Analysis
-
max time kernel
149s -
max time network
150s -
platform
android-11_x64 -
resource
android-x64-arm64-20240910-en -
resource tags
arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system -
submitted
27/03/2025, 07:41
Static task
static1
Behavioral task
behavioral1
Sample
ca0989544a1511c773cf4f9da165e77a3be6d3b86a7b5484558b274ddc79a4b1.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
ca0989544a1511c773cf4f9da165e77a3be6d3b86a7b5484558b274ddc79a4b1.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral3
Sample
ca0989544a1511c773cf4f9da165e77a3be6d3b86a7b5484558b274ddc79a4b1.apk
Resource
android-x64-arm64-20240910-en
General
-
Target
ca0989544a1511c773cf4f9da165e77a3be6d3b86a7b5484558b274ddc79a4b1.apk
-
Size
1.1MB
-
MD5
26f529d46558a35cd93b3f6dc85a213f
-
SHA1
f3c68a5859d92d3048169dd28da19bb105aa0da5
-
SHA256
ca0989544a1511c773cf4f9da165e77a3be6d3b86a7b5484558b274ddc79a4b1
-
SHA512
56173d3d3ff48ef7a43428ae66a1187a83a2064d0cf3fdb6def5f917e9bc050998a347c131ee88b18750e8ce12689a46adad482e5f0735bba91bec93d024c5ed
-
SSDEEP
24576:wqJONrJCTE3x0yCcmMvJO4kc1NWEz1T7hwRq4OaNF:wqJOlt3GyCivJoUII1HhQvOGF
Malware Config
Signatures
-
pid Process 4790 com.qzhaswptmd.abtjut -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.qzhaswptmd.abtjut/app_yobqpj/veujwlbpb.jar 4790 com.qzhaswptmd.abtjut -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Reads the content of SMS inbox messages. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://sms/inbox com.qzhaswptmd.abtjut -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.qzhaswptmd.abtjut -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.qzhaswptmd.abtjut -
Reads information about phone network operator. 1 TTPs
-
Tries to add a device administrator. 2 TTPs 1 IoCs
description ioc Process Intent action android.app.action.ADD_DEVICE_ADMIN com.qzhaswptmd.abtjut
Processes
Network
MITRE ATT&CK Mobile v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Device Administrator Permissions
1Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1Suppress Application Icon
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
367B
MD579a51f78bdef1dd94dffb27df9f5aa47
SHA1e36b17f7abcc8d04f64f1e24ba616649bf28e75f
SHA256773e4de8fe84d49464ff779728fabcc32cfe01e3a7aa32cb1591bc353891693f
SHA5129f7101a6acd29b6d743b4bf083a6be5fb586bd48d5e53c5d64e1065b7d3d7856d5b76ffd548609c8255b8a9b3be301dde148e854ee8f0d33d431fcfb88cd0754
-
Filesize
505KB
MD5f77218ce087763a9a0f915d5066f7518
SHA113b8b5605769af72050d2966fe81fa6cd7eebdb8
SHA256cd66b669be1a99c16d32d8c488a702c3dab660ccd45164ca0f8a27aabe1f30e6
SHA512f3cfc241807143fd74f7d618fb0dc0bca9c898f36d2184140e6bebe8af1382d92360fc3fbf7568b80737994bd926fa087f0da065012b933f303d7d12742d0b63
-
Filesize
1.2MB
MD51f90763017fe68888d0e983cda56002b
SHA192e039e1d7e880b42a559fa4fcf5da19e1b264b2
SHA25637a018553f0fd9b1304cc400f5d566a7ff6606943fc2f1f98c8465054bdfee2a
SHA5129d1e4c757b0edd4dfc03db55aeeedf17cfe84f9026b6c18391b87b3422745ae53e1440f571bb722ddf61dddce0cfbdde155783d9944c9935709494f4923eebfc