6ff3487c5673019eab65113ba276840782d0ee1592cef706dec5a5cab1782b45

Analysis

max time kernel
119s
max time network
152s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
07-01-2025 11:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

no_dropper.apk
Size

3.5MB
MD5

7c025fae6cac4e607f7eca2173d2f258
SHA1

96275877209ae6cdbce7b6e855d2add26e8e1fff
SHA256

6ff3487c5673019eab65113ba276840782d0ee1592cef706dec5a5cab1782b45
SHA512

daa4fd6a60d4092c27acae325339c3313548d5edf7076cad51dabcc7b1607e7474c090969bc48783bf76bbb1027242929000d7c1a3029646884e29ae8817f524
SSDEEP

98304:r1y8VlJ8Q7H8/jRRb4A1RtZLrqOfLDcjzf:xy8V382H8PbptZL3zDc/f

Score

7^/10

discovery evasion

Malware Config

Signatures

Checks known Qemu pipes. 1 TTPs 12 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

evasion

System Checks

T1633.001

ioc	Process
/dev/socket/qemud	com.example.mysoul
/dev/socket/qemud	com.example.mysoul
/dev/qemu_pipe	com.example.mysoul
/dev/socket/qemud	com.example.mysoul
/dev/socket/qemud	com.example.mysoul
/dev/qemu_pipe	com.example.mysoul
/dev/socket/qemud	com.example.mysoul
/dev/qemu_pipe	com.example.mysoul
/dev/qemu_pipe	com.example.mysoul
/dev/socket/qemud	com.example.mysoul
/dev/qemu_pipe	com.example.mysoul
/dev/qemu_pipe	com.example.mysoul

Queries information about running processes on the device 1 TTPs 6 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.example.mysoul
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.example.mysoul
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.example.mysoul
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.example.mysoul
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.example.mysoul
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.example.mysoul

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Checks CPU information 2 TTPs 3 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	/system/bin/cat /proc/cpuinfo
File opened for read	/proc/cpuinfo	/system/bin/cat /proc/cpuinfo
File opened for read	/proc/cpuinfo	/system/bin/cat /proc/cpuinfo

com.example.mysoul
1⤵
- Checks known Qemu pipes.
- Queries information about running processes on the device
PID:4217

com.example.mysoul
1⤵
- Checks known Qemu pipes.
- Queries information about running processes on the device
PID:4317
- /system/bin/cat /proc/cpuinfo
  2⤵
  - Checks CPU information
  PID:4369

com.example.mysoul
1⤵
- Checks known Qemu pipes.
- Queries information about running processes on the device
PID:4402

com.example.mysoul
1⤵
- Checks known Qemu pipes.
- Queries information about running processes on the device
PID:4458

com.example.mysoul
1⤵
- Checks known Qemu pipes.
- Queries information about running processes on the device
PID:4526
- /system/bin/cat /proc/cpuinfo
  2⤵
  - Checks CPU information
  PID:4554

com.example.mysoul
1⤵
- Checks known Qemu pipes.
- Queries information about running processes on the device
PID:4638
- /system/bin/cat /proc/cpuinfo
  2⤵
  - Checks CPU information
  PID:4666

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.example.mysoul/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.example.mysoul/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
a2df777d0fde45256c8fa897ebab1856

SHA1
b666a88a2e6aefda8b998d6e8385ffbf7f922fe7

SHA256
b2efc019a5ec835d57979af5aa3519d98eb4e9bb4445e9c31fc38b5102eb28f0

SHA512
cf8f9333894c216641679e9dea8417a5e2188dde9591506f8a153ccc12db6913058d25f65eb1c3af82541a755f92a40bf32b5b18ba77fd4f7765d592e23731e5

Download Submit
/data/data/com.example.mysoul/no_backup/androidx.work.workdb-wal

Filesize
32KB

MD5
38b0a94be212daa6cb1d7454f8e3650b

SHA1
6b71ddd29f89ecf70fc839385e8f82f69547bc87

SHA256
94f1f9f9bdba6fd43dfcb98f36e94e0a3f3667f1fe04121bb7fcaa7becabaedc

SHA512
c9f55e2f80817d421b2aac21f05ba832f95b02751a51302895c83360633915a3349913803204d2b12d9cdf3ed147f1f7134233970fd043770c9f474bb09476c8

Download Submit
/data/data/com.example.mysoul/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
8d696eb39d07518f065cbb0fffeac195

SHA1
10a46257c16219f59c58a7fc39b7e6a2d3b2e8c3

SHA256
375661494c13e68a3a523d3f8dccf6549692284820a46f29d000e3c322df4b14

SHA512
eb9c140d3e7938dfe2bee726f3f8ba036fe0d7c9435b8158aed19fd3815b9da98adab87a4651a3d85ead8f5a82dd3ef7aa2b0fdbb21216803d518a9f1461f91b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads