2e2f885827ee152719ccea81035d3af453f3cff21727a91360dfa337a9cb9470

Analysis

max time kernel
146s
max time network
151s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
29/03/2025, 09:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

client.apk
Size

760KB
MD5

11490785ccf34c7002c1326ab0b4073c
SHA1

295ba5ccdaf82003597cb999c9795aaa1fd6f7b5
SHA256

2e2f885827ee152719ccea81035d3af453f3cff21727a91360dfa337a9cb9470
SHA512

7dfdf6b85b485b4a1c114575384fa4ca8bbedda2c4884622416d20af2f5af942903818d2f5878276383111ea0734729f4ce2622c11ef534f00b3aaffeda891ac
SSDEEP

12288:HBGFdJVPa1a8LzeatwcK5HH5WmpYshXZPbGwidNpgZOe:HBqPa1amea3K5HH5WmD9idNps

Score

7^/10

banker defense_evasion discovery impact persistence privilege_escalation

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

defense_evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	cmf0.c3b5bm90zq.patch

Requests enabling of the accessibility settings. 1 IoCs

description	ioc	Process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	cmf0.c3b5bm90zq.patch

Tries to add a device administrator. 2 TTPs 1 IoCs

privilege_escalation impact

Device Administrator Permissions

T1626.001

Account Access Removal

T1640

description	ioc	Process
Intent action	android.app.action.ADD_DEVICE_ADMIN	cmf0.c3b5bm90zq.patch

cmf0.c3b5bm90zq.patch
1⤵
- Makes use of the framework's foreground persistence service
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
PID:4777

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Abuse Elevation Control Mechanism

T1626

Device Administrator Permissions

T1626.001

Defense Evasion

Foreground Persistence

T1541

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

T1640

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/systeminformation.android.app/config29-03-2025.log

Filesize
63B

MD5
ed5da6a96d799a9687749d69d9195a3d

SHA1
a6ad19958c05321c42f07e67193e9191c160959d

SHA256
33f836966b911014ba866a5938c3bd2a15e7d08784af2516bfca8d7545143e16

SHA512
bd299f7e02c04a6b42956dcd47f6712cc7e7e9abf16b2c2331006aa813f5365247e032044232c11381f6137a2f99f34e0ac61d12b9e10a88158a95510bab77fa

Download Submit
/storage/emulated/0/systeminformation.android.app/config29-03-2025.log

Filesize
59B

MD5
8d1709851fd707ffb1e753d40dbbdbec

SHA1
8ddbe5f500a5b47b528ed60d87ba379bbde4bf6d

SHA256
6d19a8c49d1f5f5b73e78df49e4678ad9f5b5fc967a8e094235cdfb60dd61822

SHA512
e28c43cc6cb551be172c1eaa47ca98e4b6db4db3b9d06fef7ebaa404ec6e4e3439b3eaf45e4cb2690d3b4aefdea829a3fc211525dca4777971505da6019f77cc

Download Submit
/storage/emulated/0/systeminformation.android.app/config29-03-2025.log

Filesize
85B

MD5
7a42f34620c2559561573dcc356aac92

SHA1
c61ba3ffe8c49d0f04d26dce47e056297ff09e2e

SHA256
c6a662d29008b989e7e944224deb25dffb08dd6d72ada2d45ce2358976874e35

SHA512
91d0eb835044d4d705b99e6b8a85f1f0b2f73fda0ed2ac309d4c163d377a1bb2ec1a2f4cd9cb35215fa486434fd09b354d678bdfb5fe96126329117858761711

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads