf5115639f954a20c8997e17345b45d9624f21

SHA512
3a7afb1df03cce0cd5d203b2bb59bab398e3b20a5a719c30873b2dd9ef349413ba415f1dfb6c5b0b81d0da44f1f2dfc28b4cd035a907c00ed22e12f9bc3ac7cd

Download Submit
/data/data/ch.admin.babs.alertswiss/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
0d7384ebd93951bff7bcc14edfe71957

SHA1
4fb9d81c26991e2f367423cc0a62842fa13fc3f4

SHA256
3972b51598cdbd055701e876e5c3aa34c4b3d4cf10c17936fbc5faad3230eacc

SHA512
16bc1175e038fd99c10bfefd9b708743a5ecf69ad4ac427a7bab9abd1d4a9df1751cbbd9df15dd36de8161704fa4b585486ba13b12e6d6573365af7fcb364c62

Download Submit
/data/data/ch.admin.babs.alertswiss/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
8b599da1204bb68219b890fe43105cf8

SHA1
89d2a15fb4e7c0bc7214a407404befb4cacc1ceb

SHA256
7de15e4342de9c7a77486eedd7193d959c6dddebbc18440dfef2b238a70206aa

SHA512
df8ab168baa1c9623d5c75c604e205933653a02df9a1854433babb60c10d56fd21d97fbb3c5e6ce4094d1e545dd0b5958c495ebef61b923079995e09a902d14e

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/com.crashlytics.settings.json

Filesize
720B

MD5
d2994be13ea92d7ad8eb24807c8d0eb3

SHA1
3ca2ac54391e18d7c5edc5c129aba627c6fbb15a

SHA256
9137127365e8d2a536e2e0e34961c316c52987785748400121cc59e9c6e6b7f3

SHA512
0498da6acfc9416be40f68f6d09b27575389052cac8e7045cd5d6f7ffbcc119982aa75c8acc36c39dbd974149b25daa72a82e52f5a555d8c199ad40aa8b9dac3

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/673D42D0019E0001136CA4D834EAA55C/keys

Filesize
21B

MD5
49e64ef8012d9c9a06ac1f893a2f46b3

SHA1
52fe056b2e71b407952f54f7382d3fc99869da1a

SHA256
7d4be3b1f3e4391d3d5397b1083f639cb429360b9c43efad38fb03143d4f3e42

SHA512
f2f0fd7d38e49a4bb4d89a34768704e61ad5a383c82e539c9d8b79de2c70c63370602352ceae2acb20705337f043e1414348191dfc3603c72b723dcbf64c14eb

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/673D42D0019E0001136CA4D834EAA55C/native/app.json

Filesize
227B

MD5
b519e9c9138df70d7687c663ceafe810

SHA1
cb2eee2bb782ef0136f043ff8229fd4c2ee81db6

SHA256
54516db672b0950b3aab20f7d7741d662f7e15653464f6e2379efb780feb4ba9

SHA512
a48ea204d15cdc1ccaa37cabc8639e53ddb8e9a10b59e461ab7c4cab48ef77272e93af421f568bce29ad77f86e994768524bdd3d1cb9b73d87f2f84f4f82761d

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/673D42D0019E0001136CA4D834EAA55C/native/device.json

Filesize
193B

MD5
3a6bb8dcb43d7f984d56a5b290be45da

SHA1
f7af396cfcd7bfa8b04bce9d7c8c556351a8d1dc

SHA256
8fe0820203eb820d7fa4b437c4582c2925f912d02665db7106ca3781c23afd0f

SHA512
be0b2a78c58dcdd5ae0760d657b6db07be69a6d4211d8246d6fbe80d5aad3ded6126fb3eaedeca11f6f2fe25abeb5cfdf576aaed03009c68fc91b0805a0dbf1c

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/673D42D0019E0001136CA4D834EAA55C/native/os.json

Filesize
55B

MD5
5caea4b68c57072f7f52a5a41720566c

SHA1
4d9712f1702c7238949da43f7d8ae6efb233a666

SHA256
3223857b618b924c2b0fbc7bfb373a1aacf300a7b5ab585e18fffcf19039f363

SHA512
fe1455d21c521aeae3292bdcc386f6d2005dc253930c03e44dbcb972f96b849670d2aba039ea59e1a5ebc0350e6315151d17bcda55c161a62987d4bb01e91f9f

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/673D42D0019E0001136CA4D834EAA55C/native/session.json

Filesize
127B

MD5
e48eaf74b2514bcd5947a729e9771bb4

SHA1
5fe0e840f0a15899524eed16fb0862092a9f94ce

SHA256
39629cff55d290f1834e80797024caab6942a9b4f3b662bd0b8cc1840441d468

SHA512
8d7903614c11680a1b09156ea97bc20247d1ac0b37ffc4a1548b38b8d7f270d9f219a8deaddc9febd197eb49007e99f3e3c5bb854488016fb447efade752d891

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/673D42D0019E0001136CA4D834EAA55C/report

Filesize
754B

MD5
c600fd94e7dad1a2f54368809111e8a0

SHA1
af95457dfa2e3848a0b6c46e33129cf560659058

SHA256
282dd8678b987167c5be1def8f2e54d461754ec280b82488d9d8d905e3519503

SHA512
d38f8b229a8e885b9207b3574d694f59f1224286dd86749f8f8b7eaf15ec69380b655ba1696732e2d61ad96ffd26cef0002de81f17e7a6a825e5ca498e9fd119

Download Submit
/data/data/ch.admin.babs.alertswiss/files/PersistedInstallation2609808828081300616tmp

Filesize
561B

MD5
061aab9dbae06bf906cf6ddc3d407b8b

SHA1
8e489d96797f16e434e66f69d6f95ad369e7d64e

SHA256
03edac76b59f6c172437dbddad6de3be57714442f7695eb47fd603f12abce8b6

SHA512
e27f9cbed26a0ccc76aaa2cecf929573d2902ca86f02ff0478545c31d2094da65f686fc722381c9d427e2ad04075327853909074c8648d8215c2701d447723b8

Download Submit
/data/data/ch.admin.babs.alertswiss/files/PersistedInstallation470295131816640158tmp

Filesize
90B

MD5
072c19d6026d7eee26a87de14b40fabd

SHA1
2de9f476751b59296543de08e4ec094ec1aacc94

SHA256
12c1484e17780254ce6fa42bf45d6e712411f8ae92d3b8f7aa376a2e0a98bdef

SHA512
803fc16c362fec92624886684ae302b3a766424b58b5c4b22f9a60079d1a1b69dd8859edb5a8cf4e78f511a6fb1f6100fed8a60108919714a49b413fa82c335c

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite

Filesize
36KB

MD5
21484a4329ca67bc6faec2127adf0887

SHA1
20e1e2bb67c5fa25f40b56647f4d7f30d018c6b7

SHA256
ad119f2ee98e8cd407e4ec70cf544421f78e5420a78698944f3c8ee722fd1cb9

SHA512
978002ff432053c0a2dc24af7f32116ac7ac7baec8714f18238879629f0160a79ab3d680043f00ca21b57a67298e0c773606b48b629617c6480860aa54bf9692

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
512B

MD5
ec338dd60df75b9c8c587aa8ff026549

SHA1
3d6e84bc6c16c7cd7afac40a201ef6e45f791282

SHA256
12190b2f4f67cde2c200e3d89d8ab7dbf9162c6de51fa9854517bbf7c469b329

SHA512
e1bd069df2bfef5ebc915bb875c67483f19d6da69a90a64805f56a8fe0b7ac88b205e6443003c4421781feec3f25d444164b4be5397368f61325be1219a2b27c

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
8KB

MD5
c025af057f01f7ed6b61f4760ee4debd

SHA1
84f1f63c719546bf6613789467aab93697fbba2f

SHA256
9fffd4bf62f0a29045923eb6f0377853545a8de82c6bf104839ee39dfb049ab6

SHA512
254951ec3f9ac2f2de5fd19f6d14ff32af929dba4226586e29655815e8cd1e4a2bd2436d40341cf4f35b4a4e276dfdd33ec348fe3c52a5f12c960c11c80de4cc

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
4KB

MD5
308d490968ef2eb948aaf18a4ac023e6

SHA1
dd465d62d0725651fae512d4053ff081e6a85637

SHA256
cc18363401c198bb4b73296d898ec32d08d8a62426b6816515bafbf9950ad5ef

SHA512
8362284b99ba3d4725a17d7052e800d8633cd3eed82390f25ac2f9ae9ecc6299166d35bf9867ae50f0781b3498cd6223982501ce306bc3727b81e3c2da57719b

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
4KB

MD5
b160ca5a4c1cc934c775189a58c0902c

SHA1
1eb87f58b065cdf95042ba39c65c8e6d45e2dcc9

SHA256
64a5ee58a0dd7b7e11fef974e16d1fec6bd5345d50723f4d4345ac1a9642bed3

SHA512
abbeca8978947e901520a6b7f993e65986a2abc4c7f562232d99d3c6a83bbb2bbc28a48175aac795b571f5a3d689b325cbdab23c684661c2fe97049c2bf29ae8

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
8KB

MD5
be8832e2e521264961b32940e1c7e370

SHA1
c326705e2d0736149e72d1f4dafe987011dc4a93

SHA256
28171dac5c73ac8066ab2c966ab3002454a1db88f96e5f9e035ef9ec784b95b3

SHA512
d998d4163375dd095b4947cfb88512731ab6d66d16cf1b5f7e8a1c868af9850c60f9185d7877da029c42bd8636ad7078c8dc5191bdd4aeb07dfb8f24ab20308e

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
8KB

MD5
be3bc0822f577dfe9383083000125ed1

SHA1
85705335c4fcf32b7a474bd161307d6363bcd399

SHA256
461bf46aeb2074ecefd2818172de2c7b01ed1d3cfd6eac7bb55a4283bf01ac59

SHA512
16d9b67289e76306f2f040137289fe7fd976eb7d07967d109bf07b6283b8d6372fccd5e582efa4b9f4e584fd5b8f3c888f918e647c45f294ceb29078828fc5ed

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/dataManager.db

Filesize
8KB

MD5
2185fc1696822582cf40677699db12ac

SHA1
37b27c7674e066e789b3e3e302ae2eaabfda755c

SHA256
73a4459cc764c98c4f03b1be47420f9d1f48ba9d8cfb39af633b53194432e7dd

SHA512
4c2249fb1b0bb52001c1ce8dd18889046ad21d6f9f2f6f690482b4afce3adae7253e1af0bec97cce8fa8e7c745a20eed2638916a502ec159aedd8ac0dbb4c732

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/dataManager.db-journal

Filesize
512B

MD5
90bf35d6ba03cae57822f7090502e41a

SHA1
96cd9d7ea9e4ba35f2ac052924da76a8c22b4d59

SHA256
769dd968e38dbe6ba06db255066e461857a326f76eedb5e6712091f601510639

SHA512
0b97d502c15d8b24b28714dbcf53b9b3a91a3db73ecaa52d5bf0370f1a6817734d9bba68af2aff4c0d60e1684a8b705b8c0120359bf85430b51c33a861f26568

Download Submit
/data/data/ch.admin.babs.alertswiss/files/tmpDB

Filesize
292KB

MD5
2601b84c694dfaf0235f6bc903fa61d7

SHA1
f550223c50408a04eb723422af2b36b192537015

SHA256
64eac3d94357b1af560382adeaccd1255aa21283cdb49452dca1dd83a400c704

SHA512
c4b1b20bc2ef61da79cee35951607203e6ae069c900b15a07b670a42ba9dfd83342120915d07c6737f8d06db3a21865c068b0df7a62f13baba0dd5f2caf058fc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads