Overview

overview

8

Static

static

6

d8452b39b1...2f.apk

android-9-x86

8

d8452b39b1...2f.apk

android-10-x64

8

d8452b39b1...2f.apk

android-11-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    android-10_x64
  • resource
    android-x64-20240910-en
  • resource tags

    arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
  • submitted
    27/03/2025, 11:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d8452b39b1962239e9dbe12e8a9d8d0ee098b9c8de8a8d55b5a95b67b552102f.apk

  • Size

    161KB

  • MD5

    de6ef70d8f9e0af2071a9ba1be902a37

  • SHA1

    fb4bc1d9b1b6f1f22331dee8ba300d32b2563649

  • SHA256

    d8452b39b1962239e9dbe12e8a9d8d0ee098b9c8de8a8d55b5a95b67b552102f

  • SHA512

    a2cc63f788caa00678a6d90ac655b71ee28f8bb999239fe71475ce87a78180bffe4ae114b825d319995741b1bc005111ba8fa72d1d20686c9bb4baf169776879

  • SSDEEP

    3072:SQZGjcHoU3QiCxEH14Xj4JKBLRP9cuTqUcanhXEcMYZ4JBpEFRrCVJnacL:SQZGjcOBQSj4CcuTqfanh9Z4TiFRrCHT

Score
8/10
collectiondefense_evasiondiscoveryevasionimpactpersistencestealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Reads the content of the SMS messages. 1 TTPs 1 IoCs
    collection
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    defense_evasionpersistence
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • net.homeclasswindwater.daymaildayeye
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Reads the content of the SMS messages.
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5085

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/net.homeclasswindwater.daymaildayeye/app_yahkvtrmc/atdvwcobv.jar
    Filesize

    52KB

    MD5

    df89eecea8d42ef21924343b957ba365

    SHA1

    13818b1cd0fb1307e12a9266603c6c0ad9e730e4

    SHA256

    2e3407ed8bc813e4679e74fbecabdac355bac9e16d59fce72d88c57c4a15d779

    SHA512

    a920ebed16b0f1e0ed75eb16a52e0ed81690910f4fa7d30351127e391f0424796c234018abfed7645434457f83f0cc2df2096001b9ef13e54dd640d804910834

    Download Submit

  • /data/user/0/net.homeclasswindwater.daymaildayeye/app_yahkvtrmc/atdvwcobv.jar
    Filesize

    119KB

    MD5

    f3aebfbe829f689f446f22b4192cf3f2

    SHA1

    526cf9685769c7aca25543467e2010e1c843d3f6

    SHA256

    5f293e8a9c5301c9b85c1ae8e9f190e0861b417b135354f438795885e9d9a514

    SHA512

    57f52d1e7301ff4c92d6d6306772f7f50f2773fe0f8eeadb8d128b11658e13d8cdd08b79211350097dd34cf6e4d61a71f1eadf7446e93abcc8bc1143f3b92628

    Download Submit

  • /storage/emulated/0/.catlog
    Filesize

    176B

    MD5

    1ffcc42b74acc5c2c06d5c28ab60e284

    SHA1

    26c333e1f4d929aab5acb1ce2a0766103b834844

    SHA256

    0c4632d81441b83c2289857e97f45aaa40887ca0d26f62ffe9093ac54d99f67f

    SHA512

    5dbc5f1a50f299acd79bbcc9e3eb5f83fbd804b8f04e9990014ce3fdf142b7c54bb4c8c0ec1d2ac39179f49a5571e82ac7b04733305ce3729aa60ef2c207bfd8

    Download Submit

  • /storage/emulated/0/.catlog
    Filesize

    180B

    MD5

    f1f9cd674b3e482bdb61fcf216d7ba51

    SHA1

    2a81987cec0d9cbde1ea21e63a8e7af78ee7be14

    SHA256

    781fba702a5886a5a613444cbeaee6f2948d4b110765d732d1e6eb8a20465924

    SHA512

    36b76716b436d534588e9146f28177735666b98140d6cb5c5f80e81d174014bf91a1bfa8b72959c319887af1f10168c95ef8daab672828a0a40aca20a3f44866

    Download Submit

  • /storage/emulated/0/.catlog
    Filesize

    180B

    MD5

    d32a3adc14fcf819fbbf193d6cfd650e

    SHA1

    a4c20f35981ac21edfff0c5a2a44e0f024c26a52

    SHA256

    b9fb7ed392063ed45f6488137eadf198df15b6582ea90fb48b3f5eecf0ab608e

    SHA512

    d617aed7a4e6565caea30e332588c0e8bacd1b06d2923b06bbcda9d39f5f2d7d313a38a434b72700b41e301dd71398a0c2d2985f609401f7c355d2e00029ca98

    Download Submit

  • /storage/emulated/0/.catlog
    Filesize

    176B

    MD5

    5f551081b3069987419e6ef0b784a12f

    SHA1

    745a14eb9c6b70d9144cee3158057abcd6a2aad4

    SHA256

    a26f1d8372bf11059521400d109acf321746bf710f3cea114f7399b61fc04670

    SHA512

    ba539f1c23f8ff10c25977df24bcea9eb663778695cfde86b66a4c4a6b87934d5e77a07f36fdb988fabb977855a2235ca73c47016e3104cd15f2f01ef93c7ff4

    Download Submit