4f17b1272b31b4529a6f6e06ecf2923ffa7ec34925bca97f04210182a93ec893

Resubmissions

03/04/2025, 20:55

250403-zqj7vswps8 10

03/04/2025, 20:50

250403-zm117stwbt 8

Analysis

max time kernel
205s
max time network
213s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
03/04/2025, 20:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

tphmr.apk
Size

3.2MB
MD5

cefb4cf044c9c7b3cc96cd689272b071
SHA1

2eab21f8331adc61308ec5febc7d1bfa65ac575d
SHA256

4f17b1272b31b4529a6f6e06ecf2923ffa7ec34925bca97f04210182a93ec893
SHA512

8b77ab02a8868bc90259e8fd1798e55bf44206c2869e11f37f9a175fcd8aa1c65c0f07d676f50345f218ee9109191e1d2eb26525ad5bc275bd3dfd201794fa46
SSDEEP

49152:wYUMhcQRP2il3jVgz+73s8b5IoEPNSF6Xr0n5QbdK+t7Igix6pU6C:wYUgNRP2il35gzA3s45Izd5k+U6pq

Score

8^/10

collection defense_evasion discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

defense_evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	com.pvojpamt.tzzyqjyb

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.pvojpamt.tzzyqjyb/files/dex/cfc3fbb4116cca4e.zip	4216	com.pvojpamt.tzzyqjyb
/data/user/0/com.pvojpamt.tzzyqjyb/files/dex/sZblThEHrHiCKxgEM.zip	4216	com.pvojpamt.tzzyqjyb
/data/user/0/com.pvojpamt.tzzyqjyb/files/dex/cfc3fbb4116cca4e.zip	4216	com.pvojpamt.tzzyqjyb
/data/user/0/com.pvojpamt.tzzyqjyb/files/dex/sZblThEHrHiCKxgEM.zip	4216	com.pvojpamt.tzzyqjyb

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.pvojpamt.tzzyqjyb

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery defense_evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.pvojpamt.tzzyqjyb

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.pvojpamt.tzzyqjyb

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.pvojpamt.tzzyqjyb

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.pvojpamt.tzzyqjyb

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.pvojpamt.tzzyqjyb

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.pvojpamt.tzzyqjyb

com.pvojpamt.tzzyqjyb
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4216
- su
  2⤵
  PID:4378
- getprop ro.miui.ui.version.code
  2⤵
  PID:4400
- chmod 700 /data/user/0/com.pvojpamt.tzzyqjyb/files/libwirelesscon.so
  2⤵
  PID:4429

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Execution Guardrails

T1627

Geofencing

T1627.001

Credential Access

Discovery

Location Tracking

T1430

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.pvojpamt.tzzyqjyb/databases/privatesms.db

Filesize
16KB

MD5
3621ce0aa81e37bc5c80e2cf881f1dd0

SHA1
00365f82dcada94caea07443656848baf60b3bd9

SHA256
8620d146b06037c9dc98b8788c3137344eb9d7e1f8b982ffec4c1d8549f24dd5

SHA512
76bb7175359d61ce39e95008269752de25769c4e274b4bcf37b920bc2cbfb680b2a4a88de860ed069655d1f47604638b0301c2c6131107cd929348895d73d2bf

Download Submit
/data/data/com.pvojpamt.tzzyqjyb/databases/privatesms.db-journal

Filesize
512B

MD5
2f04be83185d33b017a910c54bbec88f

SHA1
27db6bab5c1147a7614cf88d036d1761838049aa

SHA256
f2f75278981eedade26146bf27b091c73f8f8108d49ca26de87cdb96428d2d40

SHA512
c8c90a75c27cefb8ec32d629405133263e5788e02b6ec0ac1b512bce272470dbb905414b06ea283c0c095ff8113b16f7e1ce63c2ba23e234236f9b28bcbda5c7

Download Submit
/data/data/com.pvojpamt.tzzyqjyb/databases/privatesms.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.pvojpamt.tzzyqjyb/databases/privatesms.db-wal

Filesize
28KB

MD5
43d8bb124da53870bd3085415a64473f

SHA1
5876debcd411d96b8f3843b4c6cbf08ca5ee449b

SHA256
dd57dd7b7a5c9c1dd50bc8e1680a4437e7c8d6a36ed0ae010f929853fcced916

SHA512
772efb89d509d98af1c38690f587ec3974b22982a9140df3ca5e37b0676c81cafdecac927424f845c667cc4d8301ebbbd3f9b3d196645f0b05906a498ec17591

Download Submit
/data/data/com.pvojpamt.tzzyqjyb/files/484347.so

Filesize
145KB

MD5
2404e627acd4e386efd4332a98cdb4de

SHA1
43124645922e635d10cef955c83c4f55deb9fa71

SHA256
01e2a0e261954f96791e57a89a77fdb30959e89553b4026271a87843b03f6078

SHA512
feb84b09a4f70c6164c4045a8a74d263d71dfd1a9c96e7ec0073c57074b4c6697d1e67269f4dff80e6a75c7574faf20dfbf7b9bdad7183ab3e806703250eab46

Download Submit
/data/data/com.pvojpamt.tzzyqjyb/files/dex/cfc3fbb4116cca4e.zip

Filesize
558KB

MD5
d429ea5aad10b8f97cd9f581e84a82a5

SHA1
440b8942d7c2c4515eeda5bb14c0720c7039fdb5

SHA256
edfc3f0df6289e95d7b3678375faf5c2f975ea5d6d2ed0ea12454ad5a601dead

SHA512
c54862b278b9b2f6c106f4b361c19fcf29944ec985176f8ed5dfb227eca632a55ef885a111f8c6661c886bc48b1c9d7d6b75dbb5a5c351db72efa0a5e4d9f081

Download Submit
/data/data/com.pvojpamt.tzzyqjyb/files/dex/pro_btn_bg_animation_img_0.jpg.zip

Filesize
8KB

MD5
7c20a2b01bf3f9df1f0abb72ebbe82be

SHA1
e601b2e41434623edbeece32867517a3cdec5449

SHA256
1a10cc3cd2dc21a9be2d2eb758fd19288082619d331245b927d0a9299462ea2e

SHA512
3faa6efbd3ebf6e1aff7ebe9958c5f94bbfe9c5ff9e11e9092b1b7301bbe6504c01b922d709303147e213b3cadce8e96462220a1d1bf4d6cdaec95b3f84bb1b4

Download Submit
/data/data/com.pvojpamt.tzzyqjyb/files/dex/sZblThEHrHiCKxgEM.zip

Filesize
649KB

MD5
2c9da4a32b17cda87f5e8afc0b13a113

SHA1
3ad2ed70e16e412e7c570949cb4542c2d4da5ec8

SHA256
e0468f3f102dc7afd2b554de95a7e5a85c45dd5b40d383ee631037c045fd943f

SHA512
06b96a800749a228b9042f46228064547d34e1fe4e899a957bfa1365d5807747ba47e06f0169240e522bd35e6c26ceb528a5ec4c304edefd6c98df85abe25f1b

Download Submit
/data/data/com.pvojpamt.tzzyqjyb/files/libwirelesscon.so

Filesize
2.5MB

MD5
233c8ecc2d029a1b2c9d472ef0698665

SHA1
eea58433b865d48b20a29bf13db1029d2eb356cc

SHA256
0cb6ce8b03798a5d3386502403bb3784052f787a9ba525087d7cab3c1011264f

SHA512
e5a29f80936cf54570afdc639d957bf8722f9aa3018207a4f47331d6cb839c24b2b40aae779e1b966b9b6db918c1d6cb44b25b1c2b9cbce670e015daaab1976a

Download Submit
/data/data/com.pvojpamt.tzzyqjyb/files/libwirelesscon.so.zip

Filesize
1.6MB

MD5
27ac9244caeb8d84a2c2cc1c6d585285

SHA1
dd730404beee110099825eb214766cb8eb44c44b

SHA256
a4eecb32331ed7cc1e911f0dcc64e9d13abbbc9dd21138ba0876a59f65841e69

SHA512
4b0c767d58f0c016fe3be357c53061aff076f36e6ec2bc9ff4f74e8d9fa3cc43d7a531c9b3b1111839c32832403eb4c135a24c1e701c56820ae9d289616e1c08

Download Submit
/data/data/com.pvojpamt.tzzyqjyb/logs/Sistema1743713489457.log

Filesize
19KB

MD5
ff2a72765c78ee664be3d9067f11a1ec

SHA1
1a46a6f56ab7e53624b4eb3198bbfe3366943f30

SHA256
4356553eeb49ec5437f8ce4130f0ba2e2ef71bee680a360698209d9fca498081

SHA512
5d03d15be4817d5404e83c66539d57d1f03e563a5d2e3de431c93f23badc8af84e5c468e41d7128079ed8c606ac478b34fc4f3de9d895247c2dd280231cf3c76

Download Submit
/data/user/0/com.pvojpamt.tzzyqjyb/files/dex/cfc3fbb4116cca4e.zip

Filesize
1.3MB

MD5
60c2b33e33d74b323b20a108c4136505

SHA1
0e1fae506bf95464a90b07a39d03d4b6950e20b8

SHA256
76c648e24976acbe366e578b3fdce53eb39a5aac5023efef6eb30fd4024bd321

SHA512
f1e65ea27da93ee62eedf3e5fc77c347a317a1fd29336f139e23eee33b008d38c53d73d6204a2922c125ac61f6f56618490466683ef93533b2f36660cd621bb5

Download Submit
/data/user/0/com.pvojpamt.tzzyqjyb/files/dex/sZblThEHrHiCKxgEM.zip

Filesize
1.7MB

MD5
514f609f49fe51864ca1dd5e6e42f5d8

SHA1
eeb9c90157c2c29a5c45fc010bd07df1d14dda5c

SHA256
45eb1192339645aba5716034ec1689f8e90bec8bf7df520307ff70727364a4b3

SHA512
d80f9f6a3133b85d8682bc4e728b876d3832bec969881eb5512b0b546c6e43d1b6b7348517f2d95e237f3855b7b5c9eb25f3ad54011b64ed8580854be3e235da

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads