c6e52bd7d8a1de54e5a6551a7a737c989d93537c1bb440fdf37914c799e77f16

Analysis

max time kernel
149s
max time network
153s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
17/03/2025, 12:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c6e52bd7d8a1de54e5a6551a7a737c989d93537c1bb440fdf37914c799e77f16.apk
Size

23.4MB
MD5

9b4aaaebca0f904234d371475d3dcc6a
SHA1

fdbd2957048a9564a923bda70d68ab292bcb7540
SHA256

c6e52bd7d8a1de54e5a6551a7a737c989d93537c1bb440fdf37914c799e77f16
SHA512

d8ad4d4d10747264e2ef960dcef5e70049ca7eab102fbd02ea07982e01b6af2130f95856694a9ebe0f3bcc3e2512a8bca92f944b1b5aa9f54a0cf5e34ecd67cd
SSDEEP

393216:HehX6Cksss3FNgIuc9zhL9XmENEuEyIlRrU:+hXedsFitchHXT+U

Score

8^/10

banker collection credential_access defense_evasion discovery evasion execution persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

defense_evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	com.cam321f.mac

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.cam321f.mac

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.cam321f.mac

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Reads the contacts stored on the device. 1 TTPs 1 IoCs

collection

Contact List

T1636.003

description	ioc	Process
URI accessed for read	content://com.android.contacts/data/phones	com.cam321f.mac

Reads the content of the SMS messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/	com.cam321f.mac

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
31	raw.githubusercontent.com
32	raw.githubusercontent.com

Makes use of the framework's foreground persistence service 1 TTPs 2 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

defense_evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.cam321f.mac
Framework service call	android.app.IActivityManager.setServiceForeground	com.cam321f.mac:remote

Performs UI accessibility actions on behalf of the user 1 TTPs 2 IoCs

Application may abuse the accessibility service to prevent their removal.

evasion

Prevent Application Removal

T1629.001

ioc	Process
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.cam321f.mac
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.cam321f.mac

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.cam321f.mac

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.cam321f.mac

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.cam321f.mac

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.cam321f.mac

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.cam321f.mac

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.cam321f.mac

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.cam321f.mac

com.cam321f.mac
1⤵
- Checks if the Android device is rooted.
- Makes use of the framework's Accessibility service
- Queries information about running processes on the device
- Reads the contacts stored on the device.
- Reads the content of the SMS messages.
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
- Queries information about active data network
- Queries the mobile country code (MCC)
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4209

com.cam321f.mac:remote
1⤵
- Makes use of the framework's foreground persistence service
PID:4444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Hide Artifacts

T1628

User Evasion

T1628.002

Impair Defenses

T1629

Prevent Application Removal

T1629.001

Input Injection

T1516

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Protected User Data

T1636

Contact List

T1636.003

SMS Messages

T1636.004

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.cam321f.mac/app_crashrecord/1004

Filesize
222B

MD5
0a6efed3e934a03a8b388254d3a38c0c

SHA1
c8c019271b6f9c91deefc9dbd7339d5906293b12

SHA256
6e32b241f7afd479f799c7fb2f198acc56ab705b1c77f2342a08b7403b65c4d5

SHA512
6bafcea9f2ffb1df6fb2bbf9a6a06e7280b29922b618118a7ad15b51483f34a6772f90b250c37d6c88704bf801fbea23cef91b1b142f0c2c052a674ebf5c854c

Download Submit
/data/data/com.cam321f.mac/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.cam321f.mac/cache/wp.jpeg

Filesize
143KB

MD5
5dc1983554a88c2a224ee046bb7314ec

SHA1
5b09273776014bf32fd8aa7bca9ce151d2c7d98f

SHA256
6a4d32e8ef673e70a8a4963124417be10eb09089f3aa049e1e3c7de515c69f21

SHA512
5ce30ef36c25d33f3416006c103608057a9cc88f2d88fe37de3bd895d68a005644d74aca0abd5bef02f2ed17709a38ae249b0dabeaa16d1c46c8a8c9d85c7e88

Download Submit
/data/data/com.cam321f.mac/databases/bugly_db_

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.cam321f.mac/databases/bugly_db_-journal

Filesize
512B

MD5
b3d66f9833a61ef1a863b9d426c57fd3

SHA1
188a63ec9f6fc9e14834a1af14eb38a053cc2a96

SHA256
62ae9410a58f2ff856e6c7277bad509a5d964478546fff91d96f9ae6106ef913

SHA512
66fcffe20953aa5b6bbec6bc1c248871ba8ed04e6248e6ab87a86cda57206315f0249f17c46db754c2949e294c4450442cc23e0aa98b7957aaf013b1203006e9

Download Submit
/data/data/com.cam321f.mac/databases/bugly_db_-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.cam321f.mac/databases/bugly_db_-wal

Filesize
88KB

MD5
981eb1c02553a8da5dbc501a696925fd

SHA1
e70a044a9e32d0705849d375d057be27d943083b

SHA256
91650dab9a145ca75db8803e8eb11d5de086577f23821d6d17a2e6404f00de82

SHA512
d14a648bdee560c342965350d4b35807ef4d0dc43d9eb163358f02e66d0324eda6eefd29ca864c16e9b4ecfa819bce0588739a01c4e82038ed05c586a2fabbfe

Download Submit
/data/data/com.cam321f.mac/files/bugly_last_us_up_tm

Filesize
13B

MD5
2f34e8beeab19dc2c93c3422e85b4739

SHA1
d7d55cb864363418cb0aa9711eef3e03c199e690

SHA256
c8929bf7d50824f1eace6d856b046407f22202e0a28d5e5a1a96fd985e045fd6

SHA512
7ec5262df90bac9e037e17a7cc058a2c0de64b1f70dccc711bdb1194fe7f055b0a181b2674e34db906bca26a546aa27e772481fef63557747857e5a254c14a39

Download Submit
/data/data/com.cam321f.mac/files/mmkv/mmkv.default

Filesize
4KB

MD5
620f0b67a91f7f74151bc5be745b7110

SHA1
1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

SHA256
ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

SHA512
2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

Download Submit
/data/data/com.cam321f.mac/files/profileInstalled

Filesize
24B

MD5
1796b4a0107f4e0ca417f40801fcec8b

SHA1
0d6516c12be53344c5485876ac808bc7e453b9dd

SHA256
743492a1a631d95a1149fefd7faecff8ea4868d080cae2bebf39ef222ad7821a

SHA512
06e1e18b1d989f994f81843f18e77d3d1a19a7fcc4c8207697009520a97e26b60775dae572955f294070ea25adcfc2bcede58f978f7e4bb5a830f2a4701ab5cc

Download Submit
/data/data/com.cam321f.mac/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
766a734efd24cc112b75eedb36a39f96

SHA1
2cfd1d3c27f8af40b48dc831f1cf7a8875bcf91b

SHA256
33803eb86d17c0589619648cba80e4ec594352a27a7027b86fb52783be2d3017

SHA512
bfb43efacc6c5c6fd6ecca74fd4f922f2899a058aee88a52629fe9cacb87adf5e1bb0f7d99e3a369ab7bea29b20805d3f87a01985d17fb703cda8a333763f2c2

Download Submit
/data/misc/profiles/cur/0/com.cam321f.mac/primary.prof

Filesize
1KB

MD5
027bf4950972c394dab576e3f799c8f2

SHA1
5933accf7e2152da750868aba364d5c84ab25ab5

SHA256
d000a751679b0cd000fb6e0356d51292b3c14a5845e0392984c92ebd6d826f36

SHA512
b3dce7b6178c50c37d373b64d9bcd781627d71cebac3276e88fb15754442ddb4ebd7ae5c698ca8a01e0414a5685bec4d1720682efa88514daed05068bdf10551

Download Submit
/data/misc/profiles/cur/0/com.cam321f.mac/primary.prof

Filesize
14KB

MD5
6169a78540e8190820e870192a6f8738

SHA1
f3096d2f508dfe6657df70798af65af004a9a9d1

SHA256
a30e614b0408eef5aa43f57eb5c33dc760a5d98d9fbe460f5dd1132179b01d71

SHA512
a082092d114098b24ab3b76f235b3aa9152dfdb553e0106b3ede609ba6cae2a3e5d1458652be2fc7ab3fa6e3a37242a879d4c423cc47d79367db755e6abd49a0

Download Submit
/storage/emulated/0/Android/data/com.cam321f.mac/files/log_data.idx

Filesize
1KB

MD5
d6bce0bc8d5b64b2ed2108ac806ca02d

SHA1
62e17a47fdb96b85b77c9dc1a3706c10508ae898

SHA256
07fa21f2e46e8a73b7487981c2993e2aaf592ac3c06268f84dc2b7a8927e9780

SHA512
3a72dcabf8b8310d2405fbebbd8afca2c06b6b637804dec801c733ee4f152b586fbbf2f9517944b9da36590f0be00e0aac6f046fc9f4aa6b6dc5fdfb4f9feff2

Download Submit
/storage/emulated/0/Android/data/com.cam321f.mac/files/log_data_000

Filesize
27KB

MD5
14ec21328e2ba8e2574a1160e9c3a21a

SHA1
a5ea0d532c61dc43c6c456ff4b415b7aff32845e

SHA256
414a346da4ac2852b38bf91c3968eb2abb5d304b6625be066d5a22fdac636dd7

SHA512
e430a16c453c45c5e0665c97caeaae400bbdbc796bfeab9ffebcbd3330893eb10b675f6229c53aeb02f6aad8bbe4605140a05aa9c43f6129e24f80d38ff6029c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads