3e2a43d7889e7ed0c54c926c76978fb0e3785418c375c4e85c6aa43d6ba2165c

Analysis

max time kernel
124s
max time network
156s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
20/11/2024, 03:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4928c563dc610a7c968f697e4ebcda9a441d94a4abd5013c38dfa8e8b62cc4f5.apk
Size

88.7MB
MD5

0e6b33ba825b5e5ce5e2caa03727cd1f
SHA1

0c2574193c88c35bfa70203f5bdcb73989683b94
SHA256

4928c563dc610a7c968f697e4ebcda9a441d94a4abd5013c38dfa8e8b62cc4f5
SHA512

d0f61b8f2f2b61cdf29026320d403ef96b6947dd6941d1d4b95885740880131215abd9bd19ea8b9a451b719ec3eb725afdd1e9fcfee2c3a9623da7975ec00441
SSDEEP

1572864:Ay/UiFkHpKS01NL4iasXbSyaYdtUvkXQ1eYJnrHAFbPlPv5hA+1:Ay/UiFD1No3lLAVPlPR

Score

8^/10

discovery evasion

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	ch.admin.babs.alertswiss
/system/xbin/su	ch.admin.babs.alertswiss

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ch.admin.babs.alertswiss

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	ch.admin.babs.alertswiss

Checks the presence of a debugger
evasion

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	ch.admin.babs.alertswiss

ch.admin.babs.alertswiss
1⤵
- Checks if the Android device is rooted.
- Acquires the wake lock
- Queries information about active data network
- Checks memory information
PID:5074

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ch.admin.babs.alertswiss/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
f1355c3bb7678fccd381b141f8609eff

SHA1
7824a86e83db84ac042829034f21929063dc7379

SHA256
07f2beb2ee96bf74b8bed826a104cc05aa7df59f541c2d3319ce40b657f77421

SHA512
a5380bb2f3fb5a52a8dd7902bf263cd9367d3f6f8f984bcde480085a5f52819cdb431f72f2e948863dce40545b2a9948abc37ae3d84554711630ae2302887da4

Download Submit
/data/data/ch.admin.babs.alertswiss/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
af9d1ee56970b432ccffaad3d3018262

SHA1
fa398fe5d5c095af36193d433c463d246817b775

SHA256
cee83eecad88449240b1128430f08030ed620266b2cfbac2f80ac8b78af37e19

SHA512
3532285cb22bad0350783b8f708a0c93e6426f87a9981170867ae38d991809ee42bfa13a89ede28950ad54a9ed7d4b3eae721050ffe39565010454c14ba5afad

Download Submit
/data/data/ch.admin.babs.alertswiss/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
a9b5bb2e270a929928de5950af02fdd8

SHA1
499c53d4455b618773f02ef78bc5f3994bcf1a1c

SHA256
533cc07220e74721f64907c101891259a637d3dcc9fb23d0e2aba3e07e27b7e6

SHA512
f8c43a957980acde7399c158f83732e051538e51ac5ed12a3581370bda734c8661b62869cb754d1198bbccdf065a4bc035113de535117f75bb8915b3a94a6ca8

Download Submit
/data/data/ch.admin.babs.alertswiss/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
e6904a014e6c66ed52be2b35962c1242

SHA1
5f111057960cfaa5aae09d5198decabf53a16c4e

SHA256
c6c628895c0b8cf6063ce9304bd129e03c07acdc193728d542f4621100bece1c

SHA512
cd2fe777971e78dfa3bcd6c1372056421b0cc9c9f58a6e4c950b93d9eda2a5a841c691ae6341ab067dc1f6ffad86070d7f591686280f92c24a65b1d36f42c56e

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/com.crashlytics.settings.json

Filesize
720B

MD5
45d8e4951ebce47d4ed47a31efddb0e9

SHA1
c2cdffea0c8910bb78f99ec3e800369df83170f7

SHA256
f418d37629fb7e4acb47a1d1910289b36066c11ec37e929ce0815de64f6d2953

SHA512
30bde5fa551a4942cff9b281b6da638503530fc4a83ab38ca6290196c0d4ea54ec7448fdd2a0e9a4c8fd4e1694441edc9119baf3b99a1d7be0e59d692222480e

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/673D56B401A3000113D2C47942F6897B/keys

Filesize
21B

MD5
49e64ef8012d9c9a06ac1f893a2f46b3

SHA1
52fe056b2e71b407952f54f7382d3fc99869da1a

SHA256
7d4be3b1f3e4391d3d5397b1083f639cb429360b9c43efad38fb03143d4f3e42

SHA512
f2f0fd7d38e49a4bb4d89a34768704e61ad5a383c82e539c9d8b79de2c70c63370602352ceae2acb20705337f043e1414348191dfc3603c72b723dcbf64c14eb

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/673D56B401A3000113D2C47942F6897B/native/app.json

Filesize
227B

MD5
7328255efe044708de2f7391091fdc26

SHA1
b610805be1831106c29a8decd6cba7aad740e561

SHA256
0cf7b390c52596561941c8a5a78d08fda09525234a3145e0c69140878a4d48de

SHA512
d5e522c7cb8c7e0beb5a0c76b447180c618c8284ea2711014c8e60e025799873071b889d82dbd715e903d35a75d90ca1831aa27995492d8fc4da51050846b7c1

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/673D56B401A3000113D2C47942F6897B/native/device.json

Filesize
193B

MD5
3a6bb8dcb43d7f984d56a5b290be45da

SHA1
f7af396cfcd7bfa8b04bce9d7c8c556351a8d1dc

SHA256
8fe0820203eb820d7fa4b437c4582c2925f912d02665db7106ca3781c23afd0f

SHA512
be0b2a78c58dcdd5ae0760d657b6db07be69a6d4211d8246d6fbe80d5aad3ded6126fb3eaedeca11f6f2fe25abeb5cfdf576aaed03009c68fc91b0805a0dbf1c

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/673D56B401A3000113D2C47942F6897B/native/os.json

Filesize
55B

MD5
5caea4b68c57072f7f52a5a41720566c

SHA1
4d9712f1702c7238949da43f7d8ae6efb233a666

SHA256
3223857b618b924c2b0fbc7bfb373a1aacf300a7b5ab585e18fffcf19039f363

SHA512
fe1455d21c521aeae3292bdcc386f6d2005dc253930c03e44dbcb972f96b849670d2aba039ea59e1a5ebc0350e6315151d17bcda55c161a62987d4bb01e91f9f

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/673D56B401A3000113D2C47942F6897B/native/session.json

Filesize
127B

MD5
2175f07165c8515c862d8f8e7c2da01f

SHA1
28a671d34d24de267581671ba899da506d3571c1

SHA256
c6af668f0233de14127e84cb686f07a01f03b2e2f163d5cf32354613afe606ac

SHA512
16d749df81dc8e580b2a05a92135e183b8c29e8fa564324e0581c1f5b4508134c87528c493c3d1f338b1d9cae65a90cb0ed71bd40b5120b86963b78084e8b453

Download Submit
/data/data/ch.admin.babs.alertswiss/files/.com.google.firebase.crashlytics.files.v2:ch.admin.babs.alertswiss/open-sessions/673D56B401A3000113D2C47942F6897B/report

Filesize
754B

MD5
898bfd38870944450b1f1557995dbbbd

SHA1
b052f2eea44aaefdbe43a5578063bed9194646d0

SHA256
359ca4a41df336dd6cbd9223abe4ddd46eb0a175a1d565d7f514e7a0c1ca6425

SHA512
633a752050bd9c52345946ab91bed021094e293451a4dc02c8784f63226a27cd1fef05682fd973721522f2ad5efac70ba5e4a1aa18e1ff87514a664fdcaa370e

Download Submit
/data/data/ch.admin.babs.alertswiss/files/PersistedInstallation6396201959093150461tmp

Filesize
562B

MD5
a4436b57642960f43a407eb034c08e89

SHA1
d4a1b7bca21bf8ccafd9d49554bc8355d598e3ef

SHA256
74be9598a96a93f85f823e7a80b7d3cf3e20c207b6661f63f0dfc6a591558677

SHA512
098923a27f2b7be07559fca964c6710a30084efd09b9a3d6a80294a1b00c49d16b1a9e39c9c43d4c9ea27fffe1a7d37353ec61fe4ee5be96079dcc34d0f9c9fe

Download Submit
/data/data/ch.admin.babs.alertswiss/files/PersistedInstallation8830284218845027222tmp

Filesize
90B

MD5
c60349467a52fda937dcf4331bcd12cd

SHA1
e383432bb4e8186de8930abffac70941fd96e95e

SHA256
33ab2e3eff9e5efcf79c4d1b66540bc87e7e307ddab8417407909889857b1713

SHA512
01661a8c1dc209f5c4c7452abc20ba927e9af6f5aa807b287ff5ade4cc6ecf9d1b5ae43ab8ba43272cda7b42007006b1becad70d87898f30cf59858af97fc030

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite

Filesize
36KB

MD5
21484a4329ca67bc6faec2127adf0887

SHA1
20e1e2bb67c5fa25f40b56647f4d7f30d018c6b7

SHA256
ad119f2ee98e8cd407e4ec70cf544421f78e5420a78698944f3c8ee722fd1cb9

SHA512
978002ff432053c0a2dc24af7f32116ac7ac7baec8714f18238879629f0160a79ab3d680043f00ca21b57a67298e0c773606b48b629617c6480860aa54bf9692

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
512B

MD5
7717a0ee685d0daa94a77ad7086a7833

SHA1
b3291b3a931ebac8a0c66660cfcf82da33d79598

SHA256
5b61eccb9388cf34b60c22f3d9d61cd07fc8c56f91d12fb3cbac0450a1090338

SHA512
30a9fe1b7e461fc594182308741da52f637b16aad1933cc1864997ee3b4cf75db7ab0c531f335e634578a1d927cf0b6af8cd769127fa0f5516d2e5f380702a86

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
8KB

MD5
3f31c9b2489578ccceff6bcb553839e8

SHA1
771de7df0656b228c2bf08ca68b99d3b34a045fd

SHA256
8512cb31cab1a947cf414724ca5774d5c3532f6e2ced5b767681697049d5ef2a

SHA512
b796ade549545b439ee623f3096aabba21efd435cf3b654765513a26b1d811140420ad903d5b927a865d7a4b0f94509e38c90d0303213e34288cfbefa0972189

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
4KB

MD5
bf5fe87ec4e31c74fea91815ffc1e9a3

SHA1
12028936cb2ab97b243560d1068fadbba30bac5f

SHA256
28576909a25a98efdcbf87db2f1d96086453cf48e172216b861351aa6af65be4

SHA512
c4cfd0cdf04b1201ae9af250d30b3e75e5ca4187c64efd424d9414339fb325335def40cf3f5aaab85d390f0f399ccd44f04ec404bff8cc27502f27a05ff400d7

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
4KB

MD5
96a66b50953c4fc5ff008d96e3d5f6a9

SHA1
4208c5393c064c50f7e1965ca37bbda8c4f8612b

SHA256
c198298a4dacf79f1a1dcaaab11dedaf75e3ca22caecc2388f0fbbfa4589a3b9

SHA512
ae5c5869cc789a1682f9db17e0f14b72d71b91db69be9c19cf39670b95d107e8ff184ea865ca47a246b19d4c01c3c0385eebcbe3d43b60c960d6bf0f06265f7a

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
8KB

MD5
f70f14d7b38e22f46417ed7ca37746ce

SHA1
12a0a6a8f8f4bb0340fcfdafe988aff73cb57ea5

SHA256
ee91cc7e7468fca6b40486e84bd43dda164e12289ea0dc1ba93020a32de3b9a4

SHA512
e65fd225bb2f98791e6741d76f865d21b8d2654b7e25add5e58823f09f4c31b2bbb4e4aba6b5f607cf982de235977d5b885c34823e7fb0ca5d2166bb2cc154fc

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/UserDatabase.sqlite-journal

Filesize
8KB

MD5
3797f108d62744fbc7b0ecfef5e03df0

SHA1
b69e6e99dc9ff8cc445cf7162becad379bad9e63

SHA256
ebe4424439db38a38eac72fe9a3624fcd8f04e99954858550d3ff81491707530

SHA512
edbc8a1ff98db533ebfd7e4959a9ac3f3414ed0a5ff6cd62bf977381cfe8df66b2055b445ed0f1e807dd6050f2d9645ba1bd4406654e3ce1fd60f100209d1083

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/dataManager.db

Filesize
8KB

MD5
2185fc1696822582cf40677699db12ac

SHA1
37b27c7674e066e789b3e3e302ae2eaabfda755c

SHA256
73a4459cc764c98c4f03b1be47420f9d1f48ba9d8cfb39af633b53194432e7dd

SHA512
4c2249fb1b0bb52001c1ce8dd18889046ad21d6f9f2f6f690482b4afce3adae7253e1af0bec97cce8fa8e7c745a20eed2638916a502ec159aedd8ac0dbb4c732

Download Submit
/data/data/ch.admin.babs.alertswiss/files/db/dataManager.db-journal

Filesize
512B

MD5
44566d6ddf24db883fbc9f2f1dd3e471

SHA1
aad55a054223065d7fc8a10e799d5a023fe8f063

SHA256
d2763cd6d0032605a14d8834b6e83d2456940b7eeaba8c3ed4f98e2d47e28a66

SHA512
2f3e6e3f4713f65ace2cf3fcf3d5748775ff9526ac158b8832fcb3bbc0a1383e919f98ec0735f4754d1995f5e9e210874934ca63085ba1f056de8f4e2908a998

Download Submit
/data/data/ch.admin.babs.alertswiss/files/tmpDB

Filesize
292KB

MD5
2601b84c694dfaf0235f6bc903fa61d7

SHA1
f550223c50408a04eb723422af2b36b192537015

SHA256
64eac3d94357b1af560382adeaccd1255aa21283cdb49452dca1dd83a400c704

SHA512
c4b1b20bc2ef61da79cee35951607203e6ae069c900b15a07b670a42ba9dfd83342120915d07c6737f8d06db3a21865c068b0df7a62f13baba0dd5f2caf058fc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads