819b20a867ce9de8cbe8639adfe3623ff70b2eac17c4d4f10e6a917668451746

Analysis

max time kernel
148s
max time network
134s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
22/12/2024, 22:03 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

819b20a867ce9de8cbe8639adfe3623ff70b2eac17c4d4f10e6a917668451746.apk
Size

760KB
MD5

101f79129e337fbacd90aa2a21880519
SHA1

263ec87adf8ac8e557b6701b851a4ab929bc3461
SHA256

819b20a867ce9de8cbe8639adfe3623ff70b2eac17c4d4f10e6a917668451746
SHA512

c269b771dba050fc5245f4a4cde8edca0c81cfb60be691ba8f73b9bbd8d5b61d1bf89524b1291a3620367a57fb69c4c0deec01353d018a1167eb747abcf8405f
SSDEEP

12288:nTdtOpLna1a8LzeJ5Px+rpIS5WmpYshXZPbGwidNpg15:nRtUa1ameJ5MrpIS5WmD9idNpA5

Score

7^/10

banker discovery evasion impact persistence privilege_escalation

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	cmf0.c3b5bm90zq.patch

Requests enabling of the accessibility settings. 1 IoCs

description	ioc	Process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	cmf0.c3b5bm90zq.patch

Tries to add a device administrator. 2 TTPs 1 IoCs

privilege_escalation impact

Device Administrator Permissions

T1626.001

Account Access Removal

T1640

description	ioc	Process
Intent action	android.app.action.ADD_DEVICE_ADMIN	cmf0.c3b5bm90zq.patch

cmf0.c3b5bm90zq.patch
1⤵
- Makes use of the framework's foreground persistence service
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
PID:4509

Network

DNS

android.apis.google.com

Remote address:

1.1.1.1:53

Request

android.apis.google.com

IN A

Response

android.apis.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

142.250.179.238
DNS

ssl.google-analytics.com

Remote address:

1.1.1.1:53

Request

ssl.google-analytics.com

IN A

Response

ssl.google-analytics.com

IN A

216.58.201.104

142.250.180.14:443

tls, https

1.5kB
40 B
1
1
142.250.180.14:443

tls, https

1.5kB
40 B
1
1
142.250.179.238:443

android.apis.google.com

tls

5.6kB
8.8kB
24
23
216.58.201.104:443

ssl.google-analytics.com

tls

1.3kB
6.2kB
8
8
142.250.179.228:443

tls, https

846 B
40 B
2
1
142.250.179.228:443

www.google.com

tls

11.2kB
12.5kB
31
38

224.0.0.251:5353

3.7kB
11
1.1.1.1:53

android.apis.google.com

dns

69 B
109 B
1
1

DNS Request

android.apis.google.com

DNS Response

142.250.179.238
1.1.1.1:53

ssl.google-analytics.com

dns

70 B
86 B
1
1

DNS Request

ssl.google-analytics.com

DNS Response

216.58.201.104

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Abuse Elevation Control Mechanism

T1626

Device Administrator Permissions

T1626.001

Defense Evasion

Foreground Persistence

T1541

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

T1640

Windows 7 deprecation

DNS Request

DNS Response

DNS Request

DNS Response

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.