92a30ed0f61fda6d93b86836687832be9b0c334b825f693dbcb7931e8a1cff86

Analysis

max time kernel
46s
max time network
150s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
27/03/2025, 22:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92a30ed0f61fda6d93b86836687832be9b0c334b825f693dbcb7931e8a1cff86.apk
Size

3.1MB
MD5

c67fd4a69cac079b2d97ad891b0b4c7e
SHA1

79877922a495282e78efa09d7cebf7bc13da3941
SHA256

92a30ed0f61fda6d93b86836687832be9b0c334b825f693dbcb7931e8a1cff86
SHA512

a8565ed4557e2eeae72dc5474a4fb1303b4d2a17dafa42c5564cadb031402705d0f420fdf67d5b422385976a91b1b21745c2482821c7a71e410e6f0bf329d4bf
SSDEEP

98304:hiBcUAdk6lQyb3U5oy3DDUNHYA+kOjY+y/pdJ+0r:FUAiKQ+32xDUNH0DjY+yLj

Score

8^/10

discovery evasion stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 2 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4270	wifi.access.android
4270	wifi.access.android

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/wifi.access.android/code_cache/mv_update_v2.dex	4394	wifi.access.android:remote
/data/user/0/wifi.access.android/code_cache/mv_update_v2.dex	4433	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/wifi.access.android/code_cache/mv_update_v2.dex --output-vdex-fd=46 --oat-fd=47 --oat-location=/data/user/0/wifi.access.android/code_cache/oat/x86/mv_update_v2.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/wifi.access.android/code_cache/mv_update_v2.dex	4394	wifi.access.android:remote

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	wifi.access.android:remote

wifi.access.android
1⤵
- Removes its main activity from the application launcher
PID:4270

wifi.access.android:remote
1⤵
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
PID:4394
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/wifi.access.android/code_cache/mv_update_v2.dex --output-vdex-fd=46 --oat-fd=47 --oat-location=/data/user/0/wifi.access.android/code_cache/oat/x86/mv_update_v2.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4433

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/wifi.access.android/files/profileInstalled

Filesize
24B

MD5
b736a4978e92c2f27aefb07d8cb93ac0

SHA1
5625d8e2f48ccd52b02629766e59425b4ab2fc37

SHA256
5a4e50c3d34ccf64856e51e2f3ae9ef743d5f59bd910fef814cf30370e4f39ed

SHA512
64cb163c25c8a3ae30398b6e861ccfb3268954a7e828da65dfcd8a97519bed1f8b078ed914449177a8e5c9302c2e87908717ee96724850e7eda3229a2d0d87e0

Download Submit
/data/data/wifi.access.android/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
ff257ff764c751fd256b424bbb930556

SHA1
38270d3a47219e96eb12ba1f776eb3bcb6420a34

SHA256
5ccdcf9eea7272bf51854f9c0582d972731b36ce2b5375b3d84b2333612be350

SHA512
a2c02304feffa32ff0b0866e173611340d3474e963d5891a0070c3900bc833ea07e1597be010d87ddab798828f93eb48c1b56a05f4619f838e2d25999719f1b2

Download Submit
/data/misc/profiles/cur/0/wifi.access.android/primary.prof

Filesize
5.2MB

MD5
d300bdb4b3ea87f902fda5bf7bad33f2

SHA1
aa90761dbf400c3a66a28fd0a264fc1aedb491a7

SHA256
c28fc458d8c9545aba71901fc5bf7b1589c74d9bd5ae8817836c274ecae94576

SHA512
81cd2386f35a9a220dd299ece33a9d19f497180b6e69b4bc396ef3b8ae04cd1e9726d02735c85fb9aa5ab0834a369dc811be1b51a4a0b37f776c7e66c5de82cc

Download Submit
/data/misc/profiles/cur/0/wifi.access.android/primary.prof

Filesize
4KB

MD5
a4b8496b6a8ebfcfbfc4e906bef5dc9d

SHA1
6708a357e44def59b2fba5f776f8f8cbb3d4dde9

SHA256
f06689be5480407915cb4275099582ae0771c52202844097ea6addd785a27fb5

SHA512
44ef4b893f50c76cf77365acf84061d3b88967a5eaabd551662808fe2608806f0eb1c1cf13d0b0e59f113e77b47690426c2fac2d0cb80d11cad022bd041693d5

Download Submit
/data/user/0/wifi.access.android/code_cache/mv_update_v2.dex

Filesize
5.2MB

MD5
9aee17535dc0ebad1b2e5a975e88d6fe

SHA1
d85595874b1300c3266731efe2e5f3975c4bfd51

SHA256
3d2910d3857fbbb135c134a56fef5dc573ab6a4154af62849488d7656c8dba66

SHA512
df295575b5e58755e9168d0dfa0f8bc43300ecf1b9651f350f1850538755c36519c4c10279ff36407d72e18afb0931e2f33a070a8c8425bcf68c19bb1921d76f

Download Submit