385ef5b795ce8be6cf35d490f72bed9b4cf570f1cbc67ef9593972c1f6940172 | Triage

Analysis

max time kernel
7s
max time network
187s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
02-07-2024 06:26

Sharing

Report Analysis Logs

General

Target

google.apk
Size

10KB
MD5

d43af9373c9a44bf2c06d8bd709ef3bf
SHA1

467e131574f71844c85b9cf1fa815c28a267544e
SHA256

385ef5b795ce8be6cf35d490f72bed9b4cf570f1cbc67ef9593972c1f6940172
SHA512

fb5a80907cdfaf48c46c3bcaf17c21c649a7bd94775066ad23238727a8fe357159642d225a4985b0134b9f3d4f36a79a30a0c2a0ad4c17657592aad58ae12587
SSDEEP

192:uLt7+5NY+c2VVelrhLVbSm6nAj4zVYUT6tVUSGH0:uLtn+csV+hL9SmSNzV1GLUSGH0

Score

6^/10

Malware Config

Signatures

Acquires the wake lock 1 IoCs

Processes:

com.metasploit.stage

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.metasploit.stage
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service
T1102

Processes:

flow ioc

4 5.tcp.eu.ngrok.io
21 5.tcp.eu.ngrok.io
30 5.tcp.eu.ngrok.io

com.metasploit.stage
1⤵
- Acquires the wake lock
PID:5066

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...