04ff7d924671ac03fb3b3a2e0bae7ba979276166766b97d0887c92076a326491

Analysis

max time kernel
7s
max time network
154s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
23-11-2024 02:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

04ff7d924671ac03fb3b3a2e0bae7ba979276166766b97d0887c92076a326491.apk
Size

526KB
MD5

5040d56bc8276ece72a50d56384b3b7b
SHA1

4b0bbad9ca66179aafcb82fb211ea17b6f6429e2
SHA256

04ff7d924671ac03fb3b3a2e0bae7ba979276166766b97d0887c92076a326491
SHA512

06a448fe2c583e74d967eace563c04ee58265f695f034a4755ed2591c4ddb33f6fce94cfcc3fef7c5b7d0954dfc07e3506568407a29b91229ac9bf73a5380479
SSDEEP

12288:vIhgrqfV/akLo0HCO5GVlxtRtTl1iZyVsM7iV:vi2+RLhD50iV

Score

6^/10

discovery evasion persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

Processes:

com.intensive.sound

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.intensive.sound
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

Foreground Persistence
T1541

Processes:

com.intensive.sound

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.intensive.sound
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.intensive.sound

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.intensive.sound

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.intensive.sound

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.intensive.sound

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.intensive.sound

com.intensive.sound
1⤵
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
PID:5067

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.intensive.sound/databases/com.google.android.datatransport.events

Filesize
32KB

MD5
ad7bbdcce258ba21d0a07659a3849e3f

SHA1
887e17f38cf736cc82125092f6cadd5753184286

SHA256
a6417906596802ee2a80cd22ef848d832848a6f36f4e45d320e9b98633a5c456

SHA512
4519d5aec86a163c9c2c97d1cf9862cc9b421749c0d78c0f4ceee31c9fe07ac557e736d5b3f72942e2d5d44b578fc8a6789f2e7a3ec98ec2199fdc50dd3ac45d

Download Submit
/data/data/com.intensive.sound/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
77e7d6ba7c80dd7c8273c3007172c1e3

SHA1
85e3d95b47909c195676e07df406ad5e8f3818b7

SHA256
879400aad2a30b3ff8dc65dea20abfb65844f2c0ded21a37dc69142beabce252

SHA512
9755fe8b97b0ffd72850d0a5ad181e70f88920927f7cf0e0e65d9a2dbecbf72edc363e6e52c58a6b72ebc3ba9da722815e60a3ce1cb883d849debcc7d8dd16c3

Download Submit
/data/data/com.intensive.sound/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
f8a7ac0b4a511fa69991fd20229d70af

SHA1
521a466a386ae2d306a1bae9b291861e95bbb8f1

SHA256
735633c9149d025aad689e65e9cb31ee9a287f02be241b32dd9b83035196bcb8

SHA512
e6e3c1972f7c29f59de684495f4bf3a3d75a6137f4dfa9df3884b51699c85a1c91cb882e4d8633af73b410ee308c90c6c6fdebba10485bd82e7df42825838647

Download Submit
/data/data/com.intensive.sound/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
621bffe56e6067b2124ab551b206d4e8

SHA1
e7eca31844aba78a47961456564b58e697202824

SHA256
c934b8659c0449a766c71063cf9086f3b9a6ccf8cf9b476259ca2fca157a890b

SHA512
2957d20682abeffe06a451b4e074d4a67cbc8168708cd394d5f6cc487bdc15d187bb5713cda923a8affe483cee14b48cb06e3c7404c34b555d5612219b90f07c

Download Submit
/data/data/com.intensive.sound/files/9fe946c1-7c84-4659-8f29-6ab738d19efe.dat

Filesize
548B

MD5
fb67b9220e52a50f0c14aa094a3f9c22

SHA1
dd2a07e00329ec16413f08fc5c4d5b02b9f26784

SHA256
0d1ba784860cee206d0f377b2e3636063a1379220ac8e6cfa6beb15ab488d072

SHA512
3df03ffc538b5620556b12e86bfbf9dd11686636547814d9547522826493dfcf2a15b8676756097fd0c52964e61447144bf45ce1532808b82c67179828b564aa

Download Submit
/data/data/com.intensive.sound/files/PersistedInstallation1616662842173383256tmp

Filesize
90B

MD5
e7ef586f3aa1d03572f1cfc169310125

SHA1
52485a2abd3b6e583fdc08c77c7b474ee803dd42

SHA256
b36b7d661f3c760479c827841d29c09894385fc04dde9e9429bc045f04e7b90a

SHA512
33557d37b217d02ae4f6880dc466bf6778cda1e6c93dca8698196db5b6e397ea1a12806f17e8aa92db3093f4cd8e93f721b40579f9673276a1e9c28d54e75a8d

Download Submit
/data/data/com.intensive.sound/files/PersistedInstallation750414759142295353tmp

Filesize
566B

MD5
d6095a56cedddbb5802a3442a1618ea0

SHA1
e9aa027d6f2f92abdc520743e02cbac272e65a1e

SHA256
bbc838aee1973b44aac1bd3cf2a2674423df12e2e5221bf2e8a53ad705bdb49d

SHA512
7f599892116bc96e6109fb0df2198038226a6b84569097897727570d45cdf2d08f7bce1868512dcde3321bc592802c777634f4ecc0867ca72cc6015520e27b18

Download Submit