a41f576a5179b7a1560da5584b595c6fbe0dccad3833bb3144a1e38074491d3b

Analysis

max time kernel
146s
max time network
159s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
13-12-2024 22:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a41f576a5179b7a1560da5584b595c6fbe0dccad3833bb3144a1e38074491d3b.apk
Size

760KB
MD5

ba6ee5a8b9123289c9ae08d236282cfa
SHA1

8598d3dbb701bd1bfce7a94094cb1203c6a9dc7d
SHA256

a41f576a5179b7a1560da5584b595c6fbe0dccad3833bb3144a1e38074491d3b
SHA512

338f125a1ddf5fabea5d545607df2f2f8b2ddfb618b39048ac2f01c88db593781b8545e3e57ec4c83627bb6ff12f8ca906cab6e13f478f468fd20f692c0d9b71
SSDEEP

12288:UV2ta1a8LzeqPknMIx15WmpYshXZPbGwidNpgK:UVia1ameqWMIx15WmD9idNp9

Score

7^/10

banker discovery evasion persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	cmf0.c3b5bm90zq.patch

Requests enabling of the accessibility settings. 1 IoCs

description	ioc	Process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	cmf0.c3b5bm90zq.patch

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	cmf0.c3b5bm90zq.patch

cmf0.c3b5bm90zq.patch
1⤵
- Makes use of the framework's foreground persistence service
- Requests enabling of the accessibility settings.
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4317

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/marketing/config13-12-2024.log

Filesize
63B

MD5
4ca4e9daf4ad8d5036771d6b974fc578

SHA1
d1063ef221042ac45431c7acffbe61eea3109189

SHA256
affe00624d94878c8395fbe34c27e674a4eba93bc51f186365cb1f61200885a3

SHA512
1150ac55eeeca607c617ae4462419982e097441f542d4e48abf4957bdaf9726418c4b7ce463bcb72813e25f9a6f69b4ea1a8264d981fb12d866b649ea8290ba4

Download Submit
/storage/emulated/0/marketing/config13-12-2024.log

Filesize
225B

MD5
02444c3f5b723e7827afa4d5be5dca90

SHA1
9098b14e9dc7502aea1f3e338b55de1fb6acd6c1

SHA256
5b0d7be99cc432756939b990fe6a344c7973c36a46aa0ac627cb0a13db778c45

SHA512
a04203ec95d231ab25eafecf715b7a1839a8d71652dea5b0628380961c18fe0afbc352271a7c35fdeb3490fff74fe4936c64eae8c4ed54e261b46189860939f9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads