6127daf756865ee089ba83efdadebda2c047026a698759de09127d0dfe630e8d

Resubmissions

22-12-2024 18:04

241222-wn1v2svlcs 10

05-12-2024 22:02

241205-1xqtnazqfr 10

Analysis

max time kernel
148s
max time network
155s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
22-12-2024 18:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6127daf756865ee089ba83efdadebda2c047026a698759de09127d0dfe630e8d.apk
Size

760KB
MD5

3734544ff6e3da8d41e19345384d010f
SHA1

df19a5869fe0fa2a3567c1d96186de0ac83f10ad
SHA256

6127daf756865ee089ba83efdadebda2c047026a698759de09127d0dfe630e8d
SHA512

16814c94dfe32a50a3786431c9195db899f877e8cc3c9599d8fe3e6c92d9b59e30f4fe939d12961b947a158e877af926b034d0aed95829d8466f368dd9c254ba
SSDEEP

12288:xO7GdIpJ6sgRwLzm5UOG4zT5WmpYshXZPbGwidNpg6:xwJ6sbLzmVG4zT5WmD9idNpZ

Score

8^/10

banker discovery evasion persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
5045	cmf0.c3b5bm90zq.patch

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	cmf0.c3b5bm90zq.patch

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	cmf0.c3b5bm90zq.patch

cmf0.c3b5bm90zq.patch
1⤵
- Removes its main activity from the application launcher
- Makes use of the framework's foreground persistence service
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5045

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/service player/config22-12-2024.log

Filesize
39B

MD5
39b870d4cd7977c1916880846abb420e

SHA1
644267398e7d8d5852c0585d6057ad7e30a90c7a

SHA256
2ec4e2a23d714876f7d66e8e5c7eacb5f422cc96e083b53fa54ac8beb31b99d8

SHA512
b29d081568f46726dc774cbe1e68efc0327278395a8aec4f593ffb841acbfa6a5ddf2baa5aa32c1503f9eea35fd799f5899a2d72c776c0ea52d0d4393690af03

Download Submit
/storage/emulated/0/service player/config22-12-2024.log

Filesize
85B

MD5
07b7adc654146fe167c1f402523a3550

SHA1
f890bf7710c487612d3b080ca1bc7636cd58b2d2

SHA256
d8500cf1f373ae5f2061dadf6ad1b3aac3d2fff829ddec3275bae86d996de364

SHA512
cf42d0fa547550b850ece63a9445e564a05d962a3622624bfdf259ebdc95d958f78f77e5d098c443f88cf8ad0c051083d859bc05448d069d2ed72671044065eb

Download Submit
/storage/emulated/0/service player/config22-12-2024.log

Filesize
76B

MD5
00adeeb3d2162884eeb76048cf24da2c

SHA1
74ed7d19103a4f73cb4297df22046e69e6676f74

SHA256
c620d1ea6fea633cbc48ef01f035b29adeb87dd482ee4426a586d00ae17645e3

SHA512
e9e9bfe4d8c5977d41d2e596f19411d0b2c6a7b01fbc87195a62abb9e6a853001fae69d60285328bd2b9982bf8c0f71215cdf724ad14c8086c478dcee652b137

Download Submit
/storage/emulated/0/service player/config22-12-2024.log

Filesize
78B

MD5
391970962e0cad09311eb34862dc4256

SHA1
42b92cc911d2baa31250ff14fe6cf9ce1f2c73f8

SHA256
c73f19f20cd4193583839b3944782ad8c54c935abc42e3b88e29455fde24a2b8

SHA512
a09305eed1b6f8e51a8a4d4bb3292237c776e76d1f968cbef6c2d9f969a3fa5920850abb0c9355f3bf1dd41dc8e6cd95c59d1455594a08c0ddad8ef10895226e

Download Submit
/storage/emulated/0/service player/config22-12-2024.log

Filesize
1KB

MD5
af4cb1b9afbaff73c44c4eabc3c15d69

SHA1
6912c874d9af6a0eae39d27df42f4c2e2cb4db0d

SHA256
887fd80a788a107f0e88dbf2e57c02d22f0412ecd3f168033485d902e1da772e

SHA512
86655bdbee35a7b7d79e755f05d6d7a1cd2ee76dd10ef998c9ddd7c9ed9de3a4d69dabb38597484e45ddf67842bc40ba0dedc7bec744633ddba4fc80a70c6aad

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads