Analysis

  • max time kernel
    148s
  • max time network
    128s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    24-11-2024 22:05

General

  • Target

    0e5c0c939bbc967c0ed8a2b2e412845861ef3bfdfe7c7652335b7703b9015154.apk

  • Size

    758KB

  • MD5

    822bf2c0c7da52ca023af9f839c70f07

  • SHA1

    8b0ebe4f3429c2f96b769a4c7629fe39a0037c87

  • SHA256

    0e5c0c939bbc967c0ed8a2b2e412845861ef3bfdfe7c7652335b7703b9015154

  • SHA512

    95c9582b0688bdfff6e0ddb15b3d6b4ec2268905472cd41db83dad888975560ce62fffe1b8231718852e99745b389085b310f90c5f19f9491aebcc4cb8ce3306

  • SSDEEP

    12288:CsHa1a8LVeWNQjo1cFcS5WmpYshXZPbGwidNpg4:fHa1aKe6mo+Fh5WmD9idNpP

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

Processes

  • cmf0.c3b5bm90zq.patch
    1⤵
    • Makes use of the framework's foreground persistence service
    PID:4485

Network

  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.250.200.46
  • flag-us
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
    Response
    ssl.google-analytics.com
    IN A
    142.250.178.8
  • 142.250.180.14:443
    tls, https
    1.1kB
    40 B
    1
    1
  • 142.250.180.14:443
    tls, https
    1.1kB
    40 B
    1
    1
  • 142.250.200.46:443
    android.apis.google.com
    tls
    6.3kB
    9.2kB
    27
    27
  • 142.250.178.8:443
    ssl.google-analytics.com
    tls
    1.3kB
    6.2kB
    8
    8
  • 142.250.179.228:443
    tls, https
    846 B
    40 B
    2
    1
  • 142.250.179.228:443
    www.google.com
    tls
    11.0kB
    9.7kB
    28
    34
  • 224.0.0.251:5353
    3.7kB
    11
  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
    109 B
    1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    142.250.200.46

  • 1.1.1.1:53
    ssl.google-analytics.com
    dns
    70 B
    86 B
    1
    1

    DNS Request

    ssl.google-analytics.com

    DNS Response

    142.250.178.8

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.