8481f2240b4dbe0788bdd72128f1cfae20729fec8902e86c3301efcfb7f26e8e

Analysis

max time kernel
143s
max time network
141s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
08/01/2025, 01:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

47df247774e408e8ab4d33040b2fb768cecc2a6f0ac9628aeacfda94d4d7b713.apk
Size

3.0MB
MD5

66273a5b1eb1207be4c828e86f74f9ad
SHA1

8e8428f50bbee3383666870ecb31203d9d6cfe6a
SHA256

47df247774e408e8ab4d33040b2fb768cecc2a6f0ac9628aeacfda94d4d7b713
SHA512

264004f2cbf8d95247c32f2c70d324a17c0b09795f63cb78b741117f8edad438240efbe069420dd19bd9bdb20bed6b215e79192a7c168373ebeec53643941c16
SSDEEP

49152:MisH7k/L/cqyT5EZ/WOHPNkWZQOAl79ujJVPzbMPqYXS85DgAIy3rMrc00:M7HccLVC/WYlkqQOAHujJVLbwqM+W00

Score

7^/10

banker collection discovery evasion persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.android.cts.permission

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.android.cts.permission

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.android.cts.permission

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.android.cts.permission

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.android.cts.permission

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.android.cts.permission

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.android.cts.permission

com.android.cts.permission
1⤵
- Queries information about running processes on the device
- Requests cell location
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4510

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Foreground Persistence

T1541

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.android.cts.permission/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
e151f724bc02ee5f535e1620664cc73e

SHA1
4d33c437f2c2ddb7681d6c7e4320b786cbac3439

SHA256
4a1e0c85b6a22466128325c4f0b5789107ed32c6c091a02e1c203f22cdd8a34a

SHA512
2832b3203c183d9863c6af713d838f0c578278923308a6d7b1c654eec2145652a46a43c08092b87b85ac8f82b3be3b0b95289ce4df054f635f87d4dbc1ca91bb

Download Submit
/data/user/0/com.android.cts.permission/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
1c9541324804f6aeb9b8192b078116ab

SHA1
cba221cad35669d75376a477c6c95ca1cd2e7c0e

SHA256
701061d1db38ed369d2b68e6f4b288202f665c0a0b80075de9ea831655d8878c

SHA512
731aea588c1ee09c597741b8a3b8fe7cc2539f781a8413fb786e8b5958fd8778b355d353a36367c2f532f9c2db00956638276f4704106951031d29a826c9a8c2

Download Submit
/data/user/0/com.android.cts.permission/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
e797db67f20a67aac30795bd1c565fc6

SHA1
ddde80f4b247da271c053b21ff2fbc46cccc0b67

SHA256
06ce7b92ee74654d9f650de240f28c1f96067f44048d5f44706320ef58a9456e

SHA512
80cca9bf192af680252761614892315b4f5ed249e313fa1cd04f97abb373a86ea04a469cbfb6cd443dface91bd3d6d608c44ada6a903bc62f04fc5796e1647c7

Download Submit
/data/user/0/com.android.cts.permission/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
73ba6db0c383687aceeec0e675393c7d

SHA1
e91e1b5ac27d51eeb053d25826277256df87debd

SHA256
41341ab9e17feb74e48c55bc28b42133f4215df9ad2b1dfbeb709aa3d89e8938

SHA512
16901809e167076463a30936d11588d4de2fdf581863b141a68b3021945a4003cf30d6ba4e5108bdb3da08169c584de32d8a4ca3a7eafbca757526ba4dd9ea37

Download Submit
/data/user/0/com.android.cts.permission/files/PersistedInstallation2030782694662384798tmp

Filesize
90B

MD5
6f3b5283e99eaf9f1dfbb7b9af099afa

SHA1
9b13b4fd230bb9919f10fca6855018799d765611

SHA256
a35cd6fc8792e2f76a10c02e58fedfae5d43d2dc08e75a274678a2af6215f812

SHA512
6d81aa8b709244c41fd9c9364628930cf246a79f14c05a162329854c84c48592d7ad756db0a5b6ae0a4fd13c1e3c06eca17ce45b83805bbf85a0ce6cf9389919

Download Submit
/data/user/0/com.android.cts.permission/files/PersistedInstallation5028346931289803067tmp

Filesize
114B

MD5
ead606111a007c3ae5859ecc9c4f854e

SHA1
075998e22950584e9292a72cea02202b6d98151b

SHA256
4c0ca3e776ab2264ebf7c2a6f68b4a226dba778d2959acaaa5b699e5689bf4b3

SHA512
c7e7334c535c1a74e88cc0a6e5a80324b42bb96bfd99361f7060a2ef31d4d7616eb7a180637645fa390395e07f08bc69bddd69b975848bb96fcea79b43daff64

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads