cc226ada8c9d193caaa15d576c1fb823aa0844c483e4d70e3f44b81d8e09c3bc

Analysis

max time kernel
148s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
04-01-2025 22:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cc226ada8c9d193caaa15d576c1fb823aa0844c483e4d70e3f44b81d8e09c3bc.apk
Size

4.4MB
MD5

3a64e3b291c0fc2811228a78ca3b1d9f
SHA1

106e5b18cc8b02282fafb605eed7e89fffc0c379
SHA256

cc226ada8c9d193caaa15d576c1fb823aa0844c483e4d70e3f44b81d8e09c3bc
SHA512

d1076a0a7489249f3c6aadfb5bd3ba88cb2923d4f1b19d4f68f1d856264f5ef1babaf1c31110585f0a155b0e25cbb2038ec5b4d8f1938202b7d669717d3a9b65
SSDEEP

98304:gZB9hPlbIg4CzDINWFD5pOZB9hPlbIg4CzDINWFD5pqMHthL+m4IIEg:YBTegbsK5pCBTegbsK5plwmXIN

Score

7^/10

banker discovery evasion impact persistence privilege_escalation

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	cmf0.c3b5bm90zq.patch

Requests enabling of the accessibility settings. 1 IoCs

description	ioc	Process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	cmf0.c3b5bm90zq.patch

Tries to add a device administrator. 2 TTPs 1 IoCs

privilege_escalation impact

Device Administrator Permissions

T1626.001

Account Access Removal

T1640

description	ioc	Process
Intent action	android.app.action.ADD_DEVICE_ADMIN	cmf0.c3b5bm90zq.patch

cmf0.c3b5bm90zq.patch
1⤵
- Makes use of the framework's foreground persistence service
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
PID:4476

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Abuse Elevation Control Mechanism

T1626

Device Administrator Permissions

T1626.001

Defense Evasion

Foreground Persistence

T1541

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

T1640

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads