Analysis
-
max time kernel
367s -
max time network
592s -
platform
android-9_x86 -
resource
android-x86-arm-20240910-en -
resource tags
-
submitted
24/03/2025, 12:30
General
-
Target
rex.apk
-
Size
5.9MB
-
MD5
7592b1770a1d0d5e669f8823d7ce6227
-
SHA1
afcad66bb5bff1d2398404ff9120b0b0302fa8c8
-
SHA256
0b9a995068927a901a45dfc103d707f47615ecac92706ae9169f4329b65569a5
-
SHA512
e8f34c11f88a8d13a5f985b753d6e9f91b21be0e3f92aad30daf98205190a221a92b732701ec94ab1c2c0018eac62e358cee09d37198b88f8907f2d64b6bca0d
-
SSDEEP
98304:yKd2ZrR7Wa+1Q2EVHlfv0wSZQV6Ipst7YhbDAhtlLxxFKyRbg3O+GCXnmqU:TNY0n9IeZwbDAhtl1eyFImqU
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Reads the content of the SMS messages. 1 TTPs 1 IoCs
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.tencent.mm1⤵
- Checks if the Android device is rooted.
- Reads the content of the SMS messages.
- Makes use of the framework's foreground persistence service
- Queries the mobile country code (MCC)
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
-
logcat -c2⤵
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
MD5fb69d451bacd9cecc9a094846440afd4
SHA1ef0ee44272d2213a692673e7eb660f34a572f54e
SHA25689ee33f3b3a1eae8de3e7e9c8bda2d5a81ecb61b1496172f850bcd8754a85627
SHA51299a1a1cc9cb64c47f9c1a30ece27ca7682ff4e59b69a5a27a722b7e347d985f130ed9fb53f946750d70021a4644fdd5965c9b42b0c2986ca46ea0ee2ce97cb76