fe4b2b288565cc1a85b7dd23398cc8ab850b0b0c73d46ec9e7c308af86a96d60

Analysis

max time kernel
17s
max time network
151s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
11/03/2025, 05:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fe4b2b288565cc1a85b7dd23398cc8ab850b0b0c73d46ec9e7c308af86a96d60.apk
Size

22.1MB
MD5

c7dd3e08e9f1d2c16ac9d51aaeb4c1cf
SHA1

db342f35467cad79035f0fa2b77fdb427cf981d0
SHA256

fe4b2b288565cc1a85b7dd23398cc8ab850b0b0c73d46ec9e7c308af86a96d60
SHA512

7b769e0d24a6e6da4801752b5fe5903d671e3ff629dad2daa33fa2c754b84aaa1865643699b170cc11e9a0d72d5c5b51c78e0a3b77afc9749aee3969db5c8b7f
SSDEEP

196608:UPCoCv1HxcjCVWy5RtVUs1sgAXFNgI7a7Yt3Zu9yzhLrZY/snFphv1rnFphvwnFF:UYMjCVWy/Zs3FNgIuQ9zhL93Y/+edD

Score

8^/10

banker collection defense_evasion discovery persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

defense_evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	com.pabe46age.pak

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Reads the content of the SMS messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/	com.pabe46age.pak

Enumerates running processes
Discovers information about currently running processes on the system

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
27	raw.githubusercontent.com
29	raw.githubusercontent.com

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

defense_evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.pabe46age.pak:remote

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.pabe46age.pak

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.pabe46age.pak

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.pabe46age.pak

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.pabe46age.pak

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.pabe46age.pak

com.pabe46age.pak
1⤵
- Checks if the Android device is rooted.
- Reads the content of the SMS messages.
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4273

com.pabe46age.pak:remote
1⤵
- Makes use of the framework's foreground persistence service
PID:4593

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Protected User Data

T1636

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.pabe46age.pak/app_crashrecord/1004

Filesize
224B

MD5
44e9f9bce203941443cc2c120d08359e

SHA1
5633e40abfcb662fee22017d9207f42b488a6ae8

SHA256
4878254a77a3792bdc0067cfa40bc3c240b49dfea68440d6263cefa06dcfed32

SHA512
fee4a9defe4a8e1cc017d9b531e5d5eb14198a8c8c4e3eba0db62b668882984c0437b1e703943e6cee55df44817250e2f5064cc59edb46023d2292f928bca248

Download Submit
/data/data/com.pabe46age.pak/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.pabe46age.pak/databases/bugly_db_

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.pabe46age.pak/databases/bugly_db_-journal

Filesize
512B

MD5
bc1f443e4614158f80f3ab0a7f8f220d

SHA1
c0c59f04f651c8796722182eac35abae12ab1e10

SHA256
56b73df07a5ac1b70d22c6f24be57115c714a65f1945cfb8f68e301f9d209080

SHA512
631e7140062cf683d0a0263c86dd203b382063f3913997c950e185924845c5adc349f91888bd8c9edfada8df6bbcc16995de01f8285f2e0617fcb2ee677eb414

Download Submit
/data/data/com.pabe46age.pak/databases/bugly_db_-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.pabe46age.pak/databases/bugly_db_-wal

Filesize
297KB

MD5
c1d7728e1ba612c18fd9f7bdcc7014b6

SHA1
727e70dc047c6e18991431bbb07db9bf79e9e7e7

SHA256
82c85aa9e4d35f35176b3005ec0cabf3b6508021539ebfa7a1dfcb4ac185735c

SHA512
27ffc860d1fbd3a9b4d214ca23ab4624ce02d06905a1115326b2fae0c96eccd7202371fed9c70d34093d93777583e2f5b7c33bb6b4330a3491ae27d381ce1afa

Download Submit
/data/data/com.pabe46age.pak/files/bugly_last_us_up_tm

Filesize
13B

MD5
9fb058ee890d299e0d1afed2440f772b

SHA1
58d8a05fb250071038c8bc024593c7e4d4453ab5

SHA256
fe303136b50eb4e0cc43b564f214bda7bb39c6d1dc81b04faf7df0fc53d7c60d

SHA512
417b80cab6823c19501d772c24338c683c464be6ade961b938e841ce955bd2195d6b9aa4f609b4a85fc068f951a1fcf1281e1261fd414e0ec08c295c1ee2746a

Download Submit
/data/data/com.pabe46age.pak/files/mmkv/mmkv.default

Filesize
4KB

MD5
620f0b67a91f7f74151bc5be745b7110

SHA1
1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

SHA256
ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

SHA512
2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

Download Submit
/storage/emulated/0/Android/data/com.pabe46age.pak/files/log_data.idx

Filesize
96B

MD5
27d0d4d9877997dea1ff81f9db3e4c55

SHA1
2c49b930f5b47782caf31a00e6a14beafdb4f270

SHA256
ab278047bb6126e8c87ae1c3f49e9b179a175da703133cec9110ddc2100d1e83

SHA512
e8146b4b37af6a6a003444c479bb296e0d9b5cfbb1a22fb1733c62d930ed7792cf66df7e3bbb538f046087bde477e0b74ea8689ca068e7ce000b68357bb11d78

Download Submit
/storage/emulated/0/Android/data/com.pabe46age.pak/files/log_data_000

Filesize
5KB

MD5
0d5c97d8239e2a80adae7ac263df5588

SHA1
24f9a0893f57acf27a533633107a3a5a2533c83f

SHA256
65b7bc7f5c239e799c7de37c97261f184900162960b7e1f248d2d09be44e35ad

SHA512
1f327b36a43ffb6bc6c770bb60a0bb93da8900d53e72d0c1d5efdf9b39eda74ea7bec655b94817231993fc7aa777127e63087f7c393d4180b7268f62071534d8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads