6127daf756865ee089ba83efdadebda2c047026a698759de09127d0dfe630e8d

Resubmissions

22-12-2024 18:04

241222-wn1v2svlcs 10

05-12-2024 22:02

241205-1xqtnazqfr 10

Analysis

max time kernel
176s
max time network
181s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
22-12-2024 18:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6127daf756865ee089ba83efdadebda2c047026a698759de09127d0dfe630e8d.apk
Size

760KB
MD5

3734544ff6e3da8d41e19345384d010f
SHA1

df19a5869fe0fa2a3567c1d96186de0ac83f10ad
SHA256

6127daf756865ee089ba83efdadebda2c047026a698759de09127d0dfe630e8d
SHA512

16814c94dfe32a50a3786431c9195db899f877e8cc3c9599d8fe3e6c92d9b59e30f4fe939d12961b947a158e877af926b034d0aed95829d8466f368dd9c254ba
SSDEEP

12288:xO7GdIpJ6sgRwLzm5UOG4zT5WmpYshXZPbGwidNpg6:xwJ6sbLzmVG4zT5WmD9idNpZ

Score

8^/10

banker discovery evasion persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4217	cmf0.c3b5bm90zq.patch

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	cmf0.c3b5bm90zq.patch

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	cmf0.c3b5bm90zq.patch

cmf0.c3b5bm90zq.patch
1⤵
- Removes its main activity from the application launcher
- Makes use of the framework's foreground persistence service
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4217

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/service player/config22-12-2024.log

Filesize
76B

MD5
00adeeb3d2162884eeb76048cf24da2c

SHA1
74ed7d19103a4f73cb4297df22046e69e6676f74

SHA256
c620d1ea6fea633cbc48ef01f035b29adeb87dd482ee4426a586d00ae17645e3

SHA512
e9e9bfe4d8c5977d41d2e596f19411d0b2c6a7b01fbc87195a62abb9e6a853001fae69d60285328bd2b9982bf8c0f71215cdf724ad14c8086c478dcee652b137

Download Submit
/storage/emulated/0/service player/config22-12-2024.log

Filesize
253B

MD5
4af83f618fa809a60c40e14b30d71cac

SHA1
e2109a957cd1f34817c59b4f26c10bd605ef5f33

SHA256
d1a01f65502d6f425dbb82cc5e1f08a902a71e37fb7229bf147511a26d542d55

SHA512
1bda2b62c6941239dbcec99cc4577504bab5384d804fd21f70608d697660ddd5189805b26991f87c7da302f3d1dce64f6da07b8354b56ca6d69d0c722377c27e

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads