3997dd1b42fe1ea1112846ffe458261091873ce6928e7a1ac53c8974482877a7

Analysis

max time kernel
46s
max time network
150s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
21/03/2025, 08:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fb527bf32dcc29579d1a851ef4b2c8f8 (1).apk
Size

14.4MB
MD5

fb527bf32dcc29579d1a851ef4b2c8f8
SHA1

fa83fd988fc3bf436ffb4862fa599a131182cf41
SHA256

3997dd1b42fe1ea1112846ffe458261091873ce6928e7a1ac53c8974482877a7
SHA512

5488bf8ad7a6bb16722b8aff47802f4492c9e691ea7edeca1e7e46ec0fc7d96b88345bced9907f23172567fa94475b4d28d9c7d912eaaa3fa242c471c885cfe9
SSDEEP

393216:GreEjMJ9dqCTZdxKz6EeCwdL7NTS0IJ9WAa6ZlTPQ:GqwW9dVcz6wwx9S0IJ9W4TPQ

Score

6^/10

defense_evasion

Malware Config

Signatures

Attempts to obfuscate APK file format
Applies obfuscation techniques to the APK format in order to hinder analysis

Checks the application is allowed to request package installs through the package installer 1 TTPs 1 IoCs

Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).

defense_evasion

Code Signing Policy Modification

T1632.001

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.canRequestPackageInstalls	com.irora.doubleapk

Requests dangerous framework permissions 14 IoCs

description	ioc
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows read access to the device's phone number(s).	android.permission.READ_PHONE_NUMBERS
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows an app to post notifications.	android.permission.POST_NOTIFICATIONS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to read the user's call log.	android.permission.READ_CALL_LOG
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether.	android.permission.PROCESS_OUTGOING_CALLS
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE

com.irora.doubleapk
1⤵
- Checks the application is allowed to request package installs through the package installer
PID:5149

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1632

Code Signing Policy Modification

T1632.001

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.irora.doubleapk/files/profileInstalled

Filesize
24B

MD5
9fe8007463019eb956705a190b5e0bc3

SHA1
4c209af7b5b461b936d480fa71e401b5819975f8

SHA256
34369fd67b688ac2c28688a839a3f6425ea418d71c2d1cf7f65575fbfa97afc0

SHA512
78e2abf2f6b117bcac69b559e59291fb70c21aa61f8b023a5062f1ed567283b21537ff0f055d2be9955e4261598287bf45516d2970cc6a1ae44ca213bff69a44

Download Submit
/storage/emulated/0/Android/data/com.irora.doubleapk/files/app.apk

Filesize
11.8MB

MD5
11e1579e21384634c5d0719d00fddd52

SHA1
f3129a33af11c6f057adcb6e283cc4b113f95041

SHA256
0032143d12ed868f56750157ccba791292b9655af638af790a551a4e95fcbb9e

SHA512
c137717d0aedc929faf85939d43bec0a666ea5eb48437f3137e2f8e0ac045ef498694b0c50aca544aa5ad7993cafa42c15ca72a9ade069803dd5a12fbe951da9

Download Submit