fe4b2b288565cc1a85b7dd23398cc8ab850b0b0c73d46ec9e7c308af86a96d60

Analysis

max time kernel
16s
max time network
152s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
17/03/2025, 09:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fe4b2b288565cc1a85b7dd23398cc8ab850b0b0c73d46ec9e7c308af86a96d60.apk
Size

22.1MB
MD5

c7dd3e08e9f1d2c16ac9d51aaeb4c1cf
SHA1

db342f35467cad79035f0fa2b77fdb427cf981d0
SHA256

fe4b2b288565cc1a85b7dd23398cc8ab850b0b0c73d46ec9e7c308af86a96d60
SHA512

7b769e0d24a6e6da4801752b5fe5903d671e3ff629dad2daa33fa2c754b84aaa1865643699b170cc11e9a0d72d5c5b51c78e0a3b77afc9749aee3969db5c8b7f
SSDEEP

196608:UPCoCv1HxcjCVWy5RtVUs1sgAXFNgI7a7Yt3Zu9yzhLrZY/snFphv1rnFphvwnFF:UYMjCVWy/Zs3FNgIuQ9zhL93Y/+edD

Score

8^/10

banker collection defense_evasion discovery persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

defense_evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	com.pabe46age.pak

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Reads the content of the SMS messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/	com.pabe46age.pak

Enumerates running processes
Discovers information about currently running processes on the system

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
33	raw.githubusercontent.com
35	raw.githubusercontent.com

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

defense_evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.pabe46age.pak:remote

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.pabe46age.pak

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.pabe46age.pak

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.pabe46age.pak

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.pabe46age.pak

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.pabe46age.pak

com.pabe46age.pak
1⤵
- Checks if the Android device is rooted.
- Reads the content of the SMS messages.
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4333

com.pabe46age.pak:remote
1⤵
- Makes use of the framework's foreground persistence service
PID:4649

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Protected User Data

T1636

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.pabe46age.pak/app_crashrecord/1004

Filesize
224B

MD5
baa4e50b554e9a16dd563a5a03a3290c

SHA1
fe37cff78cf72c918a0a1dff8a6979d70fd38616

SHA256
733a16bf25d2121b7c7ff3b21ea0be6adba740350363636c2993cc804fef059c

SHA512
099c33ef99458527316135c72e1377cb38b46f8920e46f10d7c48f27ad2365966cf509f75fa0c1019f6292ae992dd77416458065e801c28e19589a76e702507e

Download Submit
/data/data/com.pabe46age.pak/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.pabe46age.pak/databases/bugly_db_

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.pabe46age.pak/databases/bugly_db_-journal

Filesize
512B

MD5
4012604c05f8d881055b51db5fc96234

SHA1
e66fcabed028860dc931d512238ad5a66c2f46a3

SHA256
0e7371dece01ad624d7c40977c656e071ee340c146db87aa3576f802ee48cf83

SHA512
8618e0c7ba8d4f05f02956a351c3c042b8d5b0700e8ecda55a57aa3ae920ab1f4085bb417123c3c80f513335ee88fb94a1cd82a31d00c675ae72a25584d7051f

Download Submit
/data/data/com.pabe46age.pak/databases/bugly_db_-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.pabe46age.pak/databases/bugly_db_-wal

Filesize
88KB

MD5
f2bea4ea33ac6869fbed6ebd71d14a03

SHA1
956d1da1c3d8c7dca42030d470844fdf6404dd38

SHA256
455d8040178d307c41d1acfcff4f8c3355f6ec6eaeefcd5330e3416f9776cf2c

SHA512
64c6bbc1252d5716bcd89ca171916e3930eaeb70d1f4a51442e061b6a766096cbebbff903e164a938bbca5d17138256f300b300a3b2e7f8d95f058d0e488abc2

Download Submit
/data/data/com.pabe46age.pak/files/bugly_last_us_up_tm

Filesize
13B

MD5
f7b0c456f86a45c9c9350fb2d84fe234

SHA1
9b2f7117e31eb6b7bd11e146d8c1f70d2f3b6dc3

SHA256
78b89ecf49f590920299ed92acd6c39db4f76ded6777ddeef21174f14da2f371

SHA512
2249ed235a331c00e5b032f93c769149c5ff76b0dcd4d882f37c71e2a940f31475954347f0c52f69c69fc05cc600721c76166afb8a57b569045199a5ff8da1e4

Download Submit
/data/data/com.pabe46age.pak/files/mmkv/mmkv.default

Filesize
4KB

MD5
620f0b67a91f7f74151bc5be745b7110

SHA1
1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

SHA256
ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

SHA512
2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

Download Submit
/storage/emulated/0/Android/data/com.pabe46age.pak/files/log_data.idx

Filesize
96B

MD5
0e313571dfbbd9d8e2949469fc2fa78d

SHA1
f923c776251f3a2b0da6826b23391f9c9ce366d5

SHA256
d3f9448a1c3ad57e94b9fe9c1a554004f9b105ab9b51cedeb10d7887f8210cf7

SHA512
a0d57b42a9c6207d7abdc1f2af4fcbdccb8f6ccbeee28e57064bc48d0b1a12bc32d9a7ec308183cc759f16e20c618b395a05f3f221cdbbb2aee5af6d6ca8e6d2

Download Submit
/storage/emulated/0/Android/data/com.pabe46age.pak/files/log_data_000

Filesize
5KB

MD5
394d8247050a708a72682956497c6c66

SHA1
f36d327ffe8a20074706fcf47716b8bf4af63b6b

SHA256
665d3d7d5f688b73c515d54d3fc42931409e10243816d4c4a27e1d3c4e9bbf94

SHA512
a94510c091315f3c7d4577c3f13eb76c14237ca952d84d491243ee8b477afd12d4215d8094d6e26e91728eda73eaf546f237a98eac34ae0a206fd65da689f984

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads