8a501a8c4e7a66fdea5d55973599df8f91944b292cb48b51c932bb4c13bf7a1a

Analysis

max time kernel
149s
max time network
151s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
23/12/2024, 01:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NetCut_v2.3.3.apk
Size

11.4MB
MD5

6f06f35b4d268cab5d37556f5455fcc6
SHA1

3483b8e6c550aaccdee6aeee9188a80d11058ea7
SHA256

8a501a8c4e7a66fdea5d55973599df8f91944b292cb48b51c932bb4c13bf7a1a
SHA512

9274df15caf10a6563c7ded7a7bc022cb03e6aa14355b423282f9f0f2d9492f57a6d6a2ea5424cb97fedffedb7a0545bc9cded41a69af4c8ca0ade3f6a4925db
SSDEEP

196608:7ciklFNGz90BhyfItjZqY4/QdeCXtgd/pHG5GCy9eCl20cyPLS4qOFsFUT1Fi9Z4:oisCRmyEqrg9+d/pEu20ZL3FYUz22iq

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.arcai.netcut

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.arcai.netcut/cache/1582435991586.jar	4270	com.arcai.netcut

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.arcai.netcut

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.arcai.netcut

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.arcai.netcut

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.arcai.netcut

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.arcai.netcut

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.arcai.netcut

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.arcai.netcut

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.arcai.netcut

com.arcai.netcut
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4270
- su
  2⤵
  PID:4580
- su
  2⤵
  PID:4627
- rm /data/user/0/com.arcai.netcut/files/netcut
  2⤵
  PID:4649
- mv /data/user/0/com.arcai.netcut/files/netcut.part /data/user/0/com.arcai.netcut/files/netcut
  2⤵
  PID:4669
- chmod 755 /data/user/0/com.arcai.netcut/files/netcut
  2⤵
  PID:4688
- chmod 755 /data/user/0/com.arcai.netcut/files/netcut
  2⤵
  PID:4706
- chmod 755 /data/user/0/com.arcai.netcut/files/macdata
  2⤵
  PID:4726
- chmod 755 /data/user/0/com.arcai.netcut/files/ethtool
  2⤵
  PID:4745
- su
  2⤵
  PID:4766

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.arcai.netcut/cache/1582435991586.jar

Filesize
9KB

MD5
e8e0527a01aefdb89afd2c508f131da1

SHA1
f1103e6b260c657ceb3d95f1b023af3fda8b133a

SHA256
f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

SHA512
fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

Download Submit
/data/data/com.arcai.netcut/cache/oat/1582435991586.jar.cur.prof

Filesize
148B

MD5
a3b78d197d786c13687c3f0f89703bd8

SHA1
9967f0726b6b1ed3f198904547b81920f8329621

SHA256
c5e6754556dbe01b055066f23c28ddaaf5fe67cee4baed00d59dc993335b3d97

SHA512
9a47c9bb977edec9d29d22f280e0078ca931a722eaecc2b085c6b5aaf6246d17a6ad07c9faca45070bb5b89a3ee6cf896f5e2c7e73fb033e3ac57471df70a8b1

Download Submit
/data/data/com.arcai.netcut/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7d38dd9c211d773d250388f8986410a3

SHA1
0d5a74c20c7208914fc5e6fc9e24b2cde8a7c431

SHA256
16858e6e196c4c1d61885a7dc39aebf94212ed6995743695997e593a8280f992

SHA512
dd45438ecbeaf3644331b27e0ca092ed3927f9a2eef86a73feb0c8132c81cee574439539a9a46530dec046ab270790e6df89f080ec60c218d6e0ba4ec81f4371

Download Submit
/data/data/com.arcai.netcut/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ab3711650b8feb8631bd60893dcb0a86

SHA1
2112ee94990d7b933d48e6b60691b81c3d3c8e75

SHA256
71590c3039e7e8bc269c9cf434c84fd2158ff42b603906fd0e920d4ac12b941e

SHA512
2d0f0c1f119a401fa57f108548137ccfc3e42b96a5c565030675a843464c7e272b9ab4010f79d56080a104acd895e0ad77cc96667a5347906766e36facd35619

Download Submit
/data/data/com.arcai.netcut/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b7dc0d10789a10f5bbf9b66fe0c9b981

SHA1
e78e82af17a0c4caba1035218373ec2443e91a11

SHA256
58ed1d91dca5afad721f5160edd6d7e36460d1e8edd801934bf71612f101e8b1

SHA512
35a966d9ae6653e80f83bedf5ff069bc570cf87a00aa86d69a437b61753005a98c6b6c59bddc3b5bb38cb3de02472525d7958c83c5a09a2ac29a940973522ee4

Download Submit
/data/data/com.arcai.netcut/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f9ca3dd8ed9bb69c0aaad4822c552eb9

SHA1
cb6fa6382c40d3e0db767a3608ebf6b088320c95

SHA256
688f734e3ab5f02ea2e65b746ffe58174f07519da99cc1bc727814e511875d96

SHA512
2eb146a93f108a4fd4fe3089d0692617772ee6fc178e0a81726de2e8d385bdee3c8014d783de119ab2aa72971d95614ca21e7e49b2518bd1086ef909b8dbbe9f

Download Submit
/data/data/com.arcai.netcut/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d12cec42d6c48abc9142c1cbabd25667

SHA1
f52764adba40ef21260e0fd0941c25d25f28effe

SHA256
dcbb68f94ce743b385994346ee05d641ed3aeeb0b00162c22cb82d0e06af1308

SHA512
fc0e84c58c519bb335916a9e7f26c72ea086752dc591957fcd281613f384c1c9af942a80fa66d3bb811aded63eace57146636f769696c04e00c4bbe62e32c312

Download Submit
/data/data/com.arcai.netcut/databases/google_app_measurement_local.db

Filesize
16KB

MD5
aa3dcd1ad125be8af77f1e9d14da14ff

SHA1
1731a160df55195e1a2b0e24461aa0e056e02a91

SHA256
8d7fc10ccf6d6eec34af4c47ae897024bdd722086816e217a6ae79a135afc26c

SHA512
973ff0cf9c499286c797b65733643c4a6f3a90a510631f99d754ec3279f929a6abb5a98f8f3855317782e79a63f45a028f61cc853eadcafcf6834b5ccd1b3ef0

Download Submit
/data/data/com.arcai.netcut/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
e38c35d5c0c8278f2811747633e43f66

SHA1
d9cd29ebe4a7398e9fc73c0038a07d2eb9e84c47

SHA256
c49a5dd45870ae164b82e01aaca9e2c6082656f1435d6bde4aca1da2f2115e52

SHA512
737ea7894b6a930acad4b8f1f2d4e8a7e2b9581fe7723dbe77bc952331021af4bb3f7fc2d5bc665c2d5d2c7dc2898b2c36de03ac6f9b78e1bd4561f60bb9784a

Download Submit
/data/data/com.arcai.netcut/databases/google_app_measurement_local.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.arcai.netcut/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
cec28fc60cfc0c348e6ce6c7967c79af

SHA1
54beaf6d9a52153ed0174a6b9bbb9df4b1a3316c

SHA256
1c1b76b1548ddb843f562619e219d124dafb05f8bcdbdfb694643b38381d8fff

SHA512
ecc82270e0f37255536155452b766ef7082deda7e2982d97fcc1dc838cb584e8899398bb30d903da4192db4f739315be4ac68525b82449d6989682d2bba0aac6

Download Submit
/data/data/com.arcai.netcut/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
f0ff12682f2d5c1a6487a0d758d4447d

SHA1
28e42099e2edc91526b5d3b01a86640879f6ba4f

SHA256
bbc3a151384776ef06909d47281589bc969cb3f2e758ff8f650b309902bf0881

SHA512
0e2aebc18de349151a685ba0d3663c4b30c899ef5e8855fdcd2ff80ed276d6f819d7704c0eb3c983e92671a198083037b83da2e6a3d9cbaaa759aa4f9bf9c2b8

Download Submit
/data/data/com.arcai.netcut/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
c0cc9748ea29dcf52f2aac0dc9302f75

SHA1
b52ecb83fd48796bf15f88d9c64085581eb2179b

SHA256
44456b1994b8a1d61f832afa8ad42d1a54d7e2f2af05ddd84fdef8cc29eb34e1

SHA512
ec2f2aaf7eb4c54a6e766e541338bc25b16437d89d9079bd1464e2bd204fb5d0c1bda8d8d4d247d2b73fccfe9cfd930b34c05325c22d361e23ea17ea8c6fc142

Download Submit
/data/data/com.arcai.netcut/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
68a9371141533cdfca3761ff59d0e46b

SHA1
3fb36a6cbb863188cb5ebbbd02e5218bcf7ded5a

SHA256
b6722bed6e11d64fdadcc66960766afd2e300be3e0da9cd138fa7af6a4bebcc3

SHA512
96dc16673f0c3631103ae9e285822db46cd1ef71424d55fdd1606623bb57130b8b3535a60b535697dd14fcc87b24569f97d60ee42385997bf39f033632ad5fde

Download Submit
/data/data/com.arcai.netcut/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
d76239c6183a5a1d0ec65c1e2f6e346c

SHA1
46163b346388b384f004e1cbbda5b8d14d271093

SHA256
b2b7400b0ad6e79933d5d00737c92c61a715e4e16c5becc8bdd201775834d4dc

SHA512
1d5b4c34a0be168d2eacd8d1dda59c254c67feef6402ea4904b7608ed3c8afaf97fadb17239067ebbe62d431e4fcef1579a01ca078190faef0afed53eb92e219

Download Submit
/data/data/com.arcai.netcut/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
7217c3b5c6568092eb6e7aae1968ee6e

SHA1
a55a64f60c309eaadfff281a2002df7a6bf8667b

SHA256
1e31bb5fdcfad44f0abf232ee59ffbbd095292767f1d589af7f484c6ccfc7623

SHA512
25e40de41a5f708f5c9ab8cefe81c264c65336fb4d34cff6e47a8da4acacafb8f1b1be1811eee14eb7e0906941289dc831e1d8310813b8f261efe9246fa2ebd8

Download Submit
/data/data/com.arcai.netcut/files/ethtool

Filesize
294KB

MD5
715b1f2227066da064d5e3de404e6737

SHA1
91f90a48f4283e8159ff8a513f9ec9660875f9cb

SHA256
c6e170ef70c35eff777cbd241c4e109dcb242c59689c0fdd96d4530ab9aa521f

SHA512
8fd378f8d7a79e625d9fea999ce8f1bccd19042ba0a50485b20a64ab34669d247345e9c79d06661e7c54c4c1be3fc2fbc5f1c18884542bd5dd5e19a4ff7c1595

Download Submit
/data/data/com.arcai.netcut/files/macdata

Filesize
512KB

MD5
7f4ba9429fa7460ad91bec39d2253905

SHA1
4aa6a4149082ab539f5af147b2d756c1ed5ad19a

SHA256
81021dade1612f2c0098e014be82e457d73055b123123b6d7c6b76507f4e5bb5

SHA512
007017f81125546e19b4b70b531565e47a7ba14c656141b73fe1574354a444527e8a2a8e52b45f502fa5d13d0d1581521590645f94549c1bde3a816e0066a817

Download Submit
/data/data/com.arcai.netcut/files/netcut.part

Filesize
1.6MB

MD5
284aa9892a1f6bdf5f88780efbebd6af

SHA1
e81cc99d8c1bb1d51c77095ff854d33e4f1f45b6

SHA256
833e831cb6e36374026ec5b1fc5a28e6265deb116ad8959bd64d68cf84fbdd37

SHA512
b6f22acf1d38551c098e9dad0a62e90f27fe6789b7522002af7c9b0e8a49a7f747f71ec89db74465373accdc53a157d69938dc9f2020d338be02dc1aa97d209f

Download Submit
/data/data/com.arcai.netcut/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
d59f2751ef78d87678da5fc1a2dd4d8c

SHA1
d1d750094f8d9dd320132670013fabaab8c2e253

SHA256
78beaeb5477cbef2c32bb5aef257c394964552c2959edd7f6f1d8b38afded7c2

SHA512
441c194242d181db639af91241676e93a28c66fa8cb6260087dc4b54910bb3485e7fbd4f9bd9602850464d07e2c9082a98f15816543d2916c56117a704876a98

Download Submit
/data/user/0/com.arcai.netcut/cache/1582435991586.jar

Filesize
20KB

MD5
fde2ee00cbd121cfab5290b078aa3ceb

SHA1
e2b77d5320e155e413d040a8c20020962065b2f8

SHA256
2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

SHA512
a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads