11a13eaa935d225ae0192481e71c1d5c8594cf4a21e65ff2ca48202eb0eadbb3

Analysis

max time kernel
155s
max time network
163s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
01/05/2024, 22:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

11a13eaa935d225ae0192481e71c1d5c8594cf4a21e65ff2ca48202eb0eadbb3.apk
Size

4.3MB
MD5

32bd4b5e8069a08e99436b3aeff93f00
SHA1

64d54aa959938e19754c3a72e70e52f0f856e19e
SHA256

11a13eaa935d225ae0192481e71c1d5c8594cf4a21e65ff2ca48202eb0eadbb3
SHA512

cfa5987b76eed6dcd7106b9d99983623092e72e60d045c99880733efc8693dfec5e9d13212025dfc7d15f44fbfb6c31066f411eb5bedc0823d005a8c653d868f
SSDEEP

98304:Q3jol75GJv/GfncYwEGW8DzA7aslBdKqht1CdR5A29GYd9:QMl9GJHEUE0zk3BdKEtIP5A2hr

Score

7^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	hello.uwer.hello.hello.google.is.the.best

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	hello.uwer.hello.hello.google.is.the.best

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	hello.uwer.hello.hello.google.is.the.best

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	hello.uwer.hello.hello.google.is.the.best

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	hello.uwer.hello.hello.google.is.the.best

Checks the presence of a debugger
evasion

hello.uwer.hello.hello.google.is.the.best
1⤵
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5092