3a4604abbb0479979c8d262cc93937c3c6f39f8e90578ea74378bae9cdc4992d

Analysis

max time kernel
147s
max time network
151s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
03-01-2025 22:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3a4604abbb0479979c8d262cc93937c3c6f39f8e90578ea74378bae9cdc4992d.apk
Size

760KB
MD5

168e0adc84fc845cf2ea12cd40bba095
SHA1

2d4f80b44fc8791e4ef3cf8a14ea9fdd42916bfe
SHA256

3a4604abbb0479979c8d262cc93937c3c6f39f8e90578ea74378bae9cdc4992d
SHA512

c09366a4c2626d2876ff63ebd9906e42e7bf5823b56b79fb13df3a5c483315edbb48c927ac44829066180a652aa777866c3afa67b0ace395aec44c835d0cf896
SSDEEP

12288:xRN606Aja1a8LdeKt0sSy3z5WmpYshXZPbGwidNpgVd+:xL68a1a6eKbSy3z5WmD9idNpR

Score

7^/10

banker discovery evasion impact persistence privilege_escalation

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	cmf0.c3b5bm90zq.patch

Requests enabling of the accessibility settings. 1 IoCs

description	ioc	Process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	cmf0.c3b5bm90zq.patch

Tries to add a device administrator. 2 TTPs 1 IoCs

privilege_escalation impact

Device Administrator Permissions

T1626.001

Account Access Removal

T1640

description	ioc	Process
Intent action	android.app.action.ADD_DEVICE_ADMIN	cmf0.c3b5bm90zq.patch

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	cmf0.c3b5bm90zq.patch

cmf0.c3b5bm90zq.patch
1⤵
- Makes use of the framework's foreground persistence service
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4311

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Abuse Elevation Control Mechanism

T1626

Device Administrator Permissions

T1626.001

Defense Evasion

Foreground Persistence

T1541

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

T1640

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/systeminformation.android.app/config03-01-2025.log

Filesize
63B

MD5
915a77090c37073c93e442b9fd57ada5

SHA1
5ab7254b5b7b863bea5f83aeac45387eadb6a32e

SHA256
34c9e171692ba9b12d89a88f5657c850ada0856aab0b80344fc034f823b624c2

SHA512
9146108d6f41b88204babd465c1d40ee102e402366c91458e35ab84f81e4c6f6a2b95062a59c7b2c5187abafc1365be9832d7b1c7912a2ef790e774677026ecb

Download Submit
/storage/emulated/0/systeminformation.android.app/config03-01-2025.log

Filesize
229B

MD5
4d74547284f815ddced248a21837c9f8

SHA1
fa66715f554220556b67508a90ba058e6b95054d

SHA256
bef772dc0fb70a02ba21d2ceae08897753c742eb3f19a72536071bad90c2f3f5

SHA512
29a2613d7151124c30d4b85780ac8a61c9ab5dff4c3ad94257cbdc6e8dba06d4eb62845c4362e9acc17a0486554a280160a9b5d625d8b8396616a48f1ef9102a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads