6f0098f82cae0dd57063a54538573aedb4d5583e7a46a0f0042c50a5340bbf24

Analysis

max time kernel
45s
max time network
151s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
28-12-2024 22:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6f0098f82cae0dd57063a54538573aedb4d5583e7a46a0f0042c50a5340bbf24.apk
Size

4.0MB
MD5

078831862cccb884de3cabfce7206cc7
SHA1

82da9763df75189a1b895984869e9799025c4b7c
SHA256

6f0098f82cae0dd57063a54538573aedb4d5583e7a46a0f0042c50a5340bbf24
SHA512

97a0d732f9e046cb3b486783b995e9acac7d81f9664fca7fadc806c12dc6cb85acbd35fd9b7cb6932776532a28ac8fe3d758ed8600f96801d85fa995a6f5516d
SSDEEP

98304:uMTwrB6MH+QDvXG52fw0Yf7oWHe4snUxxE7fBHbFD6PmKWoxCYsdr3:5MH+QzXG52fhYfMWH5snx7fBHbFD6rL8

Score

7^/10

banker discovery impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.errorforcode.netix

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.errorforcode.netix

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.errorforcode.netix

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.errorforcode.netix

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.errorforcode.netix

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.errorforcode.netix

com.errorforcode.netix
1⤵
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4318

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact