b42069ac7eed7d2f4ea14971325d0e4dd7730732d868eaf0606142a5894e30d8 | Triage

Analysis

max time kernel
17s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
05-12-2024 19:26

Sharing

Report Analysis Logs

General

Target

inat-box-v13-rc2.apk
Size

10.8MB
MD5

9c6cae30bd0dccca546a60b36c36c0eb
SHA1

b004c1554c34e88e5d773b354159246c261ae04f
SHA256

b42069ac7eed7d2f4ea14971325d0e4dd7730732d868eaf0606142a5894e30d8
SHA512

937d45c85de983673948545715afe90b27906c9f5b5152c34074d469cc11149c1de0bbbe92d970bbfe983cf5e9a4d8035c0dc18f8c16d531bf6f6199056a0e3d
SSDEEP

196608:x6gVh4mcVyYZrRxNRR0GAetwwo1alPLFC1vhzqAkFcdgFsNmUP0ZFn:xLBSX0GEwZLYFhz9kFcdc8NM7

Score

7^/10

banker discovery evasion impact

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

Download New Code at Runtime

ioc	pid	Process
/system_ext/framework/androidx.window.sidecar.jar	4452	com.bp.box
/system_ext/framework/androidx.window.sidecar.jar	4452	com.bp.box

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.bp.box

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

flow	ioc
28	raw.githubusercontent.com
29	raw.githubusercontent.com
30	raw.githubusercontent.com
31	raw.githubusercontent.com
32	raw.githubusercontent.com
33	raw.githubusercontent.com

Queries information about active data network 1 TTPs 1 IoCs

System Network Connections Discovery

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.bp.box

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Data Encrypted for Impact

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.bp.box

com.bp.box
1⤵
- Loads dropped Dex/Jar
- Acquires the wake lock
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
PID:4452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Credential Access

Discovery

Software Discovery

Security Software Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.bp.box/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
7d0a5506147b90f1e68a936d84337f48

SHA1
0489e33eb3ccfd37a8b65e8533dd31b693164651

SHA256
bdd325a43082cead249c4254fe1aa6ececceac4776ffd349e46fc0f199a50682

SHA512
1e26bfff4320c6f795ddf7bda2bbdaa16e01793a72cdfc220b28bf9611e40b4c12a0e6f23f58b8bb0f9b2420f421db683405548e2eb63705ea7db168ab247b65

Download Submit
/data/data/com.bp.box/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
7b37c5cff8a7fa48f3a160d98fa3e4ea

SHA1
bc59702330b49cbf65287258bda00af99b0d1bce

SHA256
d7d2e5e06ad00e2cf18df0edbca0acd79cbe8d59c9af15acfd7ac5f7eac27501

SHA512
14002c602fb060d4119ffeffa95af66c5f40c7edbe0facea7f09f13d6ced2eec60c758e5e85b4c4da4da5066fa066f6d24d70203814d616df3f084928e9f1e34

Download Submit
/data/data/com.bp.box/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
c7800599703f091fdf5540b6320412e6

SHA1
7c5f94579269303fc367d1a1b9e5a3b201310488

SHA256
83436080484dc3497614dd79d596cadce432c38e9a9f1c4776cd3e2e143e6f7a

SHA512
783a2a49edeeacf76d7c1c8a3c998f40bd5dd080424214045fc94988389dd3f118ffa3f057c7c1573baa3f518edf96dc48f781a818b65ca4f758296fe28b1df4

Download Submit
/data/data/com.bp.box/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
ba3944b9a7592082eb4ff74f5942e207

SHA1
3a3a1d925c5816215eb84ee54dd7170429d752d2

SHA256
4e75626424572fe44c47d0066f3e7b3ef484442f505e7bf3800892d63502839c

SHA512
cb964b482e4d8c561b42cb7189403800d39be9dbe1d8f4b4c75c4cb119900e3d89eb15583f3934666faf840439b90c701f92a436100bf5e5b713c887ad2e3da8

Download Submit
/data/data/com.bp.box/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/com.bp.box/databases/google_app_measurement_local.db

Filesize
16KB

MD5
90702f4d07ee2a408afdfdce660c5097

SHA1
44cf95ce0e08fcb95af092e955dbd68bac58b3f7

SHA256
84fea959e351b81fbc31fbc7f469c41ad2433549a2530a18501edef00e14f7fe

SHA512
3110f191f7808b18a2318a26ec54abf256f3c931a03b7175b91f9a9e0da6ff549fb74ca79a7ec633999b71a87fee24151070ebbb31655ec31dc0ba95a48dcc81

Download Submit
/data/data/com.bp.box/databases/google_app_measurement_local.db

Filesize
16KB

MD5
564a8b9a22d6ed670bdc9a975667e207

SHA1
31e6a6bcb5f1c8c795e56a1a5485d671f62e868b

SHA256
71ad69bfb811cfc79255ad3f8b480869d5a27e8d315bf118f921503c910087bc

SHA512
c32c59f4266d177a45a09e7e6da51446b3f3d9b586002744ee929a92d50db253b3f0068cb77c7209e09469514b31fdc7f1cfd89c693467e5a48eed38c6abd511

Download Submit
/data/data/com.bp.box/databases/google_app_measurement_local.db

Filesize
16KB

MD5
aa4dd4d4a80ec87bdc9682d9d7698f0c

SHA1
7973cb6b6631143065b96247abcd4e96b3de89d1

SHA256
11618eebffa83a8aa857fef0b321ad72f76db755f93b22847d02016c6ac488fc

SHA512
1d17615c3c5be5a205c36c645a218ad368966ab1da11d1511b9f0bdb74662fa69ab4780f8497d7cb2954315d4648769f5d80f3873922a3dc3758f3b4d0b1b59c

Download Submit
/data/data/com.bp.box/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ac35972314e177a15279938820ad2be0

SHA1
eba9f2f3233f6666180f584f570457eb8bd26814

SHA256
3502a4d8a77c71212d0891e6c3455c9aefc00e42ecab95f92a68dda5fcae2892

SHA512
002595ddc65a22f01734788a90f55c8ba3a9011392f6ecd3d16a4500f692e10d0bc99dfde9d24b6e2abdbefa2810364bb59203f7ae80b18d663229d0a9a4503f

Download Submit
/data/data/com.bp.box/databases/google_app_measurement_local.db

Filesize
16KB

MD5
8ce3ea81daffd1bd00430ef0a0acf4c0

SHA1
5d13006f6e4b33bdcfa6d2a6464994883ca7143a

SHA256
8ccf82d05de9790bc7ac92bbbc0fecac509788ddf840c0eb855071874d65bd04

SHA512
99810c4b5e2552e4ac6bd690ad1b9239ce7e592f0a9a254967e516651879e57d061ca7fdc9d1475277facaea00fd15b798f7fd8d65865b46f349fa4d27639497

Download Submit
/data/data/com.bp.box/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
79ee50dabfc29caa731df3c63aabd4f6

SHA1
62972db7fdf1b418b07427a7aeea5b9ab6cbf7c6

SHA256
e9242f9deaa00293985169c3e0067e12747660a2664aaf01d65631ade5e46d67

SHA512
a5ef4f0475d2b5144d5e73c557dc31a354123cddbd30f9ea64f3126483a4e2aa243f6a001c18f8261f8c0fb29b6ba0dc57f73c310b08d21e372a34d2bcfdec96

Download Submit
/data/data/com.bp.box/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
3cb0730cb1acf3829bb2cc98755f8cb2

SHA1
c3ea84bc1157eaa35d04c7eb02071b44f3d1005d

SHA256
f78859b6b21745281c8705b426a2dfa741028232a755062459a31f868a1d83db

SHA512
338492cd29b7ffe261a12c9508d8f2785813d910ee2bfa3413957103d813a48fcec6fc055f28ed7e2e737b37e33f4a58cfa22687833517c83efefc497df4c9e4

Download Submit
/data/data/com.bp.box/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
c8bebb46650ce52f733dfa114e964498

SHA1
0cc7f3e93e03cdcdfa72ca551b247f4789235e93

SHA256
96f5624e1ba1eaf3a706b8077044c5d6036b4fef59696009922c5e53c8f9e2a8

SHA512
524aefd3372ec11c18e283c29224029ac2a87f3dd7a54ba6e5e0a87ae6cb881085ba766912e37b3cbe244f073451d4defacffe046558955dffc71690bc3523c4

Download Submit
/data/data/com.bp.box/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
6bbbb864b9ced5150a63e54652fc074d

SHA1
15bfc2ae89329d03985ca6bdabf511b3a837d253

SHA256
16f1ef1005bac188ec4235a5ced2ea119cc2c234a703f3e61445f65b91a4c642

SHA512
61aeb1233fb519e6fd16229e2607115e802c1b081ee393f0f4b0d0aea6aeb05da8cb303f78249c9dbc824bd99b052087e362aad8751b4feaad3caa0f18201b29

Download Submit
/data/data/com.bp.box/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
48d8acc88ab29776776076a0a4091122

SHA1
19070611afe26b81628b5c9d978a2b548978e276

SHA256
1a4cfe80499d21a9a5f3e9089c4866a8e7fa7a48c78c509f27845b53ee03aaf1

SHA512
2a91bc515c12fe6dd8a912d49f2ddeca65c05a4c6744a17901be336b4089e94f1c26e0b52d682f8b4ce5c5c12e64ff30d18e2a3b0c7d56c43a581c1a457f18f0

Download Submit
/data/data/com.bp.box/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
54fe7492205954886ddbbd6f7a6b7bde

SHA1
9a3c94121df0fbed15ded68435361eee54d48af0

SHA256
b4cc0520bcf4e82aea0774d7f0c89493051293d74c02dcfd0f5c3dabd6ebd93c

SHA512
62edf6ddb435ff1f933bddd387e2d1181902d47576b369f93341ad5631dc1c75acf8f5c700aa88dc5aec8cc5546f6267a9f2331a46919a0eed7204619e64fe98

Download Submit
/data/data/com.bp.box/files/PersistedInstallation2367739574559773058tmp

Filesize
90B

MD5
a5e227462fa5d2bf9d7d66a15c4cfe89

SHA1
d142b3b049028ba22419c4c73a2229472de287fb

SHA256
d659ec077ae4866987a83bdc79612de5abcb3df9f129bc6b63de85785086cb95

SHA512
f129944440403d0cfc3a8191da4c0ec1ddcbccb0beeb68b89eefcddd4cb1b8479bbd7281312af684cb40740b9709632c69fca2da60891c8fbe4e852f47f6db2f

Download Submit
/data/data/com.bp.box/files/PersistedInstallation3452646953498723759tmp

Filesize
569B

MD5
f9833e8087abe38b0ecf4e9078739faa

SHA1
ac771e2a65dde205b1d4a919dc751c142e750652

SHA256
efe184a8d33cd99a65226e3222bc6a819041c16c9883a2d34fa6a139bd46dc4c

SHA512
14d86aa1d3e1ea2ac0f42cedcf3906a056ab60b0a550fbfe0345cd0ecc25c3d0a51f36296fccb4cd76355570b09bf9e19eb54f970fd3ea3abde90586536e57a1

Download Submit
/data/data/com.bp.box/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
811d4f5f3128b9ab5b5fc1e1e3b50c9f

SHA1
b0ce1c350f310333cade6d1004d0d610c787fe71

SHA256
4227466c6f4d5366277247a39e0f9db7281641d597b176e257974ed28b0d793c

SHA512
01247495a9059e3c1a04a3d6ae4abb37b84c9287081e327601f98474f90b33d36df2bf2950125951ba26b23eb1c87f39453a16d48842849ed93c7e91324f79b7

Download Submit
/data/data/com.bp.box/no_backup/androidx.work.workdb

Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/data/com.bp.box/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
8088dd24475a9a5a0e23e7324e873452

SHA1
8d51156a73b02125e5c2f40a91fd48a87f2bd2ee

SHA256
0888e5be80e6b6ffdf78d9a382200841dac6a7f513758b3a54b996ae2298f58d

SHA512
61508561dacb4d13eaf8d8a5615f02bbdc94813b7d86e70c2bc0f1614ce48cac1b4546b41b77050fc4e807498d7c48f5aa4383c83edbf699769cbb10d8fd904b

Download Submit
/data/data/com.bp.box/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.bp.box/no_backup/androidx.work.workdb-wal

Filesize
112KB

MD5
98be5517b26259f5aceae75e45338cdd

SHA1
cf7be18c78601a18e49d29c220f405a219a14695

SHA256
c4793d82ca42c262ddb8c74b5d42c28373af9dcabc718ac1bb0c87d768f95bb0

SHA512
6e77a69afe969e7deb7b760fb948a7a5df88cea3baa8ca691f6955e6671703fda3435d1cb2d33c9e4a5862dba265bf088bc3ccf9b4d17d7880b6d6a36714a014

Download Submit
/data/data/com.bp.box/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
36d689d923fb3cb456bd7f9d02e3df39

SHA1
d760516ae9ce02a1d6e400bf018f45d1366d5d94

SHA256
3e1a07eb05cd9db98e7c9e76c2b01468ba870c031449f764e0ac4b16912f1349

SHA512
b4f937bf0a15107cbbfc0be486cfd48178f5a612100d98adc327d1371930f5dc4550d48804f283bf5ae7f91035c56652fc4700d57dac38955cb8aa701c02f673

Download Submit
/data/misc/profiles/cur/0/com.bp.box/primary.prof

Filesize
2KB

MD5
85e039abb6397d1acbf0ecb4d900a9e0

SHA1
d7e557e894a6355f0514a6d6ba0815dafb0894fb

SHA256
feeacdbd8997489aa8ff1f8a288243413da3401d67d9c4973769886a3941507b

SHA512
82dc025b337d5beda79706ab2a809fd67e43f614c0657b0d709d282774e5332cf1b9b8d9646a796b04663971494c318ea2ed6bb3f0137440f16a446482394810

Download Submit
/system_ext/framework/androidx.window.sidecar.jar

Filesize
12KB

MD5
bdf3529e80318eb14e53a5bf3720c10d

SHA1
25c9ace4b1af6e80ebb2572345972c56505969ba

SHA256
bbc8300dd1e9cd08de8f66560c1ac2c928615b72b51cef9649f88974f586d64b

SHA512
48b9c2d01171bb651b9b54826baa51f4add48431a3efd8ceb5f7cc3bcd6f8f37edf47fabb24349dd15b3a02329cd450f90a8d164bf4f8dfae554bf3b35a8a55b

Download Submit