2d4c4afa385e7d3d0599198f7a1212bdd5bcd7b3e24ebf2e2d5d162728a9b50a

Analysis

max time kernel
6s
max time network
151s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
28/03/2025, 22:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d4c4afa385e7d3d0599198f7a1212bdd5bcd7b3e24ebf2e2d5d162728a9b50a.apk
Size

3.6MB
MD5

689813313cff961a95d9da8003da5013
SHA1

092ffd924b34e150107fd4fe893c344a71de1a5b
SHA256

2d4c4afa385e7d3d0599198f7a1212bdd5bcd7b3e24ebf2e2d5d162728a9b50a
SHA512

e0504ca2b472f5317d3806636ef3a85ffbac53380ff2d368f00b335228e60914732c55f146fefda7f39b2dd79ff31158719ef5c3fc52272edca4d765a2a340be
SSDEEP

49152:FApGv7d2ZrNE720GG2thBPsDyGC0eD5NZY+jjB0gYD2K1eNqJqL:Zd2ZrNE7RuhiDFDe3ZseqqL

Score

7^/10

banker defense_evasion discovery persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.testtest.seqiwegrty

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

defense_evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.testtest.seqiwegrty

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.testtest.seqiwegrty

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.testtest.seqiwegrty

com.testtest.seqiwegrty
1⤵
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4329

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/Android/data/com.testtest.seqiwegrty/files/uz40e037aec6fb45c69c476787e24c2770_sms_messages.zip

Filesize
638B

MD5
b36229d6e5a841545c7f8382ec3284cf

SHA1
9e23654c6594467455e41202f6a09e62c08fd117

SHA256
f00a94292a6b06dc1d1d08f5567c496366fa430c33135b9c8c93d2a17c4b4530

SHA512
51ef15dfd9968afd7e9193236822ce5ca4e29c9e55231f832f89bbd115f5c4ca33464b19eddbe47d4141cebdc261d6f83442a81fa6a1aedab44b76b4b43ce4a1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads