4ce498dfefeb83ed62364e76171343750c44bf1ee9b0626ba4ff0a7e6443948d | Triage

Analysis

max time kernel
24s
max time network
157s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
21/11/2024, 06:14

Sharing

Report Analysis Logs

General

Target

增强-小黄人.apk
Size

4.9MB
MD5

cc18899e6067c6f5310cf0556bf67d5c
SHA1

5a0738b65765d9f6c34544377ad0ded3d935d8b1
SHA256

4ce498dfefeb83ed62364e76171343750c44bf1ee9b0626ba4ff0a7e6443948d
SHA512

6aa3f081f893d554855a19f1843e1591261ad58b83c8943ecd98633f1c00b574856fcfc61d53c52f5842419ed9b790c63b4aba82da4ca8b66f31a72f95b21ed9
SSDEEP

98304:KXT+BxGtLuLaZkn8VYo6vbdoWaHO5RWEqgEVY+IDAlQxXv1PYRgR:KXT+CtLuLnIYZdvaHF1gXv1KgR

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

Download New Code at Runtime

ioc	pid	Process
/data/user/0/com.nfc.cardscanner/[email protected]	5047	com.nfc.cardscanner
/data/user/0/com.nfc.cardscanner/[email protected]	5047	com.nfc.cardscanner
/data/user/0/com.nfc.cardscanner/[email protected]	5047	com.nfc.cardscanner

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

Process Discovery

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.nfc.cardscanner

Checks the presence of a debugger
evasion

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Broadcast Receivers

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.nfc.cardscanner

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Data Encrypted for Impact

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.nfc.cardscanner

Checks memory information 2 TTPs 1 IoCs

System Checks

System Information Discovery

description	ioc	Process
File opened for read	/proc/meminfo	com.nfc.cardscanner

com.nfc.cardscanner
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:5047

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Process Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.nfc.cardscanner/.1/.suuid

Filesize
640B

MD5
87a42839c62fac302a95035be0bbb4dc

SHA1
6f2e65e09a8d1d6e6bc1d289fe44ca0c5baa0b92

SHA256
d34d9e48dbdd0b94e66728f92f6c133f30b23e0a9c6ffff6bba8b4d0ce9e471a

SHA512
c12c9bd6819860325d6c71dfa03d499ed52f69ba9a0614ff7dff845904a1d6120ddba964ac44cb4ffff03f1407444be3cbf6d89533aaef67900c1bd8bf2327c6

Download Submit
/data/data/com.nfc.cardscanner/cache/com.nfc.cardscanner_rpt_cache

Filesize
1KB

MD5
f2c7c917e0b7ee21bd8b34409e5d5102

SHA1
c1ecbe0ba596ca3edae51a48b0fb13d610eec5d8

SHA256
b3c4b03a2c21a147abc571f7d1d6b933d9e20b73645cd7d263010c8418c321ba

SHA512
6b51da0f6b7befd7f2989033e42f32a0abbd288e92f9ecdd01290c378069a24f60fe8e76d7004e24d7bf088dd772481d3b320e913a22ec12208f3b41037082cb

Download Submit
/data/data/com.nfc.cardscanner/cache/com.nfc.cardscanner_rpt_cache

Filesize
685B

MD5
10ea43b467fb4e227d7a8a34859f4725

SHA1
ea394fa5a5f1d184b48de57b3862850d0b79415a

SHA256
6d5f4ba8d1c443de13d515ec38f982bda1fa4b69e72643c32d382bdb7c9e5087

SHA512
8d77f6035d70a3070f4d09b35869f218ce5ba0d7061ffa15424086b43a89c28f97cef1ab379eb950c2ea98609fce9fb2ea5dd1896319384f4dbe589095a37981

Download Submit
/data/data/com.nfc.cardscanner/files/tiny/uuid

Filesize
36B

MD5
67fe4982201d32db9fcd09ceaedb067e

SHA1
a87a2d06a66f25c4cab2760057bfaa38d1a91413

SHA256
cf3ff3e2ebe876e512c930196bfefdc24f7b26cb6aff7447d51ac98f08ad8e5a

SHA512
377bd48f03e61e0132f2aa41bbc4b2f2eda4217351c5a19659e00abbfda301fc0cfdfbb2952b2295c449b62395b679eadc36ef6543ad9f5ea96a5373d51b0412

Download Submit
/data/data/com.nfc.cardscanner/tvsafe/plugin

Filesize
65B

MD5
ee0a65c0c65227989ff86128ea719b45

SHA1
d351661668b20aed124563b38e5537acec4968df

SHA256
14e03be017593eac24dae7f9619eb0fee1ae3bda70f17096a6135ebe1ea7bd54

SHA512
71cd3e044c962b799eae004c3b97b1e41adcb8a8c63f13985b88f2c16f9d5ce649713c86baa42e65de5513bf40c621f506bb3854b23aa99b8cd73fc5ba9b9f1f

Download Submit
/data/data/com.nfc.cardscanner/tvsafe/plugin

Filesize
66B

MD5
bc974baccfc18e7f328f9c35fbd9cfe0

SHA1
908e9ede37f59f7174e69872d090fe13a5122a8e

SHA256
550429245422152a12df910206a89331a80ec8bf3831d15346b4d42162d33865

SHA512
88907566a5785149d308362282fd76300eaa3641167d515d7500ffd799e8b4be33100477a1222af8db048a4457289da656a05033771d5453d5a9d59ac5f363f7

Download Submit
/data/data/com.nfc.cardscanner/tvsafe/plugin

Filesize
31B

MD5
9b2b0cc3758e23bb6549f110a29cb218

SHA1
8e61a2c5c334ae62e67e9b1e68a46659769e50b0

SHA256
58d588d009346cbe98ef3e7e42aa4c8e22df3915c2e83ed7d5c52edeb68ad265

SHA512
e35654b9401ce3adbce65e417b9b924707dfc82bb56033d0c35e4802f6d37677c00cad9e376ade43d064f7765b53d538bec2953c0c55f972bd8f801e0f4de56b

Download Submit
/data/data/com.nfc.cardscanner/tvsafe/plugin

Filesize
55B

MD5
b5abac6f2006b3f6bb004ddb41bbd2d4

SHA1
2441835b748008e7285ab34d3d577f9f162b992d

SHA256
d10b6b7b7b29763699b5575dbac8fc24a10d9a99cdf5d37bdddcded79718c52f

SHA512
b1e04b51fbff59213160e43bfb4b2ad0fb75badfdd3421808dc8cee9fb319cca0636f5d840f74e727115a5bf2da9a7c7a051d298df834eeec056cb2ac20aa894

Download Submit
/data/data/com.nfc.cardscanner/tvsafe/roo_report_sp

Filesize
22B

MD5
022b15ea6a825a5a8e86896be6fa5ba6

SHA1
959fd40aad48eba6f182367d91623a8556efd6b0

SHA256
4204092af98825a2ac922b5823bbaaee648526a73ba06565fa37b931b5a7fcfe

SHA512
cbbced32c803e7237614e7aebb51921b1bb3e72c2b645043fc56e77b96b89ac325c08ab725136e7ca6c91214a9a8a83c405031c957e78b962802596b15da0ee0

Download Submit
/data/user/0/com.nfc.cardscanner/[email protected]

Filesize
192KB

MD5
a4357e310fad387f3dc81e668567fd2e

SHA1
f566df93709fe272ec9f8bcc5cecce616888e45a

SHA256
89096d65c2925d1451d5151b9c70168cee798cba7b1a68fe460035e2b2711c61

SHA512
c147cd04c86d2a143deda4ec4bd31229f3dbad8223db04c31599ff70b25b251c4e3fc7bc3c8826e6ce1766e804ea328c7dd522cb68cfcdd2f690934a8b4cb3f7

Download Submit
/data/user/0/com.nfc.cardscanner/[email protected]

Filesize
110KB

MD5
d7a65b5377fe64ff0a113feb58bae027

SHA1
1f4a89b8e1589cd81b72c0776afb781a2d379cec

SHA256
a4bc753b6a1e28c2b3df213ab4a050645a8a2089c5d281064acc8a131d8cf17e

SHA512
56c515967863843439ee5c31265a1c1c0a0e7dcb47d729163dd8e115c72154b4caae16f55270b967b61373dc209f8d0f148a4c20b413551cada84fe4cb794383

Download Submit
/data/user/0/com.nfc.cardscanner/[email protected]

Filesize
189KB

MD5
033e8ccfaf763a773312ef167afe3200

SHA1
c91d3efb6fd2e245ace4dd8dbc251e9ae6e56e08

SHA256
4319dbf2d774aa4838f75c368d6e3700850f5741f06f9ae9cc2612d48890d07e

SHA512
8bf700cc9531c0687d74bb669377c260339d9533e0ebdce3fa24d3f145161f3e05509a2269d48df640b576197ea024a0c0cfd2177af4e3ca1d0c176015054ea5

Download Submit