2da1a98a2881004f4a103f59ee2de75f2e4bc700f1bf8e80a2823572533cbb85

Analysis

max time kernel
4s
max time network
159s
platform
android_x64
resource
android-x64-20231215-en
resource tags

androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
submitted
10-02-2024 22:02

Target

2da1a98a2881004f4a103f59ee2de75f2e4bc700f1bf8e80a2823572533cbb85.apk
Size

864KB
MD5

17a78d95223627cc48e62ce98edfedb4
SHA1

581d81d3f749b00ce69f2c52c4713f92de5dd70c
SHA256

2da1a98a2881004f4a103f59ee2de75f2e4bc700f1bf8e80a2823572533cbb85
SHA512

edcdbf9119658ba25e22423d91b2d243b661eb93bc75ed7eaf493748acf87a94051c0b6dcca658c1cb6d3aee446a18f25685a512b65428729e4d47a8b0357465
SSDEEP

24576:eVHJ6sbLz/eMBnkmswjMal5WmD9idNpd9:uJ6sz3p/Tj5Wk0d/d9

Score

8^/10

banker

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs
banker

Processes:

ru.bonepolk.clumsy

description ioc process

Framework service call android.content.pm.IPackageManager.getInstalledApplications ru.bonepolk.clumsy
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service
T1102

Processes:

flow ioc

44 4.tcp.eu.ngrok.io
107 4.tcp.eu.ngrok.io
123 4.tcp.eu.ngrok.io

description	ioc	process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	ru.bonepolk.clumsy

ru.bonepolk.clumsy
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
PID:4980

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance