Analysis
-
max time kernel
6s -
max time network
303s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
12-12-2024 14:11
Behavioral task
behavioral1
Sample
smartpayzone.apk
Resource
android-x86-arm-20240624-en
General
-
Target
smartpayzone.apk
-
Size
38.6MB
-
MD5
d0f05a2a91bec69cc33d05d9e055cf62
-
SHA1
0e597f48f3c8a77c2c34b51f3c1cc8def9cbc2cc
-
SHA256
714f140717663febb87371031c7a102166c96a6e8e22a7ee6836907f01e53261
-
SHA512
8b3a3429fae2af0c3192e835d8b6395e05395c2bb9b44b759c9bfb279ad36822aa0cfe6193e26533d8bd875f56f5dcdde405d368f068b339aec73bc9aff2db4d
-
SSDEEP
786432:YY4vFxsSwUj3YiNo7Y5Aa8ET9A2EmA0nwwjYtd+oCVrUBe:YYy35NpeXETZEmA0nm/+/
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /system/app/Superuser.apk com.ri.smartpayzone /system/xbin/su com.ri.smartpayzone -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.ri.smartpayzone -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ri.smartpayzone -
Checks the presence of a debugger
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.ri.smartpayzone -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.ri.smartpayzone
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
28KB
MD57948e5ae3bc5ee76b396700182475ba4
SHA12dc89f04b85e6897bfc870924ba0019dd79da491
SHA256cb84f5e4bcebdb379ac202eef16ef8a3bb933dee8bd5d7f69f391484e7d83a05
SHA512dbd4cea1045f06b98bef50c0a3f0a645945c78455367d9659962c466e93d9bb132d6f29c061aaf51767b5e99638d4ae0cdc84c8eefbbffe73f2c3e392e7e7995
-
Filesize
512B
MD5c8894a4fef1795ef7afcf85ee6abaea7
SHA19d2b4a7d201329fe79812ff087f1021e4214f0e6
SHA25610f2c0d92cb0be194b10ab4dd6eee2116b2e1760aecc1f47f03da8cf98286e57
SHA512727a2c10898e5f63f0a2940e60f7dac53cc3e049469a8b306d676eb88e2e0f786ee681e32f298822536a349425665282ebf91fa434d32e34f0067905246c96a6
-
Filesize
56KB
MD51af0f66fb82e22dbdde41d44c9ad0727
SHA19a287a311d32bbbd680cdba0a08896e2472438bc
SHA25667638e0444c71060c78fff90ec6bffcffa605e19cb3f1106266cc42a4684d7a6
SHA5124868de7674f14220648eaf8d7e96946f3499912b9ab7d60fc7fce8d85453a95bd6b35b3eb810619f34420ec23136ec88197374375c5c560ba877d08150a7aeb1
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5aa5c80a0554c92986fa3dc89d36d8a3e
SHA18f304c79218150e47fb067ff5abe1b8084606d47
SHA256b2a61062190d7f3970c30ff284e0c6c483cd3d0dda23aa1f8a7d9f92470ca3d6
SHA5126031676b3b547a2d1ce01d695051bd46e6423db9f861ed8782097225889f9a5b3658a870fc559014f424320b9fdbdaa6c9e0e4b04d8e349ebf0f2f837440de8b
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
68KB
MD590649e2595337b713c26741052618b10
SHA154a9ef579e9ed5f14d95897ff9c94a9ffb3f1ece
SHA256b3561ade2a5da8415e0ab5888717b93f23dae37cf9930d70bda5781844ec7b48
SHA5123ec3fada3d70ca61912ce622eb481145f0db35da2a11a67cf1c0dac4d1e1e20340e6211068aabc0fbc9546706e02d9b5197c7b2e218e6bcc30c33d74dbb8e704
-
/data/data/com.ri.smartpayzone/files/.com.google.firebase.crashlytics.files.v2:com.ri.smartpayzone/com.crashlytics.settings.json
Filesize715B
MD5ec5c7386e5c0844abe8fa7cf66d4cfab
SHA170498213de5f26783b6a38b4bd7a7f4fd3f3619f
SHA2563d41b898656c7bd8948b2af8101308a7dffdaec5254f643ef81b284cfbb42a74
SHA512d2779428a35552f4c7f604b5c6c198b33894ac4ec08ede653c44931ffd9e7c56aa9d9875e947fd1f29f5c4e6643e82397557bc660569771e9f78e083dc888599
-
/data/data/com.ri.smartpayzone/files/.com.google.firebase.crashlytics.files.v2:com.ri.smartpayzone/open-sessions/675AEF570173000110BCE7B7EA396D12/report
Filesize736B
MD5d758a480d5ab5ebb4f9e77291300820f
SHA1846d90ebd2a5531c2d4f3eb162c91f2cf80c3352
SHA256a723e7ca0ffab93d82ae3421d8884444fd57699b7b7558d5e09696289095e436
SHA5128d9c633756fce5fc8f637e299601026dba4adf7de755a8a5995d763829a19df1f38a30f258489ec33e1bfab01029e9dbbd8a822d7322f0386623097aeff4d648
-
Filesize
90B
MD5355b3992b0400d002f900aa48a18ac0a
SHA1e0f1277f2691487fe960f939674d202883612283
SHA256d11fb38654d0fabdf9b1702f57c71b48b31cbc86cf521117590f04a95454f974
SHA512054dece3bd2ca0392d991df60cba40f3d534c1102d5de68714d4763c27261e8e33494e2896b208a35f1993997eac0e6bbd05389f7a1eb8d631e3a165bdcda8b5
-
Filesize
567B
MD591781b7e8441a7b54b08232ebbc26263
SHA19415948c7398e06fd0d6d8ccb3a76b4df9a6f984
SHA25611cef634564297c0da8ae424e5d335e6d0fa9c40aae161066be2d258ea3419d0
SHA5122f30ff3abcd7a4fea6e522e6f0dbd5e006d9c768d4fe3ffb588e036f01a613284cc1f545c0fbfa0a9627c902f8cd691bce06de3a571efd72a1e96184d2a31535