e921622a745d25e24a9e84363a5c1f3f7878d7897bb391688996116711e6d6eb

Analysis

max time kernel
25s
max time network
27s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
01/04/2025, 21:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NetMirror_APK.apk
Size

15.5MB
MD5

99c49604074e7fd413cfb360021e66fa
SHA1

b72bb967967fa4ceca0f5a47699e24946382b0af
SHA256

e921622a745d25e24a9e84363a5c1f3f7878d7897bb391688996116711e6d6eb
SHA512

16ba534d793476f3727bee3f596717b211d4132cf08d409b6fe98dd49bcd16b88c0044c65a42d318a0343479141580f4f9f774705d9b35790c2031ee38f8170c
SSDEEP

196608:hDHiOsWkDXS8dzPiTKkOdhkOzc3IlMYLIzDT/MNSIOssB+B/7Ks4xfIlr1:S8GPiT+vw3IlmzDLojrs2LZR

Score

7^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 6 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/netmirrror.play/code_cache/1743541670651.dex	4524	netmirrror.play
/data/user/0/netmirrror.play/code_cache/1743541671003.dex	4564	netmirrror.play:x
/data/user/0/netmirrror.play/code_cache/1743541673279.dex	4647	netmirrror.play:p0
/data/user/0/netmirrror.play/code_cache/1743541684437.dex	4727	netmirrror.play:p0
/data/user/0/netmirrror.play/code_cache/1743541692884.dex	4819	netmirrror.play:p0
/data/user/0/netmirrror.play/code_cache/1743541694312.dex	4881	netmirrror.play:p0

Queries information about running processes on the device 1 TTPs 6 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	netmirrror.play:p0
Framework service call	android.app.IActivityManager.getRunningAppProcesses	netmirrror.play:p0
Framework service call	android.app.IActivityManager.getRunningAppProcesses	netmirrror.play:p0
Framework service call	android.app.IActivityManager.getRunningAppProcesses	netmirrror.play
Framework service call	android.app.IActivityManager.getRunningAppProcesses	netmirrror.play:x
Framework service call	android.app.IActivityManager.getRunningAppProcesses	netmirrror.play:p0

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	netmirrror.play:x
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	netmirrror.play

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	netmirrror.play

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	netmirrror.play

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	netmirrror.play

netmirrror.play
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Queries the mobile country code (MCC)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4524

netmirrror.play:x
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
PID:4564

netmirrror.play:p0
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
PID:4647

netmirrror.play:p0
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
PID:4727

netmirrror.play:p0
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
PID:4819

netmirrror.play:p0
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
PID:4881

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Process Discovery

T1424

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/netmirrror.play/cache/ad_config.json

Filesize
2KB

MD5
c0d44fc0e21199afe9c4480eac51e2fd

SHA1
1973c60991de1f7d6e05e27bb96a6f88848645ce

SHA256
9bdad32ed72e58071ce0b93b72a22f3ade4903e906372fff98622d29141c2e2d

SHA512
42b464860726d38179df6922edc0df0ef7998a6cf369dc905230c75909ffbcc528f7eb25509c9791b7a4ccfba6e5bfb6801bf1481c5e947b70d330871ae52138

Download Submit
/data/data/netmirrror.play/cache/daily_limit.json

Filesize
478KB

MD5
98bb93965268ba395562a658f9781abe

SHA1
718bc29869a6b409fc8ab822b3e4d824a8cf20c0

SHA256
d691e520ca6a650e7c30aa4f32c2b9a11832baa96f1a051eb6768b3415fd7767

SHA512
488843621df5a98c26bcaf8b6c4b808ca2b7ea34e8cc571617b91b823fb4efd15d5e39502fbfe0a4bc56518db22d55a9ced758c48395d1bdad35801eea4b60d0

Download Submit
/data/data/netmirrror.play/cache/daily_limit.json

Filesize
32KB

MD5
a7d69ce0d9e69075883a22ccfdfcaf87

SHA1
49e9bf303bfd17d770f2ee543cff3f3e0796ab78

SHA256
e692ab22f94ea7289bf36749791279ecdcfe263b56519c4c1a1870d76a6f9e7a

SHA512
05ec2c5d9262e721d802ae18ce5f55f5656465d0d8b46567292de8c5de7eea3ec582cb8482f33e0fddb54c8c0ba8642a14da764e4a82e7b3f5d3093e4f2505a1

Download Submit
/data/data/netmirrror.play/code_cache/1743541670651.dex

Filesize
2KB

MD5
b5226ede1106261e7c438744eee9a864

SHA1
352593a2577dbaa67b26eefc1629a19cc2c9c2da

SHA256
3834c792435933cd916d886f9842894316a99339a0368f7bae255b53683a515a

SHA512
7e410caae4666f8473266cac4bd163f7f2093d3f2e8778b50d347eeffe3cd4ed37e0d8b84c38ae85a28b7e50a2a2db3e8661ec51b71a1d9db876e98827aef627

Download Submit
/data/data/netmirrror.play/files/down.apk

Filesize
100.2MB

MD5
16832ff7276c25fc85f96a461598fa67

SHA1
30e46cecb352b661f1b2b52ce3cf7f0459e79374

SHA256
c4ce2f65ff736694df2e566e388ee872c9e94d74fb2300ecf10354d9b6f88f57

SHA512
7e3c4f58799757a416e540e44ebe6c9d2b2f9f276578e280c9273fd48f72c24f06c01a8ec6db43e548df6e018da17fd2926f98a1ae7e81a6631926e3e7492949

Download Submit
/data/data/netmirrror.play/files/profileInstalled

Filesize
216B

MD5
c511b83da2f23b572acf94a57885071f

SHA1
de95ad1ada37d7407ac48dbe6426b2a78a5670a0

SHA256
54b40c2f14299ecea8fd5f9ebd0a5a7c70d7474846c8958617b1b1f76df6a6e0

SHA512
7d92febcecc4618fb3632bef5333426a34a8ec44a22c1fa8fd695b72c8faa8076de914922604dd66ac149defe8af5a9c495da9e2cb973b091e02bb362cb183ca

Download Submit
/data/data/netmirrror.play/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
512fd6f7b8ada14ef9087c40051a4244

SHA1
5ff35e7382119ef78947a6989f5f1ab8e0783949

SHA256
0138e088b273c37118d3118bf27fe5ed4b3700fe9c4865659d3461a3852fa332

SHA512
3702b7930cae4e860209abe97dbe86cac43968bee060d6044178a4f42445956fb79cc9dd5084ca663d92cad7cca1865ae148835584e2e01536e5f62e70c9f133

Download Submit
/data/data/netmirrror.play/no_backup/androidx.work.workdb-wal

Filesize
181KB

MD5
55e066cbbfd7a1dc3f5fef3aef7ce9cd

SHA1
3c4bdbf353becebb4908b310558af71500b23b7b

SHA256
572296df3b8f8a4ebcaae04e91ca9b0a0c022d444b7e910bfcd853353be34db7

SHA512
0fc8ff047f880f6b60e454ba0e81d03647f7668b7ac5e70d7b68710351c3f2875ea31474983f9523abb02b690017472f4276f060245d7df7e3459276efbb544a

Download Submit
/data/data/netmirrror.play/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
31d6b8e1c80d593acdaf9a9f305191be

SHA1
2c9278c5ed6f46400800ab5c7330176a586b600a

SHA256
d2461e899236d9a0e914e015ffc53c134130cf101aff7f9929a1411126f7368d

SHA512
03ff95cec9f3f31acba64da3c531d663d1207c99c832e107cbd5347976feed411d45b05d85753ee2d9539f1ec4a1d8527071bc678f7ed73f56b265a9bae8781f

Download Submit
/data/data/netmirrror.play/wabox/data/app/app.netmirror.netmirror/package.ini

Filesize
9KB

MD5
89e04b698fa68d9b597e1d5da9808ebe

SHA1
24d3acf61e5168406bcb5ca132715109f742a476

SHA256
c63c6e231bcf566592066088ac8cc56ae3e46fa197c4af6fa9cf2c9c688ba624

SHA512
c58810b68e248aabbc3998c26f7020004d1522b083457fa06c0a8f33f356885040277f7e190ce886d858734afa98eaec7b6681c75d060328a7e60786060dd299

Download Submit
/data/data/netmirrror.play/wabox/data/app/com.whatsapp/package.ini

Filesize
727KB

MD5
e0062a134d44efb573974c1a5324e608

SHA1
4bf0e9d5fbcab355585a9682d4150b0e1a1d39b5

SHA256
c8939c5eb2c23d8b80bbef9e9e48a3a104df546998cf8435ea7749ab2bba950a

SHA512
edd8cf31267c3b36c0c299101936872dd9ae6ea71f37ac8b5c7dee6424ae5bcbd5080283cfa6ffbef1d95a9e7caad2c14a616d11731a7e1b6468f7d540ecf172

Download Submit
/data/data/netmirrror.play/wabox/data/app/com.whatsapp/sig.conf

Filesize
2KB

MD5
b125bd3f0f8c852710ba4b9670495368

SHA1
c40f5d37dc0d5089c5f281c1e5a5ee749e2080bc

SHA256
7d37f12a7ee3380d9268e3a4db2bedfc552e172b158ad8be16f790fe93dc1f54

SHA512
55fce6019a10ae2bd34e5b5dfee7b4f49fa316db4c8570642f120435daa8ca293fa4a1fd843037f3be42f4df01e5f3c1f720af0eb5dc071cc3d60f1fdbd58da0

Download Submit
/data/data/netmirrror.play/wabox/data/app/system/packages.conf

Filesize
160B

MD5
b9a33f923bd2fe97353f3bef3872f60f

SHA1
af84ba0209665166796c7dd70d2f6b8f184ed267

SHA256
9836db01e448b5f991f069f571ee8ff9a1cae1b512c359e91b72d7181c0cd5a5

SHA512
3040d0d7dd204dc3dccd8cc11cb44b5be96917b5c32978a6adb9c00650cdf3db5f80419042bd568a20462c6dfa5d04fd330d0959dab45998002c10698e722cf1

Download Submit
/data/data/netmirrror.play/wabox/data/app/system/packages.conf

Filesize
268B

MD5
10650db33ab355b4a124edf00e86bbb1

SHA1
fc14f81068aa3900e0bb1dbd6696b3d67dce089f

SHA256
24fdfe3e1a1db643c8ad95020b887ea97a1906f01ffc21a680f98ef4d5216455

SHA512
077cd00373b2197e8ccfb46913355b918d1e907bb943a1b564439064982f54b2cc66e260496e896cc354c97af992bc07f758fbd5f9bb99081d81930d48ddef4e

Download Submit
/data/data/netmirrror.play/wabox/data/app/system/sync/accounts.xml

Filesize
4KB

MD5
0eb157e1a86d4d00aa601dd2f6ff3ee3

SHA1
fee434f784e73cc7916322e949f727caf8363102

SHA256
b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4

SHA512
b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8

Download Submit
/data/data/netmirrror.play/wabox/data/app/system/sync/stats.bin

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/netmirrror.play/wabox/data/app/system/sync/status.bin

Filesize
512B

MD5
09ed9b65458d9fdab863ff5be1dfe5c1

SHA1
511b63e28beb22e605fea5db26c14c3a1bd9e3df

SHA256
7939c55427184145f1b5f72ba68ca672656cf715f2de094855535a637084f669

SHA512
84d8c92652b44d303dba16a33d483842c6d57ba959d7e2a714ce08ac979a1622f68a7eff2b654fb3f0eddf16a05a54445d61e06c42c99bb5df6513d70aced394

Download Submit
/data/data/netmirrror.play/wabox/data/app/system/uids.conf

Filesize
191B

MD5
d720ee9fa4bc55d4820bd07dbe6e6105

SHA1
621b9bc74681deaf5a95cad4f5dd5e9cba7522b2

SHA256
9fc076ec8f7511a520bdb24b73536535f841ef167fb86580d03fcc93766fc149

SHA512
cc44292e5f9bfeb868c5805debcc80b0b33955d687b2eeada45184c460f4734988b4109421f9dbdfb4c0d86e543beb1983930ed24f3da3dd12c920df30dd5f08

Download Submit
/data/data/netmirrror.play/wabox/data/system/users/userlist.xml

Filesize
5.9MB

MD5
b91a360fbbe8e53ee444b7660feb63ef

SHA1
26e98422d65cbe0ac06bbba9e504fe851ed67fc2

SHA256
d0882413f7ca2a4236dd6fde837d1213707ab05f34c5f05682131b0d55af152e

SHA512
16c28bc119e5fa42e6a1898b321f08bf4fde45aceb13e0da97a996b37d95d5c9686186355402c8f35808aed357f5d8083036f33a6754049c8535dc4b67261dd3

Download Submit
/data/misc/profiles/cur/0/netmirrror.play/primary.prof

Filesize
202KB

MD5
aefab65bcbc093ed5fed92e3acdf2169

SHA1
3ccf6749b80d151767af17986574db5d3d77357f

SHA256
7ff24c29739ed17ca7078f75c1b337220043e0b9bd3e206f7811a8a0f0a0ea7c

SHA512
767530852f196c47bcd547b131b85f721cace9029f513be3aadbeda8ddc973d556112938b8af478abcaced710492a09878b64ce7ba1a100286ed0bc185099e29

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads