fe4b2b288565cc1a85b7dd23398cc8ab850b0b0c73d46ec9e7c308af86a96d60

Analysis

max time kernel
147s
max time network
151s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
10/03/2025, 08:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

M-Pajak.apk
Size

22.1MB
MD5

c7dd3e08e9f1d2c16ac9d51aaeb4c1cf
SHA1

db342f35467cad79035f0fa2b77fdb427cf981d0
SHA256

fe4b2b288565cc1a85b7dd23398cc8ab850b0b0c73d46ec9e7c308af86a96d60
SHA512

7b769e0d24a6e6da4801752b5fe5903d671e3ff629dad2daa33fa2c754b84aaa1865643699b170cc11e9a0d72d5c5b51c78e0a3b77afc9749aee3969db5c8b7f
SSDEEP

196608:UPCoCv1HxcjCVWy5RtVUs1sgAXFNgI7a7Yt3Zu9yzhLrZY/snFphv1rnFphvwnFF:UYMjCVWy/Zs3FNgIuQ9zhL93Y/+edD

Score

8^/10

banker collection credential_access defense_evasion discovery evasion execution persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

defense_evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	com.pabe46age.pak

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.pabe46age.pak

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.pabe46age.pak

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Reads the contacts stored on the device. 1 TTPs 1 IoCs

collection

Contact List

T1636.003

description	ioc	Process
URI accessed for read	content://com.android.contacts/data/phones	com.pabe46age.pak

Reads the content of the SMS messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/	com.pabe46age.pak

Enumerates running processes
Discovers information about currently running processes on the system

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
34	raw.githubusercontent.com
35	raw.githubusercontent.com

Makes use of the framework's foreground persistence service 1 TTPs 2 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

defense_evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.pabe46age.pak
Framework service call	android.app.IActivityManager.setServiceForeground	com.pabe46age.pak:remote

Performs UI accessibility actions on behalf of the user 1 TTPs 2 IoCs

Application may abuse the accessibility service to prevent their removal.

evasion

Prevent Application Removal

T1629.001

ioc	Process
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.pabe46age.pak
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.pabe46age.pak

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.pabe46age.pak

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.pabe46age.pak

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.pabe46age.pak

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.pabe46age.pak

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.pabe46age.pak

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.pabe46age.pak

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.pabe46age.pak

com.pabe46age.pak
1⤵
- Checks if the Android device is rooted.
- Makes use of the framework's Accessibility service
- Queries information about running processes on the device
- Reads the contacts stored on the device.
- Reads the content of the SMS messages.
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
- Queries information about active data network
- Queries the mobile country code (MCC)
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4336

com.pabe46age.pak:remote
1⤵
- Makes use of the framework's foreground persistence service
PID:4580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Hide Artifacts

T1628

User Evasion

T1628.002

Impair Defenses

T1629

Prevent Application Removal

T1629.001

Input Injection

T1516

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Protected User Data

T1636

Contact List

T1636.003

SMS Messages

T1636.004

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.pabe46age.pak/app_crashrecord/1004

Filesize
224B

MD5
1c0b71057dca3ae3efcb5feb8431f464

SHA1
bb12f0e3af1691f973a46224ce477bb859346cf9

SHA256
ac48534080e1d774a7e36cca0b4d3ff5a491e323df2ef5f43ef9fce5cda7767d

SHA512
d8110cd758797e61e441090dd81e728c0d0790c1946c05b5893674023d4b81cdae75dbc702beb7f615154e56caadb191c27330728b74a4dd28e68b248c120710

Download Submit
/data/data/com.pabe46age.pak/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.pabe46age.pak/cache/tomb.zip

Filesize
534B

MD5
592a9ef2460c9621669db6db65c61d9c

SHA1
c4e66fca34ce932b30002b33c33b57109ec4e49e

SHA256
7fad0f8fbb2eaba15ab31cc5ef02ec9fd5b49d1b0724e928fd838d0931120ab4

SHA512
5ab06539366012381952483847d1f28ed828556e2c8cf5838b289a49af644172722b6175513ab3a3ff88c743eb89f1925c3c1af0ccf45d84dd055e3736771b42

Download Submit
/data/data/com.pabe46age.pak/cache/wp.jpeg

Filesize
143KB

MD5
5dc1983554a88c2a224ee046bb7314ec

SHA1
5b09273776014bf32fd8aa7bca9ce151d2c7d98f

SHA256
6a4d32e8ef673e70a8a4963124417be10eb09089f3aa049e1e3c7de515c69f21

SHA512
5ce30ef36c25d33f3416006c103608057a9cc88f2d88fe37de3bd895d68a005644d74aca0abd5bef02f2ed17709a38ae249b0dabeaa16d1c46c8a8c9d85c7e88

Download Submit
/data/data/com.pabe46age.pak/databases/bugly_db_

Filesize
204KB

MD5
f4273db55dad2a86c5bacc15749e22d3

SHA1
0b62bd3dd8e288f14c48f5254c21faf50f14e209

SHA256
02eaf749d4cf2d1139f94963ce4cdb0f868e66107accbc332e94c9ddd77947a0

SHA512
597cd75dd19e33ae1190e10cd61c639781848d58a2c12075f911e502ed3437c0241db191098406575543335bd623190a3aa9cc30460e27daf6af00f7a2927cc9

Download Submit
/data/data/com.pabe46age.pak/databases/bugly_db_-journal

Filesize
512B

MD5
a7c07c567429bf79d11d23e7e265a3ba

SHA1
c53d9b08bc9226b0ed7fdd2be0b66b8cab06f45a

SHA256
c21b71c06394124f97099271766ed2d167eeb5181e2ae2ca0bfc437b3d50d944

SHA512
8abe166d8eaa7e9380a8fec6f23484a52d2f336ee2ad302d085f873cbf913a5e4c5ac88b0a31a6721282f8a6bc2b2788bd3efbae083c35e21904dc88c91087d0

Download Submit
/data/data/com.pabe46age.pak/databases/bugly_db_-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.pabe46age.pak/databases/bugly_db_-wal

Filesize
430KB

MD5
0a7620ed218d025140de5376f2d86688

SHA1
414d3261ab066605e6e8e59dde90b5a2b063d6d3

SHA256
7e0bc32736c21c55e248f7edd2057fa710fffbbcd04ffc42b034c97aee63db49

SHA512
36a26b21ad92b0b27abe9141ac682611d33cfa6cf180d29642cbd0a3f02f8bc3e13f96903e61cc5d8d734c2f18bd4a70978546537634406ab0dfc634438c9a37

Download Submit
/data/data/com.pabe46age.pak/files/bugly_last_us_up_tm

Filesize
13B

MD5
ee68c077b3cc022afedfbf5a14549bf2

SHA1
9cbeb159244f741e6b0600704cc23f16ef31d56d

SHA256
c0932c46425bacb60ca54e83e1c780c4a9f2704c8e995822d18a28feb3988020

SHA512
26453bf4a45e313dbed56236296203efd8ec3c231e5d7743601657def3ac68a226f903e222741f20e6a71b0e74c54c22365caeefcd8f6fc5dfc8335bd69c9983

Download Submit
/data/data/com.pabe46age.pak/files/mmkv/mmkv.default

Filesize
4KB

MD5
620f0b67a91f7f74151bc5be745b7110

SHA1
1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

SHA256
ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

SHA512
2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

Download Submit
/data/data/com.pabe46age.pak/files/profileInstalled

Filesize
24B

MD5
312981421163c515f6461a57dc19a55f

SHA1
3a526c491a48a41198aac97a53837f50073e22ce

SHA256
c4d2baf51c63a2ceb36b296c93a6d12be8ee9df9d6fc87020014e1c9f2a103c1

SHA512
79413997b305a7cc21de6a821935828560e650f41d6cbcc6d4cb9687518e1e2b4415d96e69f6a297b2bca9304e91c9070fc71d1ddb46f0a48c8fe9e510ecbde2

Download Submit
/data/data/com.pabe46age.pak/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
03baafb0099c56174d282a9fda88f7ef

SHA1
6b51c02c82b968d97c71ec0cafbb8d3db28e08d4

SHA256
7107a9d86d6b8465cd537e36cd5da16236073337e122c013187ef9672f537f20

SHA512
9d6a64c829bddc18a7bf79fcdb1e57e8bb71c26f56e674088ecd2158214e04da170e9dacd6143bff333ae1a6e5d6b14bedafd9b6f93d437126046fd7c2ac42cf

Download Submit
/data/misc/profiles/cur/0/com.pabe46age.pak/primary.prof

Filesize
1KB

MD5
e6c16796573cd5b7200a00ac58f0c633

SHA1
fb341ff41e1898359c20d5823383c8cc60d81dc6

SHA256
6b25a8f7cd860308a2dc1d1daf7eec39f2e5b2075ad4e7e2c937e640d55afab8

SHA512
c68f9ba4026a78fbcd42f5946bc9059c4ac0864ec528cfba81cb9a6f28ba18f24afee27a040e455e1f6d91ac9606407e132e7649ee472251919d15540dc3f1cd

Download Submit
/data/misc/profiles/cur/0/com.pabe46age.pak/primary.prof

Filesize
13KB

MD5
0cbe51b760a70cca2c98d9f0f5987648

SHA1
4cf7f41f9046e018bc1041c219b40f6ef1a916d7

SHA256
490f67a47bb16e5c23dbc1a64fc6351917d89db8d0d5d9eadaca94d11cede52e

SHA512
d66e24c164e2794c670720d2ee62b11c857ab68bec1e9635b1fa0ec891280e812fea12175c48c219e75d14f4b8c7437b0c6001474e17a2eef972203ec052276f

Download Submit
/storage/emulated/0/Android/data/com.pabe46age.pak/files/log_data.idx

Filesize
1KB

MD5
e0d5d2ea1fad8e53090fcd973cf77633

SHA1
c17ba472a22262aeec82e3cbbf334fbfa7ab3dc1

SHA256
ca581ffcfdb22f1ceac0b3e4070d4fd85ea8237b60eb84d79cdf173cc2447a77

SHA512
ca446eaceb2a25087c3bca947d47d349396c6bb8010c6ae2d4f542e8d994b89da001a0fead032b73cecf38bfa86f45bc0994ca2dcd22a316e8251ab047174587

Download Submit
/storage/emulated/0/Android/data/com.pabe46age.pak/files/log_data_000

Filesize
26KB

MD5
3eab55c187696778e8af566ce7351c72

SHA1
b83cb1f4647f657227c415c94138b6f008de8155

SHA256
534ad630c754c4a61b460aa5ee8e7de7435f81fe80617f09413461a0d2a1cfbd

SHA512
a73305ab020badb38a1e41286b701d7801711000541af850499bb7b6dfc6551a33e68fd163b4b70ae497d824e723c6dcc8fcbf5275d13041c1b5fbcd632f0ffb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads