Analysis
-
max time kernel
178s -
max time network
186s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
30-06-2024 22:05
Static task
static1
Behavioral task
behavioral1
Sample
95fdf2f2a297b922bba55cca41eca60164fb56c3a26306356a694e62c1471c7e.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
95fdf2f2a297b922bba55cca41eca60164fb56c3a26306356a694e62c1471c7e.apk
Resource
android-33-x64-arm64-20240624-en
General
-
Target
95fdf2f2a297b922bba55cca41eca60164fb56c3a26306356a694e62c1471c7e.apk
-
Size
2.9MB
-
MD5
e949e68849b9c4f69b982ebffa5cc1aa
-
SHA1
7181d9fca9a512a05a453ae8f16cff5fdfb8a495
-
SHA256
95fdf2f2a297b922bba55cca41eca60164fb56c3a26306356a694e62c1471c7e
-
SHA512
a39e8f1f1d634e93300d5e27497b05632f6a34ee92991af5a50bfcc47ecc653c700807dc9a93a6679c3bbe0b8ead4496ead6dd524b92084771e2ea7a6aaecbf0
-
SSDEEP
49152:HTgyJ3NLOZvZGaJkSvmRQtrXT6SRey9PGRoZe3Ed7h7dTt9we:zZPLchGMA+XmSxYUn7dTtie
Malware Config
Signatures
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
com.indusind.mobiledescription ioc process Framework service call android.app.IActivityManager.setServiceForeground com.indusind.mobile -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.indusind.mobiledescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.indusind.mobile -
Checks the presence of a debugger
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.indusind.mobiledescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.indusind.mobile -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.indusind.mobiledescription ioc process Framework API call javax.crypto.Cipher.doFinal com.indusind.mobile -
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.indusind.mobile1⤵
- Makes use of the framework's foreground persistence service
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.indusind.mobile/files/profileInstalledFilesize
24B
MD5acb60999e236d0086ea8454931d3bf18
SHA19eacb5d6690c52998af2b24b679a98f41c2a5eda
SHA256c9f50901410c5e7631699ea5f563ec4f5b7652a2b2b1731c9aee4e3cc34190c4
SHA51271c72d1ab8e1100d6bf14b847393aa2f0a4f3d149cb1705b2627e5bdf986b76e49547afe79e601101764decdbcaa20110c03013da3cbc1418b4cbe583c71f126
-
/data/data/com.indusind.mobile/Û¦Û–Û«/Û¦Û–Û«/Û¦Û–Û«/Û¦Û–Û«/Û¦Û–Û«/Û¦Û–Û«/Û¦Û–Û«/Û¦Û–Û«/Û¦Û–Û«/Û¦Û–Û«Filesize
925KB
MD58fcdc23ab7b6b788c00ea41bf354421e
SHA13658c4ffd3404ed69107dac702041decdccab3cf
SHA25627cacab716fb9a4ae09b554a351e67dd1df9ea7328d5e6a05b5c9bd10650e888
SHA5120960216f11b7ba5b1aeed0ccd3f1180265c08a527ea9ab24aa4b26ac804b539b0608d7794fb05d276c956d76c71df7f2f492c3e46ddaf9bae184f167ae1d94fc
-
/data/data/com.indusind.mobile/Û¦Û–Û«/Û¦Û–Û«/Û¦Û–Û«/Û¦Û–Û«/Û¦Û–Û«/Û¦Û–Û«/Û¦Û–Û«/Û¦Û–Û«/Û¦Û–Û«/Û¦Û–Û«.Filesize
8B
MD50801ec1d396cd386726cb13fee607a35
SHA1bd87b741101272cd9a11e7b2cf4d1dd4792e9356
SHA256352773f612183cc7984f3b27fc570591c21b3c4d3df8037626c2810216177272
SHA51290e2a10ad46b6a82fd7d486d03b564f9c5697b7b0cbbebb54defb04a31d2f57d3047c9a86c9d9f48813a21f205989fbd5a684cf9a2b9857c53ddb00df9e62592