a25b1787179d2b114aece87cf5f0e87103fe14286ad3ac48c37f90b720cc8166

Resubmissions

31/01/2025, 14:25

250131-rred1aznem 10

31/01/2025, 14:24

250131-rqsv1azndk 10

31/01/2025, 14:23

250131-rqdfbaxqht 10

31/01/2025, 14:22

250131-rprljsznbk 10

Analysis

max time kernel
28s
max time network
37s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
31/01/2025, 14:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

com.medoc.cashalot.ingenico_19.675.SIGNED 2.apk
Size

37.7MB
MD5

96d5b192bad79478833ef7f5bd6c52e6
SHA1

074b683cd584e64d9c24d05989838aa4dbc0d93b
SHA256

a25b1787179d2b114aece87cf5f0e87103fe14286ad3ac48c37f90b720cc8166
SHA512

b598411a5e21ea50cc874ec89b536a8cfcac08d0ba9f11538edccdde2a5030b3957c0b1c398aea073bbe648fa5f927cd22667763659f4a2ee7bba9c8fd77de6d
SSDEEP

393216:EGPdKz3dP1lKb0by7UpMIo0r0Rb/u8t19wuCzS1znXbabgQWnHNytebOtJCLtR93:Ejlxp3YRbljMSNXbaiHNqK7OUGO

Score

8^/10

defense_evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 8 IoCs

defense_evasion

System Information Discovery

T1426

ioc	Process
/data/local/xbin/su	com.medoc.cashalot.ingenico
/sbin/su	com.medoc.cashalot.ingenico
/system/bin/su	com.medoc.cashalot.ingenico
/system/bin/failsafe/su	com.medoc.cashalot.ingenico
/system/sd/xbin/su	com.medoc.cashalot.ingenico
/system/xbin/su	com.medoc.cashalot.ingenico
/data/local/su	com.medoc.cashalot.ingenico
/data/local/bin/su	com.medoc.cashalot.ingenico

Checks known Qemu files. 1 TTPs 3 IoCs

Checks for known Qemu files that exist on Android virtual device images.

defense_evasion

System Checks

T1633.001

ioc	Process
/system/lib/libc_malloc_debug_qemu.so	com.medoc.cashalot.ingenico
/sys/qemu_trace	com.medoc.cashalot.ingenico
/system/bin/qemu-props	com.medoc.cashalot.ingenico

Checks known Qemu pipes. 1 TTPs 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

defense_evasion

System Checks

T1633.001

ioc	Process
/dev/socket/qemud	com.medoc.cashalot.ingenico
/dev/qemu_pipe	com.medoc.cashalot.ingenico

Checks the presence of a debugger
defense_evasion

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.medoc.cashalot.ingenico

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.medoc.cashalot.ingenico

com.medoc.cashalot.ingenico
1⤵
- Checks if the Android device is rooted.
- Checks known Qemu files.
- Checks known Qemu pipes.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
PID:4246

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads