96bcdbd48d148de60c7227e5b2fd65f04badffd238af3ccfb7c9080e44e1b412

Analysis

max time kernel
625s
max time network
589s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
30-06-2024 13:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

client.apk
Size

873KB
MD5

c8aef2a9ad8668f2d7d58321e8722dbd
SHA1

2bf9a50225e31cf5bacf861758fcadf18b19ca47
SHA256

96bcdbd48d148de60c7227e5b2fd65f04badffd238af3ccfb7c9080e44e1b412
SHA512

c297cd0d40e59ca1d6d0b69a4d45ae505fb6b0948c4f4265dfd638e84610bbce93aa43f2bc4381b19042196f95cf517311c9d95750d6ee21accaf29b03d2017a
SSDEEP

24576:SvsGTa1a6eFxV5Ca9hmEerpvBv5WmD9idNpz:Ua1ad9TTmJWk0d/z

Score

8^/10

banker discovery evasion impact persistence privilege_escalation stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

cmf0.c3b5bm90zq.patch

pid process

4258 cmf0.c3b5bm90zq.patch
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

T1541

Processes:

cmf0.c3b5bm90zq.patch

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground cmf0.c3b5bm90zq.patch
Requests enabling of the accessibility settings. 1 IoCs

Processes:

cmf0.c3b5bm90zq.patch

description ioc process

Intent action android.settings.ACCESSIBILITY_SETTINGS cmf0.c3b5bm90zq.patch
Tries to add a device administrator. 2 TTPs 1 IoCs
privilege_escalation impact

T1626.001

T1640

Processes:

cmf0.c3b5bm90zq.patch

description ioc process

Intent action android.app.action.ADD_DEVICE_ADMIN cmf0.c3b5bm90zq.patch
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

cmf0.c3b5bm90zq.patch

description ioc process

Framework service call android.app.IActivityManager.registerReceiver cmf0.c3b5bm90zq.patch

pid	process
4258	cmf0.c3b5bm90zq.patch

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	cmf0.c3b5bm90zq.patch

description	ioc	process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	cmf0.c3b5bm90zq.patch

description	ioc	process
Intent action	android.app.action.ADD_DEVICE_ADMIN	cmf0.c3b5bm90zq.patch

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	cmf0.c3b5bm90zq.patch

cmf0.c3b5bm90zq.patch
1⤵
- Removes its main activity from the application launcher
- Makes use of the framework's foreground persistence service
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4258

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/robloxinformation.android.app/config30-06-2024.log
Filesize
52B

MD5
abd48b3404d293f4052e9546fc1909b2

SHA1
dd78fc3de7a6fa550c01033d66c34cf1cf1f9af7

SHA256
55363ab009fc05d0da07b45c4b8bbcf1a3b556336bb6edf5f4be5b7a16c3a67e

SHA512
1a53c3d14a065a130dd9d6bd1da9409fd464b93d2271911cc9893fd655b87b94df0abab3ac08c13224d284f24b7fb43e937bc6158ebe390d164199cb9c2cad5b

Download Submit
/storage/emulated/0/robloxinformation.android.app/config30-06-2024.log
Filesize
60B

MD5
0de338c6c461d25bc2feffc7f6a9dd7c

SHA1
0b1e175161b9bda8d39551f904d5fc9fb469b0e3

SHA256
7af8e6e84e8c76d48ab37a9dd8a5da3292546d1ee665dfc3adc2e93b7e9e9aaf

SHA512
19bf7dcf98018abb51eb4fa3251b60d50c5728841c47c91f1804bf0559455d481dcb65609df98fd2c935fe3e42ada63915311c65a8c36ac02d1c499c4ee0e43d

Download Submit
/storage/emulated/0/robloxinformation.android.app/config30-06-2024.log
Filesize
61B

MD5
48ffda150dacf5e2750b689985d1f60a

SHA1
5f521a400ff3953741ee2191c925a3ffa378d7b3

SHA256
e69d3dd96e33b8c318d93302b1a520d9832bae589946cad63a52949d8d359581

SHA512
9ecd024d192e173a570fc5b49417eb28e91f2ab62426626ba9e48722646c5bdce920a032188f5eb92c8db44bcf18e1f602a34c6d056d74bed5fcc0c9775028fb

Download Submit
/storage/emulated/0/robloxinformation.android.app/config30-06-2024.log
Filesize
63B

MD5
6a31ecd21cfe1dff09cd242889446f42

SHA1
e7f439490cc8f109dba6d4cbb9e5d868048d7313

SHA256
257d16d3dfa44d4dbb2561953a89aa7966d33ce87254dcc11b05932c49500385

SHA512
f3d161a13596a89e90769f788aaed608b38f37b3ad34a3e87137db8a2f47b87687fe4a1c196578a4ffd44d314ec21bf429c1c513dbd06f25ec7606da0cd94fe4

Download Submit
/storage/emulated/0/robloxinformation.android.app/config30-06-2024.log
Filesize
223B

MD5
10622ed285aef84f8111c22576ed1fd0

SHA1
5dc146cac46abbfa9b9cbc7ede5e0b8bfd4613a3

SHA256
cbcd0d4eb001e4fc4140a329a99dfe7bf4990f14e91fff3e28923093654610ad

SHA512
7978f677ba7064a6ff9a51d3d0540020265592abeafae028f196dcf20ea624f07cbf8f18bcf1b5fb9360ba9abb19ba657847f9ab269da767f5c4c4cba55d1af8

Download Submit
/storage/emulated/0/robloxinformation.android.app/config30-06-2024.log
Filesize
538B

MD5
0d5e3906268926cbcc9dbdca6946f007

SHA1
df961b7bab46b2b32333e350849765250cebaf7a

SHA256
ca32718d1134f48965723c9012f2124e71f6bf191d8d326c27036282b7db68eb

SHA512
3a610933a4624f2a5919a81eed2b99b07ce938435064bb04fd2b7fb92b058c515f1de2986a6a92338e78310b0be527f7acf43d63bf5b5051fa13da98c677c9af

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads