1cfce31d8f2794a70ca8f564f2c458e3b84b730238269b748a840ca1ef2a76cd

Analysis

max time kernel
146s
max time network
156s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
20-02-2025 22:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1cfce31d8f2794a70ca8f564f2c458e3b84b730238269b748a840ca1ef2a76cd.apk
Size

760KB
MD5

e4f204a48558988e9971beeee98b2e44
SHA1

463b315ec2becf20458f876cc99992947b2cd365
SHA256

1cfce31d8f2794a70ca8f564f2c458e3b84b730238269b748a840ca1ef2a76cd
SHA512

8f0165fcf37af5b32ea6a6695e530f40604b29fc27e705a2ad81f64191a0f28e6373365c3f6771144a6df7291b636014fff7a093c1b1ff902852f315e8287aa4
SSDEEP

12288:uHgv+da1a8LreMzmT+ZXT5WmpYshXZPbGwidNpg5W:uHg6a1a2eMk+ZXT5WmD9idNp/

Score

7^/10

banker defense_evasion discovery impact persistence privilege_escalation

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

defense_evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	cmf0.c3b5bm90zq.patch

Requests enabling of the accessibility settings. 1 IoCs

description	ioc	Process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	cmf0.c3b5bm90zq.patch

Tries to add a device administrator. 2 TTPs 1 IoCs

privilege_escalation impact

Device Administrator Permissions

T1626.001

Account Access Removal

T1640

description	ioc	Process
Intent action	android.app.action.ADD_DEVICE_ADMIN	cmf0.c3b5bm90zq.patch

cmf0.c3b5bm90zq.patch
1⤵
- Makes use of the framework's foreground persistence service
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
PID:4799

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Abuse Elevation Control Mechanism

T1626

Device Administrator Permissions

T1626.001

Defense Evasion

Foreground Persistence

T1541

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

T1640

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads