0b23523e26b0887238c8d1ada9f46e7d4ad059aa6a21a20dd280f07ca49864b0

Analysis

max time kernel
24s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
21-11-2024 03:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

增强-SYH-机方下载.apk
Size

5.8MB
MD5

314ab40b5f92bbc63d2e11a25a40c059
SHA1

4abeda97ff9d770ff9e6969e423538b315f7faf8
SHA256

0b23523e26b0887238c8d1ada9f46e7d4ad059aa6a21a20dd280f07ca49864b0
SHA512

2078a95437bfed49bcdd408049cc049ce7142976e3b3fa6492e04ceaed5ac9dcc989e04cbcb38c8deb9b17011e810f6b9f3cb9ca58da1511083f016cb6f5e80b
SSDEEP

98304:6s1Ahlj13kr7UEReLChgTjScyZSZvgSnnNa7+C:6sKFAoEK3+AQ

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
evasion

Download New Code at Runtime
T1407

Processes:

com.urbbrgroug

ioc pid process

Anonymous-DexFile@0xcb77e000-0xcb87f460 4260 com.urbbrgroug
Anonymous-DexFile@0xcb74d000-0xcb77d100 4260 com.urbbrgroug
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

com.urbbrgroug

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.urbbrgroug
Checks the presence of a debugger
evasion
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.urbbrgroug

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.urbbrgroug
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.urbbrgroug

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.urbbrgroug

ioc	pid	process
Anonymous-DexFile@0xcb77e000-0xcb87f460	4260	com.urbbrgroug
Anonymous-DexFile@0xcb74d000-0xcb77d100	4260	com.urbbrgroug

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.urbbrgroug

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.urbbrgroug

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.urbbrgroug

com.urbbrgroug
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4260

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Process Discovery

T1424

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.urbbrgroug/.1/.suuid

Filesize
628B

MD5
3684ce65f91a21956c6c4a775538f402

SHA1
36c7d552667d2f0d866aab98afab80051ca7863c

SHA256
2108f495a684fe6582d1e341bf963a6bd69a7c1be63decc7151d3eb064469e3a

SHA512
d89b2c1baaa9df1f50b9012108473ecff2efaaa50751e14d36b7c48fa1fd0c738739d19b08d6d5a1ac6d739cd2026e943c0f79ca39a2de88f4d1d5f7784fa100

Download Submit
/data/data/com.urbbrgroug/cache/com.urbbrgroug_rpt_cache

Filesize
685B

MD5
502e2651d49670316b672017c4c54ad8

SHA1
cb110cbffcea0330901ed4ab2b7095a9425e3cae

SHA256
5cb3d99c388d3f0701a9c2fd1da77bedd28dedb4eb35100f64d765c580574113

SHA512
26c0576f2ae951c5cda004eedfa649d4e6fd928d5a50addf3ef9bf199096645e547bc0116944c08f3671b31f36e00d942f5c9f874d9d153abbfde442485dff6b

Download Submit
/data/data/com.urbbrgroug/files/tiny/uuid

Filesize
36B

MD5
8ca7ce41149da86a1a066f4d1c8ea062

SHA1
50ffb38f47bf0e711510da4ff69b0af9863afd0b

SHA256
71d60b29ac9d48d33da2b047b89204e148ce6af48ea6b3ea4fb23bc7abc531ab

SHA512
3e77122de5cbf4317d67da16a67f35c8449506d02e1c2bfdc146fffdccf67bb9aa523cbd8effc99362170398ca42f163f831d333e7d8a4d3bbdf24791e6e60bc

Download Submit
/data/data/com.urbbrgroug/tvsafe/plugin

Filesize
50B

MD5
e51573364a5be7b7fc8630c8d4108cf9

SHA1
0400eb71a41092b164c30fb12519c93866cb54b8

SHA256
e19290333d677dc08e0f1e17fa0c5f4830cec62a82745ddd79b9a06d5e17418a

SHA512
eefc5d551a22e1b259a251f82865d0fb8256671b349a621e14a39cc53c9044dcb4bd50ffade730926091ffc47b08a8f8bdc0f04da2f88f7190f7e9e2225ad5c2

Download Submit
/data/data/com.urbbrgroug/tvsafe/plugin

Filesize
60B

MD5
a9c8691106f8e5ea68e7c0de7de8f421

SHA1
94ccad2f1ccf45c975854cdcef8508ff5c672cf5

SHA256
e973e8c0c1364c8f804f13892644d3015d67243c48a5ec7b3c30f8c69dcb1a2b

SHA512
014eff3a6681adb829115db90397e283608d92391e034fc572523bf56801a4a49dabbedb045a06c648df58e23a4207b127b56bf471752926c4059c15865eefcc

Download Submit
/data/data/com.urbbrgroug/tvsafe/plugin

Filesize
26B

MD5
dae79ff770074beffbde0b597d351458

SHA1
9c091b6ecd05e864442180388473f4cc23347f40

SHA256
a03f09abcac48e83ea9bf740ff58c5c5c078c1d75314295453dc67d65b6acefd

SHA512
d6f5e235ee5b67990bf7b9c4dcef9a75abb289f6c3d6bc932f35dd3474e53e50bed680ae8637552fdc39074f28f281e8601b53e6bf3eb392c40d8c8155ed434b

Download Submit
/data/data/com.urbbrgroug/tvsafe/roo_report_sp

Filesize
22B

MD5
c01d32aee500efc1a00cbb120555cf9c

SHA1
25403f07e128d54d7f06896f573f29f965b292cf

SHA256
f65cfb7efcb4d98714395de19d2cd919e3ea48b95356b9fce5da6ab206fe90ee

SHA512
425ef49c8848a267453ff8790011f9472c293967fa38c1e5fc287d7c15bb3f7ed08d1f755032faab2afa1cee7d2a2acc7f81fb6fc45bfcccf8d752f0d6c80b69

Download Submit
/data/data/com.urbbrgroug/tvsafe/roo_report_sp

Filesize
62B

MD5
919cb23dfa50f9515f18924258b1453b

SHA1
8720a42f3d59d1d28267bd6489b31f44cf5126bb

SHA256
18aad4dd8a5ffb879318f1615f31fee2fa2a26bc7a883bb955a24ab28c698758

SHA512
0318877498fd123956675ea327c424a0ed332b565bf99165ba86ce677503442b4942a68b49a15b331c2c65ab19b453fc21152ebfec956e99d28c905c56f58554

Download Submit
Anonymous-DexFile@0xcb74d000-0xcb77d100

Filesize
192KB

MD5
a4357e310fad387f3dc81e668567fd2e

SHA1
f566df93709fe272ec9f8bcc5cecce616888e45a

SHA256
89096d65c2925d1451d5151b9c70168cee798cba7b1a68fe460035e2b2711c61

SHA512
c147cd04c86d2a143deda4ec4bd31229f3dbad8223db04c31599ff70b25b251c4e3fc7bc3c8826e6ce1766e804ea328c7dd522cb68cfcdd2f690934a8b4cb3f7

Download Submit
Anonymous-DexFile@0xcb77e000-0xcb87f460

Filesize
1.0MB

MD5
d38d5632e7a822aac77e9b3d37eb9fc7

SHA1
b5c0ce3d23308d1b5be33f1bc2c0d20edacebeb2

SHA256
f24fbeb77acac014274dfaf6dae74b14235e8b1119fc1dacd53534539e4f2e81

SHA512
9d26b9fad78b6754e9d2f8cc42b4c34856c0ff0514a04118dbf7ec0977d57e185cb9a098c6fae179a338dd6e2574c026c4d23e58773c1185acf4c69a412dd8b4

Download Submit