769840a979ee956291e924d5cb95061f424adc3221b26d85e0e8e7f65777decf

Analysis

max time kernel
10s
max time network
137s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
01/01/2025, 10:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

base_113.apk
Size

53.0MB
MD5

85ed51b00887d331b476f9568222743c
SHA1

fba6938bd6a675b21b4d77d49a58e7fc0b8f9e4d
SHA256

769840a979ee956291e924d5cb95061f424adc3221b26d85e0e8e7f65777decf
SHA512

e097b553c7682849580c0841f89e7141f92a1c2c6e6252496c3e61f504c1e7522953ffb9a61cb129f14100e4e6d39433f7a2c21a3596029422b1c5d27a6c962a
SSDEEP

786432:phP09KrszNOTCzZSs1LllhySA2yFy5msUonUdnp5ZxQ56OcpvcZbE33bHeVjKek7:f09Kgzacht85sXU0DcpvkEnoYcxiJ

Score

8^/10

discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.makemytrip
/system/xbin/su	com.makemytrip

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.makemytrip

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.makemytrip

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.makemytrip

Checks the presence of a debugger
evasion

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.makemytrip:playcore_missing_splits_activity
Framework service call	android.app.IActivityManager.registerReceiver	com.makemytrip

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.makemytrip

com.makemytrip
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:5154

com.makemytrip:playcore_missing_splits_activity
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5259

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.makemytrip/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
b20c3afbcbf760642371e9137d065bb9

SHA1
4cf281b158b5d9d3f3d66fa74f2165c284cb6426

SHA256
39ef5572cb91338e639a67803d66dafbd64a6414c21eab65a59ea28110f86633

SHA512
43afac2e7d4fc07eec5b469880014c057d2f706b1d5ac040d9a2db0b2e49fe0d0d0ae5744bed69260fa83d26031018cf0766005588df8c61fb6c85b7a8d2e9cd

Download Submit
/data/data/com.makemytrip/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
da771498a5e7c738822d243017e3809f

SHA1
4a347ceb7f91bd513db300b4ffb56f7a8404e3b7

SHA256
79863f1f1a3bba3329a26caa1fea6ac67ed000c7d1f0df11702c0a8c28af06a8

SHA512
47e68de2317032756d06f6ab47ce502abfa3ff37059e13f7d7692d9eba027267ab3453c35d505eeb87dd082138d3ba93d9ea9ce7cf43d764c04ec3427f620291

Download Submit
/data/data/com.makemytrip/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
a19c793df8882749732f763b01daae16

SHA1
c9c1a73f9657d0a3936b0dbe2e5daa2d2e58b456

SHA256
facdeddae483f3f1ff048e8aeff3949f2f1add6c599d11567931182d220f3679

SHA512
8892ed965246efd558dc99d8a747d2978c2e142020fe8158b627e490e9fb96444d115fff734b51f9a321c2bd21b00d4c00c0c4532960d58dda9ee834d5b75c28

Download Submit
/data/data/com.makemytrip/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
2671b53a09fa436eff4b8d660ad4ad8b

SHA1
25464a36195a8a4e8e0029e1e62f9bc286ebe045

SHA256
4bc9a3ee4453aac48a47b5719a1a31161bd220559782b496ad61e70e4dd06e40

SHA512
540da61b68fe39769412e37fc7de92c563f8303653fa6d64a7c9772423a6e48f2c69184d0739296ac2fdabefee725126d5913cc5d611bf87034d5b65d70b7ca6

Download Submit
/data/data/com.makemytrip/files/.com.google.firebase.crashlytics.files.v2:com.makemytrip/com.crashlytics.settings.json

Filesize
710B

MD5
b17dc93f0203ea4d75148d9121ba7b97

SHA1
8c7b758d9e76bffc93e7aeea1882d464d39572ac

SHA256
e484d3262437c0dda23bbc7ac0b2f765fa648b8451deec2fd52c07d26d4397dc

SHA512
7dc46d8e48902c784e6e93dab379b2d720a0bca4842d2d0e7ebddc7ed1b7cdbb93edb6a897d464e59268e1a9d35ab370bf8a89c3690d4d9605976d9541eca10b

Download Submit
/data/data/com.makemytrip/files/.com.google.firebase.crashlytics.files.v2:com.makemytrip/open-sessions/67751919022E00011422CC2239C1D5EA/report

Filesize
736B

MD5
6f05ef3639b1f87f52aed8c929f8a383

SHA1
6c99a8408a4a2a354ae353b1bc112a0a6be86fd0

SHA256
e289b16e5967a3350c4b0416a4fe7ebe5d3ab895ae8cae5e51ca00bf544c3577

SHA512
0ab709258e34fb5c9a3d88b7ff76379f4a4012579e45f8376e54c01c09801ead21e8a1593aafa4d08b7b6f534981367be13859366258fef1d0b69adb12ff488e

Download Submit
/data/data/com.makemytrip/files/PersistedInstallation253785572305609811tmp

Filesize
561B

MD5
8269cb135f5e2b64a399557c406ee706

SHA1
3382ac9bc8b756ba42567956e1e4695a19cd1f69

SHA256
6b1d4a5647a0e33e93984778ec6bd7608223c4ccf0d810d2867b1655c9e48c37

SHA512
3e66c6c3dbbe23b0c8d597ba2122b53561785de31e9a5f300e91540582ea6e86c4eba0fd7e5de3a0f662ab46d8cf4e0c974520d39d22e88bf1f4c9202ccd1321

Download Submit
/data/data/com.makemytrip/files/PersistedInstallation4995348209055375717tmp

Filesize
90B

MD5
016183040bacfc8e960157f850bd6b41

SHA1
ab1c25fd95610a7444762b8dfd8d03ebb53954f3

SHA256
8f8c9cedeac2caf657fc8bbe3281e518a14d9689d20c20a57216541b64d13af9

SHA512
5d6edfcbb597c29d364ae53f3de3391dde2c17d0e5847dd9a2fa7f6dc646ec84d2fe2ca0b9b6914f96bc8ad1ad2f33a603208ad66391e89d7097959272493d6c

Download Submit
/data/data/com.makemytrip/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.makemytrip/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
68cdd4603a33354b228c2e87cc1f37d6

SHA1
7cdd97f3e496b12292d5a61bb37c2ca7947fdac9

SHA256
6b9cae58a071f872db8ab554671040b25c3cbece14a1efd49c644ede72940f9e

SHA512
450476407293bc1690434729fd6b365ea7d3983fdd33370e2626aee965d9bf056199bd9058fc6aeab268a12aead03540c975a635d83f55446dbfe2859886f12d

Download Submit
/data/data/com.makemytrip/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.makemytrip/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
734b4e62bea652848404397d75d7c51b

SHA1
c5244b9954ba26f3d131fafbbcd2a2ef690871a6

SHA256
f86220814bf9eabdb5290d78281aeefdf8e9678593c809555aed6e8c22b42647

SHA512
03f5bdb718df130dc8edce781c90a43fe6ecb23e24e762a19e45e9275bb0af02f62b439193defbc0852a86e70bc2af1183b34c200bb36c5cc73253e5534bf4f7

Download Submit
/data/data/com.makemytrip/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
e5c682854f9c7ebd658cc8daf5e903bf

SHA1
25c6dcb3473929e863f4d7213180aef74509b227

SHA256
21627d2707b1935b2e382ce771d2fce5fa5cd8d0c4bbc2792b71d045e8b5c874

SHA512
2b906f08f34ad3032ee8a8848582fdcf3dbaf695a65c60f368960903eefcdfbc9aa76df691b5cacc2e7b7cdce52b811cd1b89c670f993927a9f2d5b4ffb9cb99

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads