c295b195bfdb2d65872004f62bb855f943189e7e673005a49db0ec29d6df0f88

Analysis

max time kernel
146s
max time network
156s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
08-01-2025 22:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c295b195bfdb2d65872004f62bb855f943189e7e673005a49db0ec29d6df0f88.apk
Size

1.3MB
MD5

93595ca25989932d9539d23a7b450240
SHA1

575669a43d480a1f809f86a79f0d1262cbfb00d5
SHA256

c295b195bfdb2d65872004f62bb855f943189e7e673005a49db0ec29d6df0f88
SHA512

9608f0c4febd01488b7e4a503e91ebc974d3d6f8e29b81707a485e41ec40bfe0fefac2e9fe862cfa1470898501df74c768639e78ba584973764bb6dc3bb6c0a6
SSDEEP

24576:wQrpa1a2ey3vQayDu2jfLBIcFjUIJLILheiI7p4TU9jN0oW18uB9dIpYEBDi5Wmk:Rpa1aqvQayDu2jfLBIcFjUIJLILheiIR

Score

7^/10

banker discovery evasion impact persistence privilege_escalation

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	cmf0.c3b5bm90zq.patch

Requests enabling of the accessibility settings. 1 IoCs

description	ioc	Process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	cmf0.c3b5bm90zq.patch

Tries to add a device administrator. 2 TTPs 1 IoCs

privilege_escalation impact

Device Administrator Permissions

T1626.001

Account Access Removal

T1640

description	ioc	Process
Intent action	android.app.action.ADD_DEVICE_ADMIN	cmf0.c3b5bm90zq.patch

cmf0.c3b5bm90zq.patch
1⤵
- Makes use of the framework's foreground persistence service
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
PID:4788

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Abuse Elevation Control Mechanism

T1626

Device Administrator Permissions

T1626.001

Defense Evasion

Foreground Persistence

T1541

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

T1640

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads