0b23523e26b0887238c8d1ada9f46e7d4ad059aa6a21a20dd280f07ca49864b0

Analysis

max time kernel
27s
max time network
150s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
21-11-2024 03:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

增强-SYH-机方下载.apk
Size

5.8MB
MD5

314ab40b5f92bbc63d2e11a25a40c059
SHA1

4abeda97ff9d770ff9e6969e423538b315f7faf8
SHA256

0b23523e26b0887238c8d1ada9f46e7d4ad059aa6a21a20dd280f07ca49864b0
SHA512

2078a95437bfed49bcdd408049cc049ce7142976e3b3fa6492e04ceaed5ac9dcc989e04cbcb38c8deb9b17011e810f6b9f3cb9ca58da1511083f016cb6f5e80b
SSDEEP

98304:6s1Ahlj13kr7UEReLChgTjScyZSZvgSnnNa7+C:6sKFAoEK3+AQ

Score

7^/10

discovery evasion impact

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
evasion

Download New Code at Runtime
T1407

Processes:

com.urbbrgroug

ioc pid process

/data/user/0/com.urbbrgroug/[email protected] 4508 com.urbbrgroug
/data/user/0/com.urbbrgroug/[email protected] 4508 com.urbbrgroug
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

com.urbbrgroug

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.urbbrgroug
Checks the presence of a debugger
evasion
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.urbbrgroug

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.urbbrgroug

ioc	pid	process
/data/user/0/com.urbbrgroug/[email protected]	4508	com.urbbrgroug
/data/user/0/com.urbbrgroug/[email protected]	4508	com.urbbrgroug

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.urbbrgroug

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.urbbrgroug

com.urbbrgroug
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Uses Crypto APIs (Might try to encrypt user data)
PID:4508

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Process Discovery

T1424

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.urbbrgroug/.1/.suuid

Filesize
640B

MD5
6f5630e11a7daabfa3943309f2453135

SHA1
748ff7971224ac137662deaf080f655c86bc5ace

SHA256
78d91372b24fb3de2156db2df4a737f455b489b316885b1b479248cb31f70dc8

SHA512
7b1f6d2c4c51999dc748d54d32955bb8d0d1dd1bf74d088eb1f17a5e232daecfb893430411bb7f334c2211325ab73307b4382813134e96f91a90cbcc39b0d253

Download Submit
/data/data/com.urbbrgroug/cache/com.urbbrgroug_rpt_cache

Filesize
685B

MD5
1fd57df156ed7365b77792adb7e69739

SHA1
1b833c70a99e8471ef4504c6848127f55aec4749

SHA256
ced89c98ba80c1df33e179031a916cc9ec33a066a69123ed27623fe3bf4d1698

SHA512
308ea17915a8e094c101e07805fef14f8d4a08ad62c5ae5ef2df19c2bcdb40ec6d451d65c0a9763dcbb8f797bf90d7e7bbf14574f83422cac86035385f4a8603

Download Submit
/data/data/com.urbbrgroug/files/tiny/uuid

Filesize
36B

MD5
929223aa5b281d17cf6bb6d2cd027fd2

SHA1
54b7b0eedf0f752df1406b213ba6609f841b9068

SHA256
9d89a0415f864faacf696dcc213246a35aea9dcd80612859213907ad80c51c82

SHA512
ceb611f1f8c236dcfe198418b46530d9bfe6a804b36b4f75d564eb9fea15671a7bceae120abc7426586dfb370da2b1cf8853c827239a3dafda2fdb4eb4950e54

Download Submit
/data/data/com.urbbrgroug/tvsafe/plugin

Filesize
50B

MD5
e51573364a5be7b7fc8630c8d4108cf9

SHA1
0400eb71a41092b164c30fb12519c93866cb54b8

SHA256
e19290333d677dc08e0f1e17fa0c5f4830cec62a82745ddd79b9a06d5e17418a

SHA512
eefc5d551a22e1b259a251f82865d0fb8256671b349a621e14a39cc53c9044dcb4bd50ffade730926091ffc47b08a8f8bdc0f04da2f88f7190f7e9e2225ad5c2

Download Submit
/data/data/com.urbbrgroug/tvsafe/plugin

Filesize
60B

MD5
a9c8691106f8e5ea68e7c0de7de8f421

SHA1
94ccad2f1ccf45c975854cdcef8508ff5c672cf5

SHA256
e973e8c0c1364c8f804f13892644d3015d67243c48a5ec7b3c30f8c69dcb1a2b

SHA512
014eff3a6681adb829115db90397e283608d92391e034fc572523bf56801a4a49dabbedb045a06c648df58e23a4207b127b56bf471752926c4059c15865eefcc

Download Submit
/data/data/com.urbbrgroug/tvsafe/plugin

Filesize
26B

MD5
dae79ff770074beffbde0b597d351458

SHA1
9c091b6ecd05e864442180388473f4cc23347f40

SHA256
a03f09abcac48e83ea9bf740ff58c5c5c078c1d75314295453dc67d65b6acefd

SHA512
d6f5e235ee5b67990bf7b9c4dcef9a75abb289f6c3d6bc932f35dd3474e53e50bed680ae8637552fdc39074f28f281e8601b53e6bf3eb392c40d8c8155ed434b

Download Submit
/data/data/com.urbbrgroug/tvsafe/roo_report_sp

Filesize
22B

MD5
420d74418e15cd7817fffdd0e749ff0d

SHA1
bf624e789b7478517eaf92d7337034ed3530708b

SHA256
2b81972400b001865e8f26b0fc3729b0f640182f4993f3a91805a016f460a65c

SHA512
b77490d9d1ae9599a8f65074309f4b645655fae0162efb568954802e9c816affd711f2e0dde408111b674cdac94b71d6173cc5085266a7bb58451c03017f113c

Download Submit
/data/data/com.urbbrgroug/tvsafe/roo_report_sp

Filesize
62B

MD5
7000400f4258ccba60d217a0387620d1

SHA1
d7b3b4debcac99f064f93d3c2e9a6b986489516d

SHA256
aa000b30ac33d524054b6f3f0407cdd7002240a74deca00b11dd65600cd85e29

SHA512
50783e393107bb8c00b1908f7c75fef8521950b232ff34e8f37bba9e38c04f45f43f4c5b5e9d70eeed78cf3ba83e3948020da340cf2997bc05ec3aff3ef406bd

Download Submit
/data/user/0/com.urbbrgroug/[email protected]

Filesize
192KB

MD5
a4357e310fad387f3dc81e668567fd2e

SHA1
f566df93709fe272ec9f8bcc5cecce616888e45a

SHA256
89096d65c2925d1451d5151b9c70168cee798cba7b1a68fe460035e2b2711c61

SHA512
c147cd04c86d2a143deda4ec4bd31229f3dbad8223db04c31599ff70b25b251c4e3fc7bc3c8826e6ce1766e804ea328c7dd522cb68cfcdd2f690934a8b4cb3f7

Download Submit
/data/user/0/com.urbbrgroug/[email protected]

Filesize
1.0MB

MD5
d38d5632e7a822aac77e9b3d37eb9fc7

SHA1
b5c0ce3d23308d1b5be33f1bc2c0d20edacebeb2

SHA256
f24fbeb77acac014274dfaf6dae74b14235e8b1119fc1dacd53534539e4f2e81

SHA512
9d26b9fad78b6754e9d2f8cc42b4c34856c0ff0514a04118dbf7ec0977d57e185cb9a098c6fae179a338dd6e2574c026c4d23e58773c1185acf4c69a412dd8b4

Download Submit