7fb82e43ab929fe5f0ee60a07876010cec4fd176d5e8bff876a5101a36567636

Analysis

max time kernel
1s
max time network
150s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
09-12-2024 01:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

com-penly-penly-1-59663159-a525ca6bee55a553d26453f2258e3b4a.apk
Size

6.9MB
MD5

a525ca6bee55a553d26453f2258e3b4a
SHA1

0c88993bccb5f2ed0db36bea1b10910ba7b9b902
SHA256

7fb82e43ab929fe5f0ee60a07876010cec4fd176d5e8bff876a5101a36567636
SHA512

a689cd326a9038a4013c46fe58502f7b4002164025b90de8e3ff0c4bf444ec7d66bab90ee454bfee7b1d6659c371cc547ddff36ac9c12bc078aeda63d8a784d7
SSDEEP

98304:LzfrHKXNei+kL/d/HxtS2jUxSOpzlf0Ot2T97u4NIFtEaiWONpY9m5+hlPqb212q:IsiDFHxtop7uZ2E9WOnYY4XY7pK

Score

8^/10

discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 8 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	com.penly.penly
/system/bin/su	com.penly.penly
/system/bin/failsafe/su	com.penly.penly
/system/sd/xbin/su	com.penly.penly
/system/xbin/su	com.penly.penly
/data/local/su	com.penly.penly
/data/local/bin/su	com.penly.penly
/data/local/xbin/su	com.penly.penly

Checks known Qemu pipes. 1 TTPs 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

evasion

System Checks

T1633.001

ioc	Process
/dev/socket/qemud	com.penly.penly
/dev/qemu_pipe	com.penly.penly

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.penly.penly

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.penly.penly

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.penly.penly

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.penly.penly

com.penly.penly
1⤵
- Checks if the Android device is rooted.
- Checks known Qemu pipes.
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
PID:5084

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.penly.penly/databases/com.google.android.datatransport.events

Filesize
40KB

MD5
15d5b92dcbda7ef7f9ca327a903e46e4

SHA1
ca153b66028a58d90346ff8abadbdf01b95c37b1

SHA256
e802fdc1ccd833b91d80bb1d8f54cab2b585393e6a07622c4d9feaab07633370

SHA512
2352f167ee5aa37cb3438a0a7df8f632771a1d019c5cd120fe62313fb73aed6d0e09186a9bf306a564371b846a8da020f6acd7aede0cc47ca50701611fa84aca

Download Submit
/data/data/com.penly.penly/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
8050ab5ed483ff63d32592c867522d4a

SHA1
0c83056265b4e6f2f73139a360820c6dfa52cce4

SHA256
2a9459ae96056bb3eb742a10f3df5497ef19798140a0d2a3e14f7d1ca4f1967e

SHA512
37a10f70ca52bfb08768c196b318b8a72d2c5efb87b992d96b3236cf62df88635e84925edc739ae7855f9b9a2fb08469c10eb6d6d89bf00e70c687381047fce0

Download Submit
/data/data/com.penly.penly/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
390d3eaa042a5f9b1a001fc738156ac0

SHA1
144240bbb37c3780e433a4f4d3b64d3fa58be5ad

SHA256
b1a5e4358abfc9ad4141a15190e9f92a80b4022631f727f849d3b62452c1d900

SHA512
43479f96e2f0093eae6bbd1e73365dcd0d1820cfbff22a2075caa06f64eecbd14bf9387bca5edce06e2edfab0ab2a49d1e938677a5bf595f4d5d520c1f2e6751

Download Submit
/data/data/com.penly.penly/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
dc81c1f697c6f28823aff076ec1c6d7f

SHA1
e88f832b34f57c323756b63990f6197c0325cc54

SHA256
3f1378163337e151b68104be73bbd6650c89e13f25134f1855a8039b8c153bf7

SHA512
0e3509e3af6c7b2c73d4b0066f0023ff96f234dfd049248f704ad81d37124ca580e734ed61f617f7d67ae24236d6bcba2470c1bdc84a6245b56f338188d65ef4

Download Submit
/data/data/com.penly.penly/files/PersistedInstallation8126205761287396263tmp

Filesize
90B

MD5
91383116d36ec5241e5bf5b40ebd755a

SHA1
4e0ef21e573746de8eac77b81e4c6fd82670fdb5

SHA256
41e39104a6a105b4ba0d5943974ed42e1b1411043956cb690564529d52d3dcf2

SHA512
a01834c9df5e11f123d8a97a11e8f11adb32857cbb8dc5b97520988b726f1cd0cb4e36c2e80ca5cf251501ded33da1ce6487d62332a20e3837d212a660fd3ef0

Download Submit
/data/data/com.penly.penly/files/shared_prefs_sdk_ad_prefs

Filesize
153B

MD5
65026ee778e1372d9f4aed742772e893

SHA1
5a5f1c821d7639424f3c75a44468ab5f7dd4e8cc

SHA256
15070f52136d5a8332f8d70f790bd7bb04cd6a99b386d40e0abedc40c42caa3c

SHA512
589c4a12c6b6ec1a1cca957da758aaa900e68a23b4bc2f42524b0e8dd34f6c5378541d9293eae1ae8d478bf5b5229ce4218c058fc3b399eb5756afeb05c68616

Download Submit
/data/data/com.penly.penly/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.penly.penly/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
4a1da8e1e5a44c08e729a01390d1f151

SHA1
9c0d8fac059bf9524ee7e9c96aa4cbc5f340e3d2

SHA256
ed977566767e6e4353df8a2bf67c5c2bd4e9502426327237e73dad4561615ad4

SHA512
ed78f204f164bc0e7af96abc8424df895ec75e77b6988f892736ab0fa7215f24f188c9bd7f22b371966650a535fefbe7536cf3be8debfdd92377596ff0b5f11e

Download Submit
/data/data/com.penly.penly/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
bb144b38b96c815ec23796b0e4a2b7eb

SHA1
eb32fdbe993bbb3d0a856476a1d878fb297f8280

SHA256
70f3fd2fdb64c62ad213999435e85c112b6d0fe87475a631e5472b5e07a15469

SHA512
9eb490c61b265cad20aafed3a742bb9ce1038ad0811b0901f25c71a9aec6576d7bb27e0ffa9e3e1cf8e95aca33eab4dca7c56bc1526596022c92f0d8fea5a789

Download Submit
/data/data/com.penly.penly/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
ec2bc2317b35a819d494ed2247340bd5

SHA1
dd39d233f09d53e0f4df7ce766d94570fea7df6b

SHA256
e8ec308696fe7940e1b3c32e84e8d0bb41f5e350eacd27912a237e18e29049fc

SHA512
58cb5d9d7f253ea19e9672871a102e46ff62cd3af8a41eee9f4b520817d258c912e0e2a30ebd553b8af163cda31f69f622ba768393e663a4a206c00b48c55964

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads