0b5265ef1ba7739ed5466791d7a39f0e5f93190c6f67bb2d826e07091e6defdc

Analysis

max time kernel
149s
max time network
151s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
28/03/2025, 22:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b5265ef1ba7739ed5466791d7a39f0e5f93190c6f67bb2d826e07091e6defdc.apk
Size

4.1MB
MD5

50ead329b60971e0895512f2b9da30be
SHA1

30b2513a2568f9ac12fafe16016d38d63cbda911
SHA256

0b5265ef1ba7739ed5466791d7a39f0e5f93190c6f67bb2d826e07091e6defdc
SHA512

4647e91c73e77f0126d8538a3a4ed704f58c1f421c4808f7aa68a69f5d6cc322a202d4b8e48b588cadd71b356b905bd45b95f1e6af4d0c3468a0b71604dd8d94
SSDEEP

98304:8ClBiRc1lofNxy94+H2U3GpBjOrsz6PDWH3NbYgqc:kc1lofC4a2U3obOUNbMc

Score

7^/10

collection defense_evasion persistence

Malware Config

Signatures

Reads the content of SMS inbox messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/inbox	com.shootii.rooomu

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

defense_evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.shootii.rooomu

com.shootii.rooomu
1⤵
- Reads the content of SMS inbox messages.
- Makes use of the framework's foreground persistence service
PID:4335

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Credential Access

Discovery

Lateral Movement

Collection

Protected User Data

T1636

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.shootii.rooomu/app_sslcache/maik-31440-default-rtdb.firebaseio.com.443

Filesize
8KB

MD5
3b1fba01ec6fd2d1b5972b62483828ff

SHA1
53ae8330973476652905d961428f16992ca4d9d6

SHA256
7839b943afe741981f7b241a445616a81d481ab24a061601202d16ed0f0657cd

SHA512
fe35136b80cda50214f69be9ed5d4c0304116653020141529d4119f630ce071cc73bab9c00efa24efa899fb91e7608c1b8e289f95182cb03b4ff74e2f9ab666a

Download Submit
/data/data/com.shootii.rooomu/files/profileInstalled

Filesize
24B

MD5
db05d7adbefcc2fae1f91edb8f03303a

SHA1
66aaf30f36d471c6b1afabd7f8d27e680d6ba29b

SHA256
f0dfef9f5846cbda640e89540c4eba1bc911914a69346a8ccbd276e0fc082723

SHA512
2f4e556cec0bfb12f99661dee62bf04975c4ef59e2c16d01d7faf6bd16e4944e9950f610e05066b83f6f5c10338726d2fc09c02f6460fc9ab71e1c1aa80e669b

Download Submit
/data/data/com.shootii.rooomu/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
38688158ae09c2d044b12d7242719971

SHA1
e61a1adb2e30e72dce035c4808a73014da38a494

SHA256
83b04ac39ef423be56c6a7381604e2d7c43f36f2976d645263176642afc2af29

SHA512
ab2f9361a1c9d26dcb856fe8b0cd52af4474c06d599bbacd5cc21a54ab569e3f9c6d36744c54f36b0a86aef4d3a397bcf48d9275bcfb0a7565df02540396967f

Download Submit
/data/misc/profiles/cur/0/com.shootii.rooomu/primary.prof

Filesize
1KB

MD5
07b3f240ff1a4b537c6c53334e039b32

SHA1
56578c83d31c11a856deb7583fb2250c26d1d0c8

SHA256
f8138d7704c28506f1bbcb3e04854c2555d6e4d34f02075998a50dffa1226450

SHA512
be87f0763362693b1755acdcaed15ee0e6b8f593bb466992a9c60424e32ae513716ddb4ffadc4485408d9c2f5eb24a57cde940f3183dce2700d840697501d316

Download Submit
/data/misc/profiles/cur/0/com.shootii.rooomu/primary.prof

Filesize
4KB

MD5
d59d8c7e8cd3f6f630bf7cf83003bace

SHA1
24acbe81a5bdf81d559297cf34fe016f9d153b5c

SHA256
0419c0f29c29715cbe48240abf7a590bd261bab359f69610d480954af7fdbd6e

SHA512
61b7a4e5d5fc0e9e2c1a9a2a37ddfe912ca18373065ccc60d39063a85db6aa24f8073a9625fe761c3c2ed445d314416bcb5acfd4258e88f5f2e508b04fc5b52f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads