Overview

overview

10

Static

static

10

client.apk

android-9-x86

8

client.apk

android-10-x64

7

client.apk

android-11-x64

7

Analysis

  • max time kernel
    628s
  • max time network
    614s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    30-06-2024 14:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    client.apk

  • Size

    24.2MB

  • MD5

    2f9fc4d1f25cfe6c617f2e7c16ef2f21

  • SHA1

    7981b0b171434ad041811c26e33f89558508481c

  • SHA256

    2793ed12bc287eced62485f9d9ed08355177948b2662b9a9214dd194e22f0427

  • SHA512

    b312a5dc42c7f5b7c3c48c12f9df73c642dba1325a6fb95ac503a317f35649bddb668af7116b3e88d3140d6c5fa9b7c2ea5100bbc6633f0f0b22306a9fe9586f

  • SSDEEP

    393216:D9tGFggbUaOiIYdk08iCKyBBeu2Wvgwv71V0IBKKPZ9BaxG:D9hgYaOR0kMQBBr2AR71eIBKWZaxG

Score
8/10
bankerdiscoveryevasionimpactpersistenceprivilege_escalationstealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Requests enabling of the accessibility settings. 1 IoCs
  • Tries to add a device administrator. 2 TTPs 1 IoCs
    privilege_escalationimpact
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence

Processes

  • cmf0.c3b5bm90zq.patch
    1⤵
    • Removes its main activity from the application launcher
    • Makes use of the framework's foreground persistence service
    • Requests enabling of the accessibility settings.
    • Tries to add a device administrator.
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/robloxinformation.android.app/config30-06-2024.log
    Filesize

    420B

    MD5

    8a95c2d67f268f1ad1bd8fd99a77d07f

    SHA1

    fc038acde6affaf40b2b96f1c9a4f1f10f4bef56

    SHA256

    8824ea230e5c131fcbd69e15906a298a6d0913a9fddb6d11d8990b3bb5237a6e

    SHA512

    be709c6c5b20904fc66cdb8da8b4fdb0d89d3e4a63567b34db5b864ec91a2c5567a393c48df47f25e369917fee4364f36f0b1daae9ec90eb132a689783dfc12e

    Download Submit
  • /storage/emulated/0/robloxinformation.android.app/config30-06-2024.log
    Filesize

    85B

    MD5

    ba82d4c1bcb34682d94eba6e10218adc

    SHA1

    36dde4d776ff0522aecaff41299054b375d14cd5

    SHA256

    e0b62a1c03fa99a2efef1f6f41994840bc131312208f9b5d54f9f882f955f36e

    SHA512

    618dfcd26a3b567f9497609422d5db9693dc2456423cf86fbfdae39d049d1a18ba74bd0704f94e124ec23d0267bd025b819f4fdffd3e0f09bfa10b0408248e2d

    Download Submit
  • /storage/emulated/0/robloxinformation.android.app/config30-06-2024.log
    Filesize

    76B

    MD5

    1149863e24b439cf78f8cac0e5d7085f

    SHA1

    c881f223629d5112b35ce3b05b926b800959e2c6

    SHA256

    fec4c01de23cc178d86e0f7ee4f1c125c0d1f565a39f2f28c6113d751d8819ac

    SHA512

    c67ba0220ad98c57a521ca2df4087340589a2476b4f4a958e355e8cd2aaa6a9ecfdec5edfd2b557c7d829aa5e3a59e308dbc1d4d36e417a450da5e02406d0057

    Download Submit
  • /storage/emulated/0/robloxinformation.android.app/config30-06-2024.log
    Filesize

    460B

    MD5

    52cef7e901e9c33500d08dc9500e4ee8

    SHA1

    23919e974a6e9eb2d71148a0e60759c4895f4273

    SHA256

    b42f397bc176e6bb2d57ef1ce5e355ef4cdde2937c19e5595fe1ce8bf17a1d3e

    SHA512

    e2840b8384e7ff42c057f8ca0763b3f0b50d47ace2291c9449db1158de31dc92f12bcdb8f424a2eb308157a9d630deb57a0fcf21c6bac2476c5510b9ee82284e

    Download Submit