e92a03b66498dd7a3cbeec980821f4931cd360822eb0c46e85305c6770378e6d

Analysis

max time kernel
149s
max time network
160s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
29/03/2025, 10:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

client.apk
Size

760KB
MD5

52131c6753cbe761a5cb5315b19294c1
SHA1

5192e61b57c044783d7e5098fd5267dd78b72112
SHA256

e92a03b66498dd7a3cbeec980821f4931cd360822eb0c46e85305c6770378e6d
SHA512

9e11799717eabe0479b664a288997d4d6d7787aa15c290935e290641380d4415c14ad11d16d64cf3946382c7d048c0993a89075bb0341e6ae94dcae47ec96354
SSDEEP

12288:OJonHa1a8LVeQN6gAXhR5WmpYshXZPbGwidNpgzD:OOa1aKeQBAXhR5WmD9idNpI

Score

7^/10

banker defense_evasion discovery impact persistence privilege_escalation

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

defense_evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	cmf0.c3b5bm90zq.patch

Requests enabling of the accessibility settings. 1 IoCs

description	ioc	Process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	cmf0.c3b5bm90zq.patch

Tries to add a device administrator. 2 TTPs 1 IoCs

privilege_escalation impact

Device Administrator Permissions

T1626.001

Account Access Removal

T1640

description	ioc	Process
Intent action	android.app.action.ADD_DEVICE_ADMIN	cmf0.c3b5bm90zq.patch

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	cmf0.c3b5bm90zq.patch

cmf0.c3b5bm90zq.patch
1⤵
- Makes use of the framework's foreground persistence service
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4333

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Abuse Elevation Control Mechanism

T1626

Device Administrator Permissions

T1626.001

Defense Evasion

Foreground Persistence

T1541

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

T1640

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/systeminformation.android.app/config29-03-2025.log

Filesize
85B

MD5
11c0d1d0dd5e440d22ae08141e9f6745

SHA1
29a816e149de3db03ec8b1e1dd1c5d8053136b8e

SHA256
68d3bc1101295a7c3b42798260ad3b795e2246358158a5c9fa620fca688d25c3

SHA512
1d28dad024ad6dfacd87090470cd89f172ca85db85717db1ed622273d1acc2118ab4d5dda3677e4e7b1f44affedc525e70900b3c0bd21724cfede8ab7dfed922

Download Submit
/storage/emulated/0/systeminformation.android.app/config29-03-2025.log

Filesize
73B

MD5
3628a444955dfcc6eeb87d657f1f23e5

SHA1
6592488a6fb27c472962acd8374a45e9506fe631

SHA256
197d0ed683956897c0a1122023e7789e79025b8a8cb76d41961c415786d6af70

SHA512
8eb7a04720c504407c9974a11a8d6b6133bd4a128b93b55d318cf98fb5d006944ae87c3fc87cec6c147ebf1ab00dc4dee319446f6cb437b26d8a36e6bb0a8be0

Download Submit
/storage/emulated/0/systeminformation.android.app/config29-03-2025.log

Filesize
112B

MD5
8e5617e83c6bae47e220f8ff0e7ab4b9

SHA1
182507f06efa3dafdde72f7817b32a4db264d6be

SHA256
fc80aec8f2e2b43408f959c5c511ba13adfec07e15c8676483574b230fd1b858

SHA512
a327faba963cb2ee86802de2ffcf27544b750f785f1f69dcff4a948405ca6928a2c60d5937f134b289e3ef9211b65c736c55dcf990fffe846ead31682f3b787b

Download Submit
/storage/emulated/0/systeminformation.android.app/config29-03-2025.log

Filesize
75B

MD5
d811a6826d6d0e014d72c22646b15c0a

SHA1
19f923c125df07b2a60687ab6e85542201230d6b

SHA256
b8cd9e8e87e2ab6e986467dd1c478c8b4356ef3208a28f7f446a992503a0a12f

SHA512
8bf9e5c8bb239305dccf705a328772f6359c39c4838a895bfd9dac9b4867651d9e424d55dc9917e122e1170f1047c47d19cb9e9e181bf0df1609dbdb3388fd99

Download Submit
/storage/emulated/0/systeminformation.android.app/config29-03-2025.log

Filesize
256B

MD5
6edab1cb779bff700a599fc1c6ec4110

SHA1
4e6f4165bf4b16cc3417222328b8652e15d2245d

SHA256
5b30dc71bb0d8330581cf186514b7d691e0eaa4cd6bc2dd796483c9e832796f1

SHA512
bde9700a9ce808cedba98963754a3eed1bf9f5a219ac26af5de0919c0a5cfe59c11a85d6beb220b46d03985cd824ac582430b598121c7acca44594fcd6c08db4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads