955afeef640a6f5b60a086a6aead06e48277fba9d070997ba3d2a52a5e67d04e

Resubmissions

13-01-2025 18:31

250113-w6cwyavmdr 10

17-12-2024 22:05

241217-1zlbys1kep 10

Analysis

max time kernel
7s
max time network
121s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
13-01-2025 18:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

955afeef640a6f5b60a086a6aead06e48277fba9d070997ba3d2a52a5e67d04e.apk
Size

3.7MB
MD5

d58d219972f17bb294f45f5a4b8e2ece
SHA1

d108988a2b621de10fe4c3400417368760dda771
SHA256

955afeef640a6f5b60a086a6aead06e48277fba9d070997ba3d2a52a5e67d04e
SHA512

65a83742b04b37e69c841e643557234ff38223571fa74ea0ff8cf7368d73718c83c4e79831b543fa24de53ab37270d34aab9dd482c5a4c0211757b56a6c0d718
SSDEEP

98304:B1y8VfJXnGiJJuKFvD78msuex8dE1MrCVwLkci5jq:Py8VxXnGiXuKFnoaOurCokcwjq

Score

7^/10

discovery evasion

Malware Config

Signatures

Checks known Qemu pipes. 1 TTPs 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

evasion

System Checks

T1633.001

ioc	Process
/dev/socket/qemud	com.example.mysoul
/dev/qemu_pipe	com.example.mysoul

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.example.mysoul

com.example.mysoul
1⤵
- Checks known Qemu pipes.
- Queries information about running processes on the device
PID:4376

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.example.mysoul/no_backup/androidx.work.workdb

Filesize
4KB

MD5
0eb157e1a86d4d00aa601dd2f6ff3ee3

SHA1
fee434f784e73cc7916322e949f727caf8363102

SHA256
b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4

SHA512
b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8

Download Submit
/data/data/com.example.mysoul/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
c0273f008d5c5c5cb679c488ec031969

SHA1
746d689eb1e637d02ec9d01a3499e6ae98428bd1

SHA256
3849b94f454b6d2431d828ed632ec6702e17582371f8ddafc6d06e5dbd857d08

SHA512
b891c87489fd63875b1431db19bc459c3a382f039d88bc7cf0f70e3c374f8b4d569f52f7a48ff8de54a77e7a5618f7a35a631b2b540e38cc5b05ad2dd9212ab6

Download Submit
/data/data/com.example.mysoul/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.example.mysoul/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
df571d5018549dadb326fd8db618236c

SHA1
243023c934d97efd856afd0f2a0b4ef881b7d366

SHA256
f778b16c4fec963c3537fde6c91d65310118da06b716baf3ed616e43da8d5581

SHA512
15a168c78e489f916c928fee2fb6ec94fc641d4b24296810dbbda1d9488a7718000ffed72af0737805550a2463083fac55106d639c33d56b64ba4a40d79a9a9e

Download Submit
/data/data/com.example.mysoul/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
c6686e40688bee5cd07b77959cc30708

SHA1
b9b444bbec93e42fa51d32821feae66a895383d3

SHA256
bb4b53152c96428beb93a92d4ca6fe29b8822921b77d01ccc51ce73e7d0982a7

SHA512
96a9ab5a0f1b7b05d9d69fbe60f0bd3abe30af1009a73e0432c43d571575b59b7b404db075c3d22abbe9e90fee8c89ef1e5ebffbe2a463c40532e2468c435a26

Download Submit