Overview

overview

10

Static

static

10

002d23802f...a9.elf

ubuntu-24.04-amd64

006e75ccf3...e6.exe

windows7-x64

3

006e75ccf3...e6.exe

windows10-2004-x64

3

010b63314e...17.exe

windows7-x64

10

010b63314e...17.exe

windows10-2004-x64

10

017f252187...45.exe

windows7-x64

7

017f252187...45.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Unmonument...GL.dll

windows7-x64

1

Unmonument...GL.dll

windows10-2004-x64

1

025a7cc996...12.exe

windows7-x64

10

025a7cc996...12.exe

windows10-2004-x64

10

026a0d5ada...ed.exe

windows7-x64

10

026a0d5ada...ed.exe

windows10-2004-x64

10

0296e49137...b6.exe

windows7-x64

10

0296e49137...b6.exe

windows10-2004-x64

10

0382436149...62.exe

windows7-x64

10

0382436149...62.exe

windows10-2004-x64

10

039b7cbbe0...f4.exe

windows7-x64

039b7cbbe0...f4.exe

windows10-2004-x64

03a0e7298d...43.exe

windows7-x64

10

03a0e7298d...43.exe

windows10-2004-x64

10

044d4141fa...83.apk

android-9-x86

6

044d4141fa...83.apk

android-10-x64

6

044d4141fa...83.apk

android-11-x64

6

0488488429...83.exe

windows7-x64

10

0488488429...83.exe

windows10-2004-x64

10

04ba453903...df.elf

ubuntu-22.04-amd64

8

054c0c0eb0...5c.exe

windows7-x64

10

054c0c0eb0...5c.exe

windows10-2004-x64

10

058c3a111c...0bc.js

windows7-x64

10

Resubmissions

21-12-2024 22:57

241221-2xpr2atjar 10

21-12-2024 20:29

241221-y9xfvsyngy 10

Analysis

  • max time kernel
    5s
  • max time network
    148s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    21-12-2024 20:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    044d4141fa14d7abac6f282b72e4d4a6f0fec56df3d0d1650e2db3a1a5c80783.apk

  • Size

    3.5MB

  • MD5

    c126af541f25c0a689dea5f44d598764

  • SHA1

    68e1772c5bf7a0db611063205b2b6f90718893a5

  • SHA256

    044d4141fa14d7abac6f282b72e4d4a6f0fec56df3d0d1650e2db3a1a5c80783

  • SHA512

    eba66c60d7a38a18c57278aefaa7c235fb744b460ed7d9f59724ec68366af6eb6d31333c0be17e92faf91ffefd8629e8e0697771fb13cb3d16cfcb9ad556e215

  • SSDEEP

    49152:3/NUASHe5UQtHy1fffEcy317sc1x7B3l0ZL7ZhJqowVSvsEFP2R7QBub9e3g5zpd:vqp6efffnRcj7jGPJqikVQI5Dhpdns3E

Score
6/10
discoveryevasionpersistence

Malware Config

Signatures

  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery

Processes

  • ir.shz.shzkisi
    1⤵
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about active data network
    PID:4548

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/ir.shz.shzkisi/cache/~test.test
    Filesize

    4B

    MD5

    098f6bcd4621d373cade4e832627b4f6

    SHA1

    a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

    SHA256

    9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

    SHA512

    ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

    Download Submit

  • /data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    6f57b38caa81806d314271ad82f6fd63

    SHA1

    0db84171184422521a7906231ac1749dd853da06

    SHA256

    46c39d5139f71d5e5a05af93d2f853f8ee8ca9a7a9cfd9dfb09a97d654b9588c

    SHA512

    7eb1d086ce64220a7c82e9bf3f0621895aa70b195c5cb4cea56b677351a60f13c48bb8b3fe033984d1b19272263c50adaee31ee44f03295057f2324394cf3451

    Download Submit

  • /data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    d3c0e525c49224c28878c1141af7f839

    SHA1

    aa0201c92675533e30b15d1aa038b47b7feb71d6

    SHA256

    b826111d73c9215f3962255c5c818f1d38058849982c255d795365d825561534

    SHA512

    f5ffa8e0c8fa5b2204d7950e9cf4d5200b0897677f3699d7d982b663c1afc1c961a3d9583820ec8a9eb28e084045326fe1380c8dbab919cd287ae2e56025efa4

    Download Submit

  • /data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    ed441d56921c8f4483445b1e41dbb188

    SHA1

    b3dd45566c3c6a89d62a5eba138faee61a653b1c

    SHA256

    26ffc537f756fc9863bd0ca15ccc8bce2f247b6ffb5f63be5f365dfe96888f1c

    SHA512

    d245859f1246a0bef69c6bc992cd28b2fa0d2882b521cd5402423408b8085bf23d1f1b5872b00e2ee0bba98653348dfb4e6cdfe3a8b3101e29289237395cc750

    Download Submit

  • /data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    47e531f6b47046b5a76dc966131bd57a

    SHA1

    895ce364e47e97cea684e9fb13634c6b6924d01a

    SHA256

    6cd2346a4d1f2f6223e43df5791c69f11d508bfa28023e38debc5398be71ff00

    SHA512

    ff0a579aabdce9ae899ae39a5cf6d40d296c67f13f1bbcbcc6497838471af08cbed5d10ba831f690042225430f3236949e5b5eef830fc24b8ebcebd3031d1589

    Download Submit

  • /data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    d9cf75fdd1c2292d986f6c3d5d60f2c8

    SHA1

    07ecb1d3a26d952ae5fecf54f36699ab498510b1

    SHA256

    2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

    SHA512

    442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

    Download Submit

  • /data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal
    Filesize

    8KB

    MD5

    85ff6985af70b2f39263c418e9a11d3a

    SHA1

    df9e97bb522175d481fbc2e499074b4c3e06aebd

    SHA256

    14d37494c8bc5b53c354e41609448f3039129ef6ec1bf9c3cef39c131bfed0a0

    SHA512

    09484255b3a2cb26c2ca98b1ab40fe03d3fe54f0f5cdda36c5cc5d0a02703e2f868144e6b74eb2759649914a7de8ce79ec2f6b1e9abbb558cf0b5bb3794cf28e

    Download Submit

  • /data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal
    Filesize

    8KB

    MD5

    e092767e7b3c2c83852fc3101c7ec882

    SHA1

    331542e03cc6010534bc7c0c275b57bb091775a3

    SHA256

    2971a187acbfe5a0ab92d5e73a08652cc52792995c23b73a77b4da541f6f094f

    SHA512

    b22fece568924bb654aea97da8b6caf627485bec4b33b5fba2cb2c3f46958bd8632704731ddb6dd73119a5e379d36322f70a68481de72ff7c7bab320d81a2029

    Download Submit

  • /data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal
    Filesize

    512B

    MD5

    827ae78dc3e855ed99784f4d20c62c25

    SHA1

    4d8dd48bdf4f8b89b319a6aba2ea668b646d6eb7

    SHA256

    785164114cc9b019efdd7b1db14126b56446dac14b2fff64383aefde587473da

    SHA512

    271a2b74cbd920ed4e6da6b514b7597c7ddcfd8e6d654b432c3d1e0ba4fed2ddc3058f78bcf0cfc3756c0eb93929982bf1d1e2fb0ebcf68b3c77569f7f8e4e42

    Download Submit

  • /data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal
    Filesize

    8KB

    MD5

    f47e550fd0028b4702eead3b79e072a2

    SHA1

    6154d5842883bd0de545a3d7bba2322f183a7733

    SHA256

    c4e5faf6ff68eeabb5adbab186e739f2b4253aa1ad44331d9492122cd26f4e89

    SHA512

    c658604503dbeb83fd0d2d0a170442d614922e23ed3c65e02b6e7690f88cdce424287588044991bfc2efa949b599a642966eae1f385cbf079f3cc7acbb4a9662

    Download Submit

  • /data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal
    Filesize

    4KB

    MD5

    f56b44acd8fe775e18bdfcb661b4dacc

    SHA1

    3483e9ab798bfca279948ca62c5365747523f876

    SHA256

    60beb6233f1f0032ffd69043818ab0de9f4c84df9c0328894c6e194d4f633bfb

    SHA512

    fb70f79e936afc829014c9cda4077778fccd64f6206e3eaf51638512e5e25fd7e81897ace22838fe423efc3ebcafd07d3e21447af8808f06031daf90376a1cc2

    Download Submit

  • /data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal
    Filesize

    8KB

    MD5

    e7f1870baf2e53da2adcbd21efd1f5b3

    SHA1

    1b74d1d0e4a44371cb4bfce44a35628a896ad37a

    SHA256

    3b5dab373466eed929082ba970bc075d01bd9b1af97327695dc4fec2cbad3688

    SHA512

    4fbd3dea4f1e7eb427d9f6197f20e2a781eecadd62ce9820c03b4e21b6c9925f3587a8f5cd761461948cf3a4f334d2102e6f1c9c6041f3b39f5558f947a64c44

    Download Submit

  • /data/user/0/ir.shz.shzkisi/files/PersistedInstallation5040390625433768354tmp
    Filesize

    90B

    MD5

    c735eb14d0a359ecebfdec166499705b

    SHA1

    45b462a5c312ae82c23c3648eedb08b03ad7d9a9

    SHA256

    d4464c6258f2e0fd2fd54e58ab8dbdf1b1adcffe400f7a1060740a356d1f6c7d

    SHA512

    128987cfd7c7ab8ad98940868a8ff467929749a2b761e19148e26fd79a3f2dc29872e8a42c327f899dd9724558db44c22cd564f4396cda7e0660a72db7ea9c10

    Download Submit

  • /data/user/0/ir.shz.shzkisi/files/PersistedInstallation7235029543907275932tmp
    Filesize

    569B

    MD5

    a0fb2eafec71f468e9cda157bf28c870

    SHA1

    e65d11cdf18c5c6d3fb20e68072d509eb933e40a

    SHA256

    c1e753b38a133719f650a523300b87767c7dc0385542d48a1c8943c8f9288f17

    SHA512

    ae775f92bf4eb8a2cc11a3c5fc83504414842f4f7353e4feba6fd0aaa0bc7ce31f8421507dff751a1fd1d3d0239208138919f5b45c5fc102c315fbfd474398d5

    Download Submit