3b03ce13856931ae2235e39896e58f4e9f42ebbd851701ec5ad594dfd4eaa28d

Analysis

max time kernel
12s
max time network
152s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
21-11-2024 06:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

增强-ApplePay.apk
Size

4.7MB
MD5

3b1f8a6e92271606ebae98726f26cd88
SHA1

768dcb8745c9f7a01ab9dd9f7c7b02059b011d75
SHA256

3b03ce13856931ae2235e39896e58f4e9f42ebbd851701ec5ad594dfd4eaa28d
SHA512

08777ce9f6b706b5451e61928d4f00a8c363e3dc23052a26edc6b46a555d90cfdce5961267a2b33b07b615e6e007273766ddaa29f60ae7c718850f6490e0dbce
SSDEEP

98304:TSTWL4ZLhlB/TysYPq6MJgx3j9umyrLMfVoG9TuccZ:TSTGml1ysYPqqx0m2IVoGMv

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

sf.apple.pay

ioc	pid	process
/data/user/0/sf.apple.pay/[email protected]	5161	sf.apple.pay
/data/user/0/sf.apple.pay/[email protected]	5161	sf.apple.pay
/data/user/0/sf.apple.pay/[email protected]	5161	sf.apple.pay

Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

sf.apple.pay

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses sf.apple.pay
Checks the presence of a debugger
evasion
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

sf.apple.pay

description ioc process

Framework service call android.app.IActivityManager.registerReceiver sf.apple.pay
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

sf.apple.pay

description ioc process

Framework API call javax.crypto.Cipher.doFinal sf.apple.pay
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

sf.apple.pay

description ioc process

File opened for read /proc/meminfo sf.apple.pay

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	sf.apple.pay

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	sf.apple.pay

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	sf.apple.pay

description	ioc	process
File opened for read	/proc/meminfo	sf.apple.pay

sf.apple.pay
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:5161

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/sf.apple.pay/.1/.suuid

Filesize
640B

MD5
f44e06803d6c732e88efe5ddfc515552

SHA1
c5e83740c905c149ae0b5528677a93fb915f89f0

SHA256
58100358748bf73a5053d677a166a17254790cdfbf7341a083357ee77940bd04

SHA512
43fb392bd4c42b669a50dbe06f9a129b2a31c45da802e358652db3480eae90d2833d7de79394c4b90a26e0288771c64b2304218a7366dc9b99ec23bf01e71db3

Download Submit
/data/data/sf.apple.pay/cache/sf.apple.pay_rpt_cache

Filesize
685B

MD5
ec233ac0f07df2fd925a1ad03ded539f

SHA1
5b6fc5871131475fdfc12cef1f6282477d3a23f9

SHA256
0c106460c2c689623f9cae668d892a54fea1adc1e3e8e07444d7691f15589816

SHA512
80dc3c4343f4bbbe8fc7ad0431ba8e65e56ed85c4a10f2234d9e95f60a9cc7cd8688fb56d095ce11647d614327b883b1761a34047171745dd311a50c9c63df2e

Download Submit
/data/data/sf.apple.pay/cache/sf.apple.pay_rpt_cache

Filesize
577B

MD5
6e3e5c8c5df35f991830a42e4dc4fc07

SHA1
c122a4334325e8429adab933e8b9ad2d8e213c51

SHA256
e11695631456f9efa59bc913d1dac9821cca75b02c6ab774a5afd1bd81d4c053

SHA512
2bf76df0e3caebc565cbd3684371025ac2171513b4f7e001ff8a0c1c5cd2d3cee8f32daa09f925060414241b7c9ad8c9415cc6dc32f91e981287c4299ed7a9d5

Download Submit
/data/data/sf.apple.pay/files/tiny/uuid

Filesize
36B

MD5
79af68d2f1c0d2ab872991bf5e0b19de

SHA1
52eb8329c727592f54367798775e6a1bf08f6f4a

SHA256
b89a20d791c944261456af5f1a35342d281298131cd24c2eb26a103be30b4f20

SHA512
81f215505615d59d1425f6735c2c0ea959378d287fa4fdc69b820c3e13e2e785cb518bce0b3c955a9b0e9d1579c90516b19ebc307ddc9743077ec3dc3dbd08b9

Download Submit
/data/data/sf.apple.pay/tvsafe/plugin

Filesize
58B

MD5
4f37adbe3b6dd8c817328997ecd6de7c

SHA1
7f4f9949cfd2024e7917c4e428bf99fb1c7404f6

SHA256
b6c0c4bb0d3792288b726652640a0d312eedfbc88fb4ac7d471a45d90d37dcc0

SHA512
3e4a503efb4251c8dbe29fe1cf36684b6195560fda19ce8c2277521432cfa3f332ed73082f74ea86c86b4b84d733dd52c20d517596905519a6eb602921c9cceb

Download Submit
/data/data/sf.apple.pay/tvsafe/plugin

Filesize
59B

MD5
f12b8e35d8850e0f9c21e1c869fa8091

SHA1
86948267f4647530917223665a61e7c85e97005c

SHA256
8c49bab4865a319ce9eaf1a823420ade4c787473851f17ffcf9f0bd4737c2871

SHA512
f705e349a1ff419d30e93403bfc55cc821c6f32af9b0ef50acf4ed33dcdb6d1ef3555a89af34ca41c80dc4ef4974b834280a615bd0203e062addd0374994d1f9

Download Submit
/data/data/sf.apple.pay/tvsafe/plugin

Filesize
24B

MD5
cd66a3a26f9735f8af572b3e65b9904a

SHA1
0ea221fdde7fd8d1a1058c5bff3149f15c24425c

SHA256
862e4c2dc446ad328b361635d0f2da9755371dbd1d7c95267e86895f2e1b9912

SHA512
0b628ecd98a7ed8103842c1815659279c31f55163d965a020e8e2af28ef7e654b4d893e38e521e2e00b918c1e07a0382557565e19c40650126f2c013e1d5e2da

Download Submit
/data/data/sf.apple.pay/tvsafe/plugin

Filesize
48B

MD5
278367dd1dedc8b2f7ee7f53133b2733

SHA1
4382610908751b8e9282cdc4205d3430444cc183

SHA256
bea5f440d668f0b6098f6e594480f91192b43dadfe47edcec566ccdc88311927

SHA512
58fa34ab29dc0a440cecc6121b675089d904e21cd7430472922eb3263ee6c930aed421f12426399c96b0431a3f6677ac5ba01145bf4ec99006edf0f0f32a3ab4

Download Submit
/data/data/sf.apple.pay/tvsafe/roo_report_sp

Filesize
22B

MD5
362c4db6ab16f5ba02f382082de4d9c1

SHA1
47d731b5938761dbd5a40c0649d368a93119334a

SHA256
28d369fbce5ba75c605a6f7aecc41c356e4ef7a5cb0a797005d2cda41e85aae7

SHA512
8f0767db5289171817f6a24fadaa24ba705b9584e41fb366b88a27022289d7e8c7cca13a6a53ed51cf052020eb1df5cf87c098d656501e3cef5519dde8b70849

Download Submit
/data/data/sf.apple.pay/tvsafe/roo_report_sp

Filesize
62B

MD5
1b716474a9cb97f1295a69a1880b7a20

SHA1
3feefaae59d9ac78b707f2c0857fa4aad0ceb98b

SHA256
a4c19fd73b33bb1d23f7f6a80954b8260b28a646cbd79d7bd3be231b3987c199

SHA512
f8986ed472c85f1d131a4488e2f017393c2a03e03dee867105de7bb11e2d875de79ba9418913bceb55b61685742113672ce2afaecdca6c5ab3038ca76fdb3387

Download Submit
/data/user/0/sf.apple.pay/[email protected]

Filesize
192KB

MD5
a4357e310fad387f3dc81e668567fd2e

SHA1
f566df93709fe272ec9f8bcc5cecce616888e45a

SHA256
89096d65c2925d1451d5151b9c70168cee798cba7b1a68fe460035e2b2711c61

SHA512
c147cd04c86d2a143deda4ec4bd31229f3dbad8223db04c31599ff70b25b251c4e3fc7bc3c8826e6ce1766e804ea328c7dd522cb68cfcdd2f690934a8b4cb3f7

Download Submit
/data/user/0/sf.apple.pay/[email protected]

Filesize
189KB

MD5
1a2498480c8f6408595879e4ec20aa91

SHA1
e09c410206d375295dc4d2b78111b09c428b7235

SHA256
9326ae7cd03f5568d8a1b8d1d672601b5894afcc7f92b8130b34e8dbd357dd0f

SHA512
cc6e4ed40720de6302e321e21c9bda9a10c523fbdeb15122b04baf6d5a1b7604feaad9666997e35d3c4302a10d2cb4e4a08aeb4195f554ab9f745525748ef678

Download Submit
/data/user/0/sf.apple.pay/[email protected]

Filesize
110KB

MD5
d7a65b5377fe64ff0a113feb58bae027

SHA1
1f4a89b8e1589cd81b72c0776afb781a2d379cec

SHA256
a4bc753b6a1e28c2b3df213ab4a050645a8a2089c5d281064acc8a131d8cf17e

SHA512
56c515967863843439ee5c31265a1c1c0a0e7dcb47d729163dd8e115c72154b4caae16f55270b967b61373dc209f8d0f148a4c20b413551cada84fe4cb794383

Download Submit