d672cabf04369c152207eb3a2a588b28ed7a72b4634cc3807d689f1a6ef4a0a5

Analysis

max time kernel
7s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
06/12/2024, 05:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

olsera-pos-v.1.8.17.12-stagingRelease-main.apk
Size

77.4MB
MD5

67c28f3bd058a6d4b88c67a208e640a2
SHA1

dcc92a97f8c9a75af3ce30b55c6867ec7bb38d3a
SHA256

d672cabf04369c152207eb3a2a588b28ed7a72b4634cc3807d689f1a6ef4a0a5
SHA512

0231513ae4638fcbbb3b04dfb8a5c48eb4bbf653d263aef1426b7979b509789164a7e50e3139e80f16e5dd85c4e6ea530babb36e45e545ef38a78333c42d25f1
SSDEEP

1572864:RcTBBvhwzy6ZadFvANbpt3qc6tjD12JIEMh2/gdJLTppsFCGObZLBvSeFRtJ:R6kzDG6NbpdT6tjcTMhaYYYHvSez

Score

8^/10

discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	which su
/system/bin/su	which su

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.olserapratama.pos.staging

com.olserapratama.pos.staging
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4267
- which su
  2⤵
  - Checks if the Android device is rooted.
  PID:4297

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.olserapratama.pos.staging/cache/last-run-info

Filesize
67B

MD5
94e10e850bf39b9d0a6fef9969739ad4

SHA1
5a9424345b6455d1b84ed73ecdde7eeab7f83ac9

SHA256
da731d687400934bea5e647ed90766710215d2e224d53fd2912f6acbea356d5d

SHA512
8cb6f99259a95a259d7b3d15cd39f8973de6da14ef8691d77e320c71519921da6d8708f7d278b974e2bf5ea5e0854fbd16c31f44462cc36d4b93f9930a4768f0

Download Submit
/data/data/com.olserapratama.pos.staging/files/device-id

Filesize
45B

MD5
917d0e38361551a4fb7d7315701ebcbd

SHA1
af2723813256ffe2149f94ccc987dd27aaf6b055

SHA256
2b7a53d21c23e8f79988e401c296cc430db9476ff4fb41b9758d66dc4ee8f88e

SHA512
d87da44783d1ffaa3d6dfa2dfeecd7b24b6e4170dcc2277997f58663891cf22494144962dc3ccc6f7d223b0a9abb500f6d15aed3efe77f8eaf4b237987451585

Download Submit
/data/data/com.olserapratama.pos.staging/files/internal-device-id

Filesize
45B

MD5
1ba2f32afd14f3afec84b5095863048d

SHA1
98bfabb85accc90dff63eaf82cae69a2c68d039e

SHA256
2cc133283f5cbc525efa9fd50047215ecd8f67c33c8ac258b286b14d5a124675

SHA512
0c63c5f8e5ff98d7aa1694de38620afa67837040bf7e1313398127894f9930363309ef01c6b4c6742cd9d771c3c0ef4f27c9bdece18ec0f6daa7eaeab3d0a892

Download Submit