Analysis
-
max time kernel
118s -
max time network
124s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
01-07-2024 02:19
Static task
static1
Behavioral task
behavioral1
Sample
Phone Hacker Simulator_1.22_APKPure.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral2
Sample
Phone Hacker Simulator_1.22_APKPure.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral3
Sample
Phone Hacker Simulator_1.22_APKPure.apk
Resource
android-33-x64-arm64-20240624-en
Behavioral task
behavioral4
Sample
Phone Hacker Simulator_1.22_APKPure.apk
Resource
android-x86-arm-20240624-en
General
-
Target
Phone Hacker Simulator_1.22_APKPure.apk
-
Size
627KB
-
MD5
3a26592e6fb4e8feaec51680afeacf87
-
SHA1
5ddb18bc7d9965d1beab58a235d3f7b70f53c1dd
-
SHA256
a14e1351c22dcba6ea75692000f79f759c85f35d1b345ce591eba08aba3aff39
-
SHA512
e46ba26e725e4d63b2a2556c1d50ab17eab99b3745865c41b865712e60804798d14ed73f39e0f6d5731880890884ae8f972772b09181beeab983d0735d9cbb98
-
SSDEEP
12288:skxnmdLCXaGZvYB93Rshs4eIEOHGb8s7MlgMSCn77+m5J2UjTl1ltbFts2A:sFGpwBBwEhbh42m+G2UjTlt6
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.redkitty.phone.hacker.bluetooth.freedescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.redkitty.phone.hacker.bluetooth.free -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
Processes:
com.redkitty.phone.hacker.bluetooth.freedescription ioc process Framework service call android.net.wifi.IWifiManager.getScanResults com.redkitty.phone.hacker.bluetooth.free -
Requests cell location 1 TTPs 2 IoCs
Uses Android APIs to to get current cell information.
Processes:
com.redkitty.phone.hacker.bluetooth.freedescription ioc process Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo com.redkitty.phone.hacker.bluetooth.free Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.redkitty.phone.hacker.bluetooth.free -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.redkitty.phone.hacker.bluetooth.freedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.redkitty.phone.hacker.bluetooth.free -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.redkitty.phone.hacker.bluetooth.freedescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.redkitty.phone.hacker.bluetooth.free -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.redkitty.phone.hacker.bluetooth.freedescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.redkitty.phone.hacker.bluetooth.free -
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.redkitty.phone.hacker.bluetooth.free1⤵
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.redkitty.phone.hacker.bluetooth.free/files/shared_prefs_sdk_ad_prefsFilesize
181B
MD55f1a61cd768d1d0d2ba1f41af39ed1d6
SHA1e9efaab032c07d485ba10b77448eb05eafb5a8ce
SHA256323711ea097e99a032b55fd7c52e319f64c28762778f63760046ba3f368bc082
SHA5122a89c90459c010d2e0a943bc5fd085d0472d9c167e827dc7d25843b66a88e284330827767c4978a96ac3c763fa18242bb225590973fe0ca2fd321d28b04e4d12