0b5265ef1ba7739ed5466791d7a39f0e5f93190c6f67bb2d826e07091e6defdc

Analysis

max time kernel
149s
max time network
152s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
28/03/2025, 22:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b5265ef1ba7739ed5466791d7a39f0e5f93190c6f67bb2d826e07091e6defdc.apk
Size

4.1MB
MD5

50ead329b60971e0895512f2b9da30be
SHA1

30b2513a2568f9ac12fafe16016d38d63cbda911
SHA256

0b5265ef1ba7739ed5466791d7a39f0e5f93190c6f67bb2d826e07091e6defdc
SHA512

4647e91c73e77f0126d8538a3a4ed704f58c1f421c4808f7aa68a69f5d6cc322a202d4b8e48b588cadd71b356b905bd45b95f1e6af4d0c3468a0b71604dd8d94
SSDEEP

98304:8ClBiRc1lofNxy94+H2U3GpBjOrsz6PDWH3NbYgqc:kc1lofC4a2U3obOUNbMc

Score

7^/10

collection defense_evasion persistence

Malware Config

Signatures

Reads the content of SMS inbox messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/inbox	com.shootii.rooomu

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

defense_evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.shootii.rooomu

com.shootii.rooomu
1⤵
- Reads the content of SMS inbox messages.
- Makes use of the framework's foreground persistence service
PID:4861

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Credential Access

Discovery

Lateral Movement

Collection

Protected User Data

T1636

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.shootii.rooomu/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
6d4789bd69a0e2351e86d52da7daf144

SHA1
306ccbbe2f4dcd58b67b766e46f7cd20239ce806

SHA256
875d5d394c27534945410601022aa3571faaba2c22a576475a8e364ea572f31e

SHA512
ff2c3f356e99e1649b6c5edc43947e21c68e38716aee9c09fe77678e11125dedd4c12d4a50610098a58c3ec6ed7039616861d7bda0002ece907c01cea61b1cd1

Download Submit
/data/misc/profiles/cur/0/com.shootii.rooomu/primary.prof

Filesize
1KB

MD5
07b3f240ff1a4b537c6c53334e039b32

SHA1
56578c83d31c11a856deb7583fb2250c26d1d0c8

SHA256
f8138d7704c28506f1bbcb3e04854c2555d6e4d34f02075998a50dffa1226450

SHA512
be87f0763362693b1755acdcaed15ee0e6b8f593bb466992a9c60424e32ae513716ddb4ffadc4485408d9c2f5eb24a57cde940f3183dce2700d840697501d316

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads