4855970aa460909d3e7aa57251a89cd83864900a4ed1c011311c8e87a768b46b

Analysis

max time kernel
49s
max time network
149s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
27/03/2025, 22:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

haha.apk
Size

2.1MB
MD5

7513f1e7073f370baaeed7474834599a
SHA1

68889c85521d10d27ca31c20b72c4bb3061ab6a0
SHA256

baa6ffe5ca25c9d67b4944b8f0049a95adf79284236261ee0a6924def87c677c
SHA512

e755a7c98b8753915cab5ae87eaba17f9909972ce20c9ce75de484b5d1cb19568e69aea35306566e149632c0c2d0722df96557cc2c37865590c1af40c29d0148
SSDEEP

49152:C3g92A+0sJLNSCZs55W187bbJbG30TVkSD2YE:R+06NSus55WK73A034

Score

6^/10

defense_evasion discovery impact persistence

Malware Config

Signatures

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	eri.etzs.wons

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	eri.etzs.wons

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	eri.etzs.wons

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	eri.etzs.wons

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	eri.etzs.wons

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	eri.etzs.wons

eri.etzs.wons
1⤵
- Queries the mobile country code (MCC)
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4351

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/eri.etzs.wons/files/profileInstalled

Filesize
24B

MD5
1afd43064fe3d20f93cc3a493bc5b5ad

SHA1
2307f3693d1a9bec7a1667c1389d22281b294047

SHA256
103c76dc5bcec236b9601146eec1dfe1f617a5f72934b46a3f30ee82cc3d2e95

SHA512
1a5431c4af040dbc9d4269afbc7c7e6790c61ce63ca5b43193edc3ec4fa7197356641fc1f37b21131defa403acaef0e6ccbf4a7fd0b9607a30037633f1c2f263

Download Submit
/data/data/eri.etzs.wons/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
beed7e9345b100e157fe2c4c9f64d9ab

SHA1
0faa5f6e20951557b8cf330fbb83d27b18533165

SHA256
9b39e13a69239d3c9b1e549c14f69dc1ec2fa9f323cc11cfaf289d5e4ada07c7

SHA512
d70467ef62a27bade0c81f872f83b70abb2a564630f490df735f87a09ec9084cde41b1c28801c6560b7f5e1d87f7c95c7cabc636224e24533029a540638fc444

Download Submit
/data/misc/profiles/cur/0/eri.etzs.wons/primary.prof

Filesize
1KB

MD5
f161240cd045c531ecb44c32cee4f442

SHA1
d71bbc3aca53bd32acf65e3ca6100b8b719e2dc0

SHA256
137c0a1d7d809e36dc3b99d5d2ac2e9c76278092ba08c52a65eeea4ad860e11d

SHA512
0001b2c19d4c04a822484ae165ef5d3aeae6d1f823b8f2e9a41a709d57d4f399d0b879f2bde58fbb614bc77168ad4c404cdbe2a7808901a179024fec7db9c378

Download Submit
/data/misc/profiles/cur/0/eri.etzs.wons/primary.prof

Filesize
1KB

MD5
c261687592b8b8ed976e87b0c3e3643b

SHA1
6ea69b3da4ba88bbe59e2f15f9d46aff969fa4f5

SHA256
9367466843d264b0b0393a32e0086bd87cc4a3bb59afd78ff02b0e4d4e301749

SHA512
c02862ccd3d4f486805ad9cdf564686fd4a715732d21d0811c5d25a1739c13523d87f3a87fd3d4b35e5ad5e858363d53c9759f65750d495342eccf2a6c9bc2e2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads