Overview

overview

10

Static

static

10

1756c42d2d...88.apk

android-9-x86

7

Analysis

  • max time kernel
    100s
  • max time network
    151s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    25-12-2024 22:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1756c42d2dc836ec27015e29fbc904b4e9811f1e33284093e4103079a2c70888.apk

  • Size

    3.7MB

  • MD5

    64faa516ddb07d896b0b57e8b02938c8

  • SHA1

    e9fd625d3a843ae938dd99cae6b58f4a56442cc6

  • SHA256

    1756c42d2dc836ec27015e29fbc904b4e9811f1e33284093e4103079a2c70888

  • SHA512

    af185b45cf54448ba7a1255c59a7c26bf54d2f544add90b9e11075a9e05749c59c0b07cffc99542c9b1dd732f1a8164ae539e0e14784b2244eddfbb5ea55367c

  • SSDEEP

    98304:LM1y8VlJtJD4UAVzC1oUuylSxEaLj5pLNcsCz6:ky8V3zMU8cFuf+S5xNcse6

Score
7/10
collectioncredential_accessdiscoveryevasion

Malware Config

Signatures

  • Checks known Qemu pipes. 1 TTPs 12 IoCs

    Checks for known pipes used by the Android emulator to communicate with the host.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries information about running processes on the device 1 TTPs 6 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Checks CPU information 2 TTPs 3 IoCs

Processes

  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Queries information about running processes on the device
    PID:4266
  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Makes use of the framework's Accessibility service
    • Queries information about running processes on the device
    PID:4368
  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Makes use of the framework's Accessibility service
    • Queries information about running processes on the device
    PID:4455
    • /system/bin/cat /proc/cpuinfo
      2⤵
      • Checks CPU information
      PID:4484
  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Queries information about running processes on the device
    PID:4511
    • /system/bin/cat /proc/cpuinfo
      2⤵
      • Checks CPU information
      PID:4540
  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Queries information about running processes on the device
    PID:4579
  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Queries information about running processes on the device
    PID:4693
    • /system/bin/cat /proc/cpuinfo
      2⤵
      • Checks CPU information
      PID:4722

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.example.mysoul/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.example.mysoul/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    8e3f69ca840614c230609de07c1afe0b

    SHA1

    ad61d16c49ee8049cded233d8fe8e2b362a12405

    SHA256

    393f960cc3997837b8ecd37f47306e65b5210ac3dfde9c582bb24a942dd3db33

    SHA512

    8440842689b50bed5e67a17e69188054e54762ccafc9969ae36c64c3de07707a04265ddfeb3e12dc60941245b3db2667f4b8fe446d1df242ab0325991b65bda7

    Download Submit

  • /data/data/com.example.mysoul/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    e77df3e29b6ece367b4c5dc4b331afbb

    SHA1

    236cabdec52802cea1151a499649e966d1c92c5c

    SHA256

    629c44aab25d2715cdeababba858d190bf3fb9ff058a255dee1d8f4fe3034576

    SHA512

    9d92a7b7d9180a721cb729eaf51f971e2974f5f1901e589f86cf2d99eaee7c0fe9fbff7f334536446aaba50ad5f7f9cef6e2a4e1b7ae4ed46530a771f09d0ce0

    Download Submit

  • /data/data/com.example.mysoul/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    3172ebb8f1d47587eac900983c79bfb2

    SHA1

    42871b56f66f8aec50b36f84efc29d757d21bb32

    SHA256

    73d06d634bbc40634c8d02c0db3b9a2d90b4dd167e859ccded9fb43921231f64

    SHA512

    99bbb8544d136f04b4a4cae0e0e832adb497a32b25dc6959787c5a0bfaf5bc741e79bf5e00dfe68276fa361b5c7f37025998b638a3a4e390a918acc938fd31ea

    Download Submit