2e2f885827ee152719ccea81035d3af453f3cff21727a91360dfa337a9cb9470

Analysis

max time kernel
146s
max time network
151s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
29/03/2025, 09:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

client.apk
Size

760KB
MD5

11490785ccf34c7002c1326ab0b4073c
SHA1

295ba5ccdaf82003597cb999c9795aaa1fd6f7b5
SHA256

2e2f885827ee152719ccea81035d3af453f3cff21727a91360dfa337a9cb9470
SHA512

7dfdf6b85b485b4a1c114575384fa4ca8bbedda2c4884622416d20af2f5af942903818d2f5878276383111ea0734729f4ce2622c11ef534f00b3aaffeda891ac
SSDEEP

12288:HBGFdJVPa1a8LzeatwcK5HH5WmpYshXZPbGwidNpgZOe:HBqPa1amea3K5HH5WmD9idNps

Score

7^/10

banker defense_evasion discovery impact persistence privilege_escalation

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

defense_evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	cmf0.c3b5bm90zq.patch

Requests enabling of the accessibility settings. 1 IoCs

description	ioc	Process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	cmf0.c3b5bm90zq.patch

Tries to add a device administrator. 2 TTPs 1 IoCs

privilege_escalation impact

Device Administrator Permissions

T1626.001

Account Access Removal

T1640

description	ioc	Process
Intent action	android.app.action.ADD_DEVICE_ADMIN	cmf0.c3b5bm90zq.patch

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	cmf0.c3b5bm90zq.patch

cmf0.c3b5bm90zq.patch
1⤵
- Makes use of the framework's foreground persistence service
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4334

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Abuse Elevation Control Mechanism

T1626

Device Administrator Permissions

T1626.001

Defense Evasion

Foreground Persistence

T1541

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

T1640

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/systeminformation.android.app/config29-03-2025.log

Filesize
74B

MD5
af751398082296785b2830179f370daa

SHA1
b7ebd2977af2e2fa72ab7bffcd8209131895c9b1

SHA256
5505d915248defcb864709364d20adc5a112497bb1bb068749a42011f17160a3

SHA512
22477223e5a97c07ab67c94544bfe6517771699050f38705e0ee38800048999b838196682fd125a928449bdf01c1310a68af2c92d79b35da6c89cb366ff6c74e

Download Submit
/storage/emulated/0/systeminformation.android.app/config29-03-2025.log

Filesize
59B

MD5
8d1709851fd707ffb1e753d40dbbdbec

SHA1
8ddbe5f500a5b47b528ed60d87ba379bbde4bf6d

SHA256
6d19a8c49d1f5f5b73e78df49e4678ad9f5b5fc967a8e094235cdfb60dd61822

SHA512
e28c43cc6cb551be172c1eaa47ca98e4b6db4db3b9d06fef7ebaa404ec6e4e3439b3eaf45e4cb2690d3b4aefdea829a3fc211525dca4777971505da6019f77cc

Download Submit
/storage/emulated/0/systeminformation.android.app/config29-03-2025.log

Filesize
85B

MD5
7a42f34620c2559561573dcc356aac92

SHA1
c61ba3ffe8c49d0f04d26dce47e056297ff09e2e

SHA256
c6a662d29008b989e7e944224deb25dffb08dd6d72ada2d45ce2358976874e35

SHA512
91d0eb835044d4d705b99e6b8a85f1f0b2f73fda0ed2ac309d4c163d377a1bb2ec1a2f4cd9cb35215fa486434fd09b354d678bdfb5fe96126329117858761711

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads