Analysis
-
max time kernel
628s -
max time network
614s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
30-06-2024 14:57
Behavioral task
behavioral1
Sample
client.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
client.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
client.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
client.apk
-
Size
24.2MB
-
MD5
2f9fc4d1f25cfe6c617f2e7c16ef2f21
-
SHA1
7981b0b171434ad041811c26e33f89558508481c
-
SHA256
2793ed12bc287eced62485f9d9ed08355177948b2662b9a9214dd194e22f0427
-
SHA512
b312a5dc42c7f5b7c3c48c12f9df73c642dba1325a6fb95ac503a317f35649bddb668af7116b3e88d3140d6c5fa9b7c2ea5100bbc6633f0f0b22306a9fe9586f
-
SSDEEP
393216:D9tGFggbUaOiIYdk08iCKyBBeu2Wvgwv71V0IBKKPZ9BaxG:D9hgYaOR0kMQBBr2AR71eIBKWZaxG
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
cmf0.c3b5bm90zq.patchdescription ioc process Framework service call android.app.IActivityManager.setServiceForeground cmf0.c3b5bm90zq.patch -
Requests enabling of the accessibility settings. 1 IoCs
Processes:
cmf0.c3b5bm90zq.patchdescription ioc process Intent action android.settings.ACCESSIBILITY_SETTINGS cmf0.c3b5bm90zq.patch -
Tries to add a device administrator. 2 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
cmf0.c3b5bm90zq.patchdescription ioc process Framework service call android.app.IActivityManager.registerReceiver cmf0.c3b5bm90zq.patch
Processes
-
cmf0.c3b5bm90zq.patch1⤵
- Removes its main activity from the application launcher
- Makes use of the framework's foreground persistence service
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
- Registers a broadcast receiver at runtime (usually for listening for system events)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/storage/emulated/0/robloxinformation.android.app/config30-06-2024.logFilesize
420B
MD58a95c2d67f268f1ad1bd8fd99a77d07f
SHA1fc038acde6affaf40b2b96f1c9a4f1f10f4bef56
SHA2568824ea230e5c131fcbd69e15906a298a6d0913a9fddb6d11d8990b3bb5237a6e
SHA512be709c6c5b20904fc66cdb8da8b4fdb0d89d3e4a63567b34db5b864ec91a2c5567a393c48df47f25e369917fee4364f36f0b1daae9ec90eb132a689783dfc12e
-
/storage/emulated/0/robloxinformation.android.app/config30-06-2024.logFilesize
85B
MD5ba82d4c1bcb34682d94eba6e10218adc
SHA136dde4d776ff0522aecaff41299054b375d14cd5
SHA256e0b62a1c03fa99a2efef1f6f41994840bc131312208f9b5d54f9f882f955f36e
SHA512618dfcd26a3b567f9497609422d5db9693dc2456423cf86fbfdae39d049d1a18ba74bd0704f94e124ec23d0267bd025b819f4fdffd3e0f09bfa10b0408248e2d
-
/storage/emulated/0/robloxinformation.android.app/config30-06-2024.logFilesize
76B
MD51149863e24b439cf78f8cac0e5d7085f
SHA1c881f223629d5112b35ce3b05b926b800959e2c6
SHA256fec4c01de23cc178d86e0f7ee4f1c125c0d1f565a39f2f28c6113d751d8819ac
SHA512c67ba0220ad98c57a521ca2df4087340589a2476b4f4a958e355e8cd2aaa6a9ecfdec5edfd2b557c7d829aa5e3a59e308dbc1d4d36e417a450da5e02406d0057
-
/storage/emulated/0/robloxinformation.android.app/config30-06-2024.logFilesize
460B
MD552cef7e901e9c33500d08dc9500e4ee8
SHA123919e974a6e9eb2d71148a0e60759c4895f4273
SHA256b42f397bc176e6bb2d57ef1ce5e355ef4cdde2937c19e5595fe1ce8bf17a1d3e
SHA512e2840b8384e7ff42c057f8ca0763b3f0b50d47ace2291c9449db1158de31dc92f12bcdb8f424a2eb308157a9d630deb57a0fcf21c6bac2476c5510b9ee82284e