ca0989544a1511c773cf4f9da165e77a3be6d3b86a7b5484558b274ddc79a4b1

Analysis

max time kernel
149s
max time network
150s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
27/03/2025, 07:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ca0989544a1511c773cf4f9da165e77a3be6d3b86a7b5484558b274ddc79a4b1.apk
Size

1.1MB
MD5

26f529d46558a35cd93b3f6dc85a213f
SHA1

f3c68a5859d92d3048169dd28da19bb105aa0da5
SHA256

ca0989544a1511c773cf4f9da165e77a3be6d3b86a7b5484558b274ddc79a4b1
SHA512

56173d3d3ff48ef7a43428ae66a1187a83a2064d0cf3fdb6def5f917e9bc050998a347c131ee88b18750e8ce12689a46adad482e5f0735bba91bec93d024c5ed
SSDEEP

24576:wqJONrJCTE3x0yCcmMvJO4kc1NWEz1T7hwRq4OaNF:wqJOlt3GyCivJoUII1HhQvOGF

Score

8^/10

banker collection discovery evasion stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
5139	com.qzhaswptmd.abtjut

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.qzhaswptmd.abtjut/app_yobqpj/veujwlbpb.jar	5139	com.qzhaswptmd.abtjut

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Reads the content of SMS inbox messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/inbox	com.qzhaswptmd.abtjut

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.qzhaswptmd.abtjut

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.qzhaswptmd.abtjut

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.qzhaswptmd.abtjut
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Reads the content of SMS inbox messages.
- Acquires the wake lock
- Queries information about active data network
PID:5139

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Protected User Data

T1636

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.qzhaswptmd.abtjut/app_yobqpj/oat/veujwlbpb.jar.cur.prof

Filesize
377B

MD5
f31ec1ba0b0d2538e900086f9ee3870d

SHA1
d32bf70221e81fe2226857957e0d2f5a944611dd

SHA256
9f30da1d4a3cac9b986b47e3f73fa70178a4b1dd091f256999dcefb9165d3722

SHA512
f12ea39003d1aa0e13cb5928945aa368210339138304d6e33a54b49a7dffb2ff4d2c0ff1146e70ce488d5e9611d2e3af60c6c2e37100782bf52ab8b3f5ff6e95

Download Submit
/data/data/com.qzhaswptmd.abtjut/app_yobqpj/veujwlbpb.jar

Filesize
505KB

MD5
f77218ce087763a9a0f915d5066f7518

SHA1
13b8b5605769af72050d2966fe81fa6cd7eebdb8

SHA256
cd66b669be1a99c16d32d8c488a702c3dab660ccd45164ca0f8a27aabe1f30e6

SHA512
f3cfc241807143fd74f7d618fb0dc0bca9c898f36d2184140e6bebe8af1382d92360fc3fbf7568b80737994bd926fa087f0da065012b933f303d7d12742d0b63

Download Submit
/data/user/0/com.qzhaswptmd.abtjut/app_yobqpj/veujwlbpb.jar

Filesize
1.2MB

MD5
1f90763017fe68888d0e983cda56002b

SHA1
92e039e1d7e880b42a559fa4fcf5da19e1b264b2

SHA256
37a018553f0fd9b1304cc400f5d566a7ff6606943fc2f1f98c8465054bdfee2a

SHA512
9d1e4c757b0edd4dfc03db55aeeedf17cfe84f9026b6c18391b87b3422745ae53e1440f571bb722ddf61dddce0cfbdde155783d9944c9935709494f4923eebfc

Download Submit