Analysis Overview
SHA256
d672cabf04369c152207eb3a2a588b28ed7a72b4634cc3807d689f1a6ef4a0a5
Threat Level: Known bad
The file olsera-pos-v.1.8.17.12-stagingRelease-main.apk was found to be: Known bad.
Malicious Activity Summary
Axbanker family
Checks if the Android device is rooted.
Requests dangerous framework permissions
Queries the unique device ID (IMEI, MEID, IMSI)
Registers a broadcast receiver at runtime (usually for listening for system events)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-06 05:19
Signatures
Axbanker family
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to read image files from external storage. | android.permission.READ_MEDIA_IMAGES | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Required to be able to advertise to nearby Bluetooth devices. | android.permission.BLUETOOTH_ADVERTISE | N/A | N/A |
| Required to be able to discover and pair nearby Bluetooth devices. | android.permission.BLUETOOTH_SCAN | N/A | N/A |
| Required to be able to connect to paired Bluetooth devices. | android.permission.BLUETOOTH_CONNECT | N/A | N/A |
| Required to be able to advertise to nearby Bluetooth devices. | android.permission.BLUETOOTH_ADVERTISE | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-06 05:19
Reported
2024-12-06 05:22
Platform
android-x86-arm-20240624-en
Max time kernel
7s
Max time network
131s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /sbin/su | N/A | N/A |
| N/A | /system/bin/su | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Processes
com.olserapratama.pos.staging
which su
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.10:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | sessions.bugsnag.com | udp |
| US | 35.190.88.7:443 | sessions.bugsnag.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
Files
/data/data/com.olserapratama.pos.staging/files/device-id
| MD5 | 917d0e38361551a4fb7d7315701ebcbd |
| SHA1 | af2723813256ffe2149f94ccc987dd27aaf6b055 |
| SHA256 | 2b7a53d21c23e8f79988e401c296cc430db9476ff4fb41b9758d66dc4ee8f88e |
| SHA512 | d87da44783d1ffaa3d6dfa2dfeecd7b24b6e4170dcc2277997f58663891cf22494144962dc3ccc6f7d223b0a9abb500f6d15aed3efe77f8eaf4b237987451585 |
/data/data/com.olserapratama.pos.staging/files/internal-device-id
| MD5 | 1ba2f32afd14f3afec84b5095863048d |
| SHA1 | 98bfabb85accc90dff63eaf82cae69a2c68d039e |
| SHA256 | 2cc133283f5cbc525efa9fd50047215ecd8f67c33c8ac258b286b14d5a124675 |
| SHA512 | 0c63c5f8e5ff98d7aa1694de38620afa67837040bf7e1313398127894f9930363309ef01c6b4c6742cd9d771c3c0ef4f27c9bdece18ec0f6daa7eaeab3d0a892 |
/data/data/com.olserapratama.pos.staging/cache/last-run-info
| MD5 | 94e10e850bf39b9d0a6fef9969739ad4 |
| SHA1 | 5a9424345b6455d1b84ed73ecdde7eeab7f83ac9 |
| SHA256 | da731d687400934bea5e647ed90766710215d2e224d53fd2912f6acbea356d5d |
| SHA512 | 8cb6f99259a95a259d7b3d15cd39f8973de6da14ef8691d77e320c71519921da6d8708f7d278b974e2bf5ea5e0854fbd16c31f44462cc36d4b93f9930a4768f0 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-06 05:19
Reported
2024-12-06 05:22
Platform
android-x64-20240624-en
Max time kernel
7s
Max time network
131s
Command Line
Signatures
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Processes
com.olserapratama.pos.staging
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.178.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | sessions.bugsnag.com | udp |
| US | 35.190.88.7:443 | sessions.bugsnag.com | tcp |
| GB | 142.250.179.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp |
Files
/data/data/com.olserapratama.pos.staging/files/device-id
| MD5 | 93b68d5c98aaccb756dce1fbbe9d7936 |
| SHA1 | 699dde1323dd71a35cf7fbf766ea74cec9bbf3ec |
| SHA256 | dcc5e9624b58729df0deeb6a347dd10b84fb59d1d688b10f059ad8f61aec8296 |
| SHA512 | 393fcae43dc6e30843d9f4521a21c734c969b6549144a06157af6c71de49804ecaa7e2414a4c42574bf67d39bc4ee94ff68e116502e9edc5f6379aa5605c09d7 |
/data/data/com.olserapratama.pos.staging/files/internal-device-id
| MD5 | aa9f4032fab366a4cdfead54382e3b6c |
| SHA1 | e51b2cb5615bf3cddd0e29b896a752ae28b86cdd |
| SHA256 | 2cfbaabb91d4e66002ac167f1982a51e24493db45eef56d0fd51c992a6aada67 |
| SHA512 | 8bbfc7ee2a4aa206c8dd5ccf32b72dc598ede6005ef444ac1da68206fb7eacd54fe4129f5148bd269ad785fdc13ec4dac7942515f6d4a2971945f65654cf27be |
/data/data/com.olserapratama.pos.staging/cache/last-run-info
| MD5 | 94e10e850bf39b9d0a6fef9969739ad4 |
| SHA1 | 5a9424345b6455d1b84ed73ecdde7eeab7f83ac9 |
| SHA256 | da731d687400934bea5e647ed90766710215d2e224d53fd2912f6acbea356d5d |
| SHA512 | 8cb6f99259a95a259d7b3d15cd39f8973de6da14ef8691d77e320c71519921da6d8708f7d278b974e2bf5ea5e0854fbd16c31f44462cc36d4b93f9930a4768f0 |