0b5265ef1ba7739ed5466791d7a39f0e5f93190c6f67bb2d826e07091e6defdc

Analysis

max time kernel
149s
max time network
153s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
28/03/2025, 22:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b5265ef1ba7739ed5466791d7a39f0e5f93190c6f67bb2d826e07091e6defdc.apk
Size

4.1MB
MD5

50ead329b60971e0895512f2b9da30be
SHA1

30b2513a2568f9ac12fafe16016d38d63cbda911
SHA256

0b5265ef1ba7739ed5466791d7a39f0e5f93190c6f67bb2d826e07091e6defdc
SHA512

4647e91c73e77f0126d8538a3a4ed704f58c1f421c4808f7aa68a69f5d6cc322a202d4b8e48b588cadd71b356b905bd45b95f1e6af4d0c3468a0b71604dd8d94
SSDEEP

98304:8ClBiRc1lofNxy94+H2U3GpBjOrsz6PDWH3NbYgqc:kc1lofC4a2U3obOUNbMc

Score

7^/10

collection defense_evasion persistence

Malware Config

Signatures

Reads the content of SMS inbox messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/inbox	com.shootii.rooomu

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

defense_evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.shootii.rooomu

com.shootii.rooomu
1⤵
- Reads the content of SMS inbox messages.
- Makes use of the framework's foreground persistence service
PID:5094

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Credential Access

Discovery

Lateral Movement

Collection

Protected User Data

T1636

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.shootii.rooomu/files/profileInstalled

Filesize
24B

MD5
374b0cf87843049395b589ee5a26c776

SHA1
4a111f5e0ae77b81ce4640ab76795480a1a506c4

SHA256
f19f3a82e966a929b0f052d4dcd58febac5dfa26641852cd3f643cf9053b4f37

SHA512
5cb0a1ae73870b6cef894e4250aa54ce0eeec00c4c5a94bb857f26cb3aa8a8c245a01df7ee1b8bf7af0344ec9843d410ed28d5c3c26fe8a621937064ace51fbb

Download Submit
/data/data/com.shootii.rooomu/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
34a1ddec462ee612cf9649c9a5f96fa6

SHA1
627a584dbe300dc16b27659a65338f45237b8497

SHA256
400f4dcb2794b321691d0426fcc63e7134f72c3e659ab74802b271a255a65cba

SHA512
308494d92e2832f71b3359a28fddfdf77e2c128d03fd93b0ad891d32a501dec1cccbffc2ca0ecb123edd567015597b6e1fd25c239419fb5d7bf50d63ea33394d

Download Submit
/data/misc/profiles/cur/0/com.shootii.rooomu/primary.prof

Filesize
1KB

MD5
07b3f240ff1a4b537c6c53334e039b32

SHA1
56578c83d31c11a856deb7583fb2250c26d1d0c8

SHA256
f8138d7704c28506f1bbcb3e04854c2555d6e4d34f02075998a50dffa1226450

SHA512
be87f0763362693b1755acdcaed15ee0e6b8f593bb466992a9c60424e32ae513716ddb4ffadc4485408d9c2f5eb24a57cde940f3183dce2700d840697501d316

Download Submit
/data/misc/profiles/cur/0/com.shootii.rooomu/primary.prof

Filesize
4KB

MD5
1d96dbfea09a29f417dea1e2bf860aa9

SHA1
f7e9407bc536b3e8b4670871ea225cd0cfd25e91

SHA256
c6726bbc3420379a35c0f8f3cfb880c1717afb431ca385730b95d78f712cb4a2

SHA512
9bb101e057a938f257778eeb4d7ee9ca83133b8d3abf5d56e02a0c8d17d93acd032fe5a20a341f2b7a9613b55adde6ad26045837c50fad35be8ec0a4cba1b0de

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads