3d52b5728af55c37d5bd74c3f9b7e9ea6b007a9ec202a648ce3dc7e37ff49b29

Resubmissions

13-01-2025 18:31

250113-w6fb3aspex 10

14-12-2024 03:13

241214-dqtweatjhv 10

Analysis

max time kernel
8s
max time network
123s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
13-01-2025 18:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

base.apk
Size

3.6MB
MD5

aca88829c5a7c2f7ab8ae928f3df9fda
SHA1

2ef0057ce7fa7d3c27d894b5ee0532a4b9f62f10
SHA256

9d00052eb9a97a53a49c8e1a26138de835e2d354adef44a51ce8fb599d769fc1
SHA512

44982081663f363769d16f667a229a36d2069678cb3177ce4e45e299f424566f9eeb71779afed2e93f67ae3cbcf04cd8b3c8b736f4981f5a937ce08392770fbc
SSDEEP

49152:+bgW8wiy8Vp7mZtgAWDGo2ZO5eAgBNx6yyhfYPdIxAH0fRnJfzvvR93Ueg6b/4o:+W1y8Vpug3t0AUyhQ2fbLP3hg6R

Score

7^/10

discovery evasion

Malware Config

Signatures

Checks known Qemu pipes. 1 TTPs 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

evasion

System Checks

T1633.001

ioc	Process
/dev/socket/qemud	com.example.mysoul
/dev/qemu_pipe	com.example.mysoul

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.example.mysoul

com.example.mysoul
1⤵
- Checks known Qemu pipes.
- Queries information about running processes on the device
PID:4355

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.example.mysoul/no_backup/androidx.work.workdb

Filesize
4KB

MD5
0eb157e1a86d4d00aa601dd2f6ff3ee3

SHA1
fee434f784e73cc7916322e949f727caf8363102

SHA256
b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4

SHA512
b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8

Download Submit
/data/data/com.example.mysoul/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
bd80adb08717ec8b807ea788651f949b

SHA1
5efc71407f1334388f9cb4cc96e29dc51319100d

SHA256
cbc1231129592bec7d83584079bf9115162bbd91f692e9fecd58c2a87e016b3f

SHA512
f800b421b107780b880b7ff8ad4b45b6576c8ff7e039ae7b2acf28f898dd1d78755e333a595192734da0d77c3d94498ef121c9aa1444902d689675aed57d2f2b

Download Submit
/data/data/com.example.mysoul/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.example.mysoul/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
41907a8d91ce072fc4c7532f0abb8141

SHA1
e6f82b0064e96542c808a251e10be30906155f6b

SHA256
4c4acd56d6d3b634d6c59b0e69ffee08c1866e3e30a8dd9d82805c6f7af4ec16

SHA512
e69653d1ed6ded939decf78f7b90dd8c3a9480341518a0b339ae0e087ff03001b5a7aa386db517a8ab918e3e2ec8277830ebcdaf2f54057b1fbfe29d10b11d11

Download Submit
/data/data/com.example.mysoul/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
712bbac190f6c8806426f15e81a04df5

SHA1
e0e0dda5e03df5eab69b9da6e7b35bc2ce67cfd6

SHA256
af06df437be80af4cd644c91e005d4207b2cb23429fdbfffc943a41a45d7addd

SHA512
787ef7ef5e9740c36dd21a5366557fdc158e2c1ab7e2105cf7c5c1e01726c93287aef5cdd0ea422edefce80b3e14d862b942757eaa335bb37d5d45b6a5529306

Download Submit