646fa8567ad6199607d0ca681422a61984cd70fd77fa89374f8cd21a466a72a5

Analysis

max time kernel
146s
max time network
153s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
27-11-2024 22:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

646fa8567ad6199607d0ca681422a61984cd70fd77fa89374f8cd21a466a72a5.apk
Size

760KB
MD5

c364830cec67974cd5dc3c848f5a6015
SHA1

522dbdc67d3f524246981700e9ae3d9234dc1024
SHA256

646fa8567ad6199607d0ca681422a61984cd70fd77fa89374f8cd21a466a72a5
SHA512

786132a4db29ebc4e7f7c2d2d2fcfbc54897d66090ebe2e66170ae6cb0c3671916c2b979e66b8a9c8348e2373e1c43f4deface1414f88332985368c02aac4ea4
SSDEEP

12288:YaEGTbabJ6sgR8LzSpUe6Yzb5WmpYshXZPbGwidNpgv:YaiJ6stLzSB6Yzb5WmD9idNpw

Score

7^/10

banker discovery evasion impact persistence privilege_escalation

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	cmf0.c3b5bm90zq.patch

Requests enabling of the accessibility settings. 1 IoCs

description	ioc	Process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	cmf0.c3b5bm90zq.patch

Tries to add a device administrator. 2 TTPs 1 IoCs

privilege_escalation impact

Device Administrator Permissions

T1626.001

Account Access Removal

T1640

description	ioc	Process
Intent action	android.app.action.ADD_DEVICE_ADMIN	cmf0.c3b5bm90zq.patch

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	cmf0.c3b5bm90zq.patch

cmf0.c3b5bm90zq.patch
1⤵
- Makes use of the framework's foreground persistence service
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4327

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Abuse Elevation Control Mechanism

T1626

Device Administrator Permissions

T1626.001

Defense Evasion

Foreground Persistence

T1541

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

T1640

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/AndroidService/config27-11-2024.log

Filesize
1KB

MD5
87961aba35491facd19377053a06b78c

SHA1
93e148483052f5fff699d9d38d53600ac77ed950

SHA256
ab38c2f8e0aa6876625b23cd5150a9263901d650fc4b99344b638bcb906d8a85

SHA512
e9420816c184da1241c2453dff89d8d94701dfc18b8ce97b74a5304566426a6e0dbcc1e3ffba6a3e205d1e187e280ce69bd03a75254f75228ac58c2c050abf56

Download Submit
/storage/emulated/0/AndroidService/config27-11-2024.log

Filesize
1KB

MD5
42bf129bd7bf6af4db79151e6590b433

SHA1
f2b77068942a5cd8673393c8b972358f655535a6

SHA256
9ee4a7872619cd5d7f74b7f26199faa718899ce1db4a25cfb5f71dd18cdfe462

SHA512
37a4aa31668a02a788e9d8060355e33667365de46030b82aca7660ac73a6c92db1ddb9dfbf529cdf263b68adf094e75fd419c123bef54c7e47acfe6a437d000c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads