19162b063503105fdc1899f8f653b42d1ff4fcfcdf261f04467fad5f563c0270

Analysis

max time kernel
41s
max time network
628s
platform
android_x64
resource
android-33-x64-arm64-20240508.1-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240508.1-enlocale:en-usos:android-13-x64system
submitted
09/05/2024, 01:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

19162b063503105fdc1899f8f653b42d1ff4fcfcdf261f04467fad5f563c0270.apk
Size

6.9MB
MD5

e537a5ed354b5cbcce3052901326629b
SHA1

c986313beb6bbc0e2b27988872a71308c467790e
SHA256

19162b063503105fdc1899f8f653b42d1ff4fcfcdf261f04467fad5f563c0270
SHA512

328f262200d32b867eb77f15b2d95e64cfc23965df5c5a3d2563f1740109a1a4070bd86b09ade828857fb275bfbffbeb46c2ccf7311022e40fc80331272e8c69
SSDEEP

196608:7mg3KEjBoJmZUUkUAMe5rKFSpntTM8t4BdL/5sW5m/slKDsD4Kv:OEqJ+UUYMe5rK0C8KD7r4Kv

Score

7^/10

collection credential_access discovery evasion impact

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	lmh.android.gjbus

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	lmh.android.gjbus

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	lmh.android.gjbus

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	lmh.android.gjbus

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	lmh.android.gjbus

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
335	raw.githubusercontent.com

lmh.android.gjbus
1⤵
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Checks if the internet connection is available
PID:4223

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/lmh.android.gjbus/cache/Adlib-data/dlg/5c4427d684aea14831aaed57/i1

Filesize
91KB

MD5
0b6ecf17e30037994d3ffee51b525914

SHA1
d09d3a99ed25d0f1fbe6856de9e14ffd33557256

SHA256
f554d2f09272c6f71447ebfe4532d3b1dd1959bce669f9a5ccc99e64ef511729

SHA512
468c0f964014d76ec5966f5589b2ccc0a7b5f3e8a785134897dfa282a3e6824ce9a75584c9404b77a6962fef99547356aabe8aa71a6499e2568b9de792d90579

Download Submit
/data/user/0/lmh.android.gjbus/cache/Adlib-data/dlg/5c4427d684aea14831aaed57/i2

Filesize
33KB

MD5
e9574eeca10249ce4bd929d72176aca0

SHA1
069a525a95245ce1b5fdb5d2beee3a2b0c241dda

SHA256
f10272c9d437a0559254d1351de36c30c5eba4e4c40e45af6de37a104ae08fb5

SHA512
888fb5c57e3b75e4d10cc741d3d4d207c56dd5036289afe19c5e15db91d3e49c54d84ccbab793e68de992dc3afee80e94e0d2d0080b7e9c8cd87dbca924ca8d8

Download Submit
/data/user/0/lmh.android.gjbus/cache/Adlib-data/dlg/5c4427d684aea14831aaed57/i3

Filesize
1KB

MD5
6d5e0d104b619bd83934601d65d555b5

SHA1
8726bcd6e1986c06eb0619c20831018f15a9a02e

SHA256
e73ec665894cc7f196b9d263359a6166a1ffaca51b8f9ba4c2bb1f28c4edfb1c

SHA512
a688f8aa8a3222000e7dac2444e1744120df3b92a17774e21313f9283f31b2b7e92251d368c07b29dd49a6c095a2821b3e82e812631d8922b8ea51593e774142

Download Submit
/data/user/0/lmh.android.gjbus/cache/Adlib-data/dlg/5c4427d684aea14831aaed57/m.html

Filesize
4KB

MD5
c116f14ddff865431f95c28217d3de89

SHA1
d251a9a7d9bb04be93e344ec7d70406142a36d01

SHA256
5767a35407c4f550c51568b6d97be4b00591cd7f56220d871998170af5913357

SHA512
365c8376583dd69c00997c8b6f07d6cc623e4130ffc8fd7a73bb88e539bfcee2982a1b84a5e0fb6fb2b45df3078d197ac80d9aea1de4959ab0a1221fb2f572d1

Download Submit
/data/user/0/lmh.android.gjbus/cache/Adlib-data/dlg/5c4427d684aea14831aaed57/ok

Filesize
4KB

MD5
5ecd9fb8b9aeb3b2f26eb970836ef901

SHA1
6f30960f0d0859ac822c4bfdf4b38516fd8d9915

SHA256
8b656d8f89965759aac0fe795fb9a7286265097c55da30150ccff5dd9ed953c9

SHA512
494bb08d77eccfa2efd63f4792f78afe484f5bc73b860c2dc1d863e060777381092a32634ac58e13f6236440d0bd4ce6ff5c2ef61b9dce13417de7ae7994704a

Download Submit
/data/user/0/lmh.android.gjbus/databases/customer_info.sqlite

Filesize
4KB

MD5
bb48455d8cc25065a4287add038ec68f

SHA1
a3dd2c6c5a2fe2e2587ebc2582b3eb912fe49888

SHA256
7d266f7654c44c5ebebd6b9871c4d39f344cc16d8588cdcd6540f2ec78b5f383

SHA512
3079acbab78616abaf85665b9955e9bee4afc63c2fe6a9d4cc3bd0c5001f9ca47b0192feb32291c79fb271b7ea304860e7c6b6f5227e65af5eab2ae314fa5dd4

Download Submit
/data/user/0/lmh.android.gjbus/databases/customer_info.sqlite

Filesize
2KB

MD5
c161fc96546150e32374e94bcf6ff54b

SHA1
2e491d527e58c92640bc44d7c0ff179c44db7aa6

SHA256
fb63a56579929251d8b9b3174d4784b2cdf568d327735533d5d6758650580a17

SHA512
bddc20b70da8bf0ab71620dfbead3d0284b559a28a377469d4c6912c6755de8605f4d7fba5d96b26eb16ecf2525a3013284c606e389cf1e5332aa6a62fcd9583

Download Submit
/data/user/0/lmh.android.gjbus/databases/customer_info.sqlite-journal

Filesize
2KB

MD5
9626a3acebf16cbc6e37b526c84ce24a

SHA1
38bd71eea65d7cb05807f12628e11c2135c6aaf0

SHA256
1b3b8a923775f953e7cb8f7ad8d276ea4495323851c2621f9e866e459ff24a5c

SHA512
313db115093f28731b0f1b27e01cfbf93019ef65572b0ee1f0400b7cd2e71f394e8f15b3f4d34e35519ef30a44e33469b0db3298c5ca0a53f7a28fff7563c03f

Download Submit
/data/user/0/lmh.android.gjbus/databases/customer_info.sqlite-journal

Filesize
2KB

MD5
f999d0ff6dd672a22f54399fb69b1db4

SHA1
a08f645233b4df189092ee26f5050132ce2a97ea

SHA256
fcb2a3ea1cda4970cf8aa1d71a0bdf47ed298197cc89fa82098f69342f69fcb0

SHA512
7ff5e07d9e1d788c49bfa0b7b73f976e00e1274590de3830693647a99276dae9a9326d1b15c622595cebb0399b63e47f57f47f82a47da78ed69af24aa378083f

Download Submit
/data/user/0/lmh.android.gjbus/databases/customer_info.sqlite-journal

Filesize
1KB

MD5
363a54cf9a164b7cd955e3507ccb556c

SHA1
98ac76ec5111953e38e9e10c824f1e70a42161a0

SHA256
898e25e8215774b41b64ea98a3b3cf2ddd52fcc3d21aa1daef027f4df7149799

SHA512
368441c577e93146a0b0900d313bd885c07bfac733b4cadc538442ec0ee320a8b4b1522ef0f189aae6c17775c52a6dfc91ef2daf51118ed3cdffe337ffaf8fc9

Download Submit
/data/user/0/lmh.android.gjbus/databases/gjbus.sqlite

Filesize
12KB

MD5
edb655088d1ed9f33f9d0d499b7a3ef5

SHA1
565c4f4e43179dbfc285cd6331dc8ac75a901af8

SHA256
bb9e45aad35b43e895393e7a66e4ead6a5f728f90b7627e3c741d391bf65d4f9

SHA512
98cbf923880de82921c38973fbc6d711dc39884428d1eb4ead33658a5a7f163734e5121823d5b043ca44554d19c5b6f966674ac7291513944a94cec97d5be599

Download Submit
/data/user/0/lmh.android.gjbus/databases/gjbus.sqlite-journal

Filesize
512B

MD5
84f7dee6018e53cafcf5717a9a6cc25e

SHA1
fa9db1c4a6bf9c97673a62d45dac2708623f9450

SHA256
29d83a30fb09a88ca114029f0cb9089a0cfb06161fe9c830f2e769dc1e4bd9f6

SHA512
78993900dfb798ca5297ef07d5be491729eea9146613c1194dace98b6fbf54d37cabd1f5d45f674c7445697e39a590d6913601c2fcd304fe9904f47410b9a69f

Download Submit
/data/user/0/lmh.android.gjbus/databases/gjbus.sqlite-journal

Filesize
8KB

MD5
79aaebb9c45e84e3807a698dfda1b168

SHA1
3256f709dbf08ba318701164401604c234ece0f5

SHA256
977c4c9419a22b9ffed0d06cf8020b3ac09370b34db91225ae35efc595876469

SHA512
3d4b483c4ee452fdf20b9e5c94f19d0d606946f96320b4061670a0fbf9d401f5d3a6e480fc39cb3b325eec91724af00387b15d8b2bf840fed2eb7165d12046c4

Download Submit
/data/user/0/lmh.android.gjbus/databases/google_analytics_v4.db

Filesize
28KB

MD5
a1c9828d8d146e6dca71e224f79fbde4

SHA1
a278c3dd31e8809d1aedc35a863fb5711ed66ec9

SHA256
03c6262dba6c74209b0759d2317b402d00709aee7decacfe0a3fceb1baf1a71e

SHA512
d46499abe656a327bbae19f8106cbea076b8c7398c0381d9c25aa7687a494109b0ddeaa463ad79d91f7377eb76db52caa2861ddac850f8a3c3fe1f132596e259

Download Submit
/data/user/0/lmh.android.gjbus/databases/google_analytics_v4.db-journal

Filesize
8KB

MD5
e7bed8a53c21eee8bffc23567c26f8c9

SHA1
06e55c2c47840a0b7eb1c6abc2f7a76b7c4b70a6

SHA256
4edbcc8d7b4b1c73ab54ae52a3f6dfc8b17e6f4f96f170bd7d887a5647a032fa

SHA512
5421d74b31cad97f2ae4491593f58e553462912415ec80fd6b73cb0783ea7abeeae07b5fd6f5c18f9e83be619ff40a8f23cd332349e05d6cbe23e6b97cf310c4

Download Submit
/data/user/0/lmh.android.gjbus/databases/google_analytics_v4.db-journal

Filesize
4KB

MD5
e351fc7155447aaa11159ad32d46451a

SHA1
9a6768b587731213bbdee549b5e7558f208dc301

SHA256
fbbea6b0c5bd302abbc5480f7ca841f882434b89becf42135bc86eeac8ea146b

SHA512
f6b3b5e9786e33f755c2dbb6461175e6272c3d105684f4ea24244be997860706d46435768e279c4717bc40047d3e24321c861fe6116c89dc699318e701dd0ab6

Download Submit
/data/user/0/lmh.android.gjbus/databases/google_analytics_v4.db-journal

Filesize
8KB

MD5
1f619246668c85f21b98b9484410b91a

SHA1
c53b059c7ec3d52d5e804f467b8a359e67721d36

SHA256
d92f1231b416b7ddb82a39bf30b7ee9b1668e9b0c74648c19c8f758fa6be2d4e

SHA512
8fc5af88272df6ea35838713c182566685883e5ada9d4979b7bdbf92f7a4383f655d3c0c3c44b974a0fd56305b2e801e67cacc8a0f884b5fd57ad13e460e9f28

Download Submit
/data/user/0/lmh.android.gjbus/databases/google_analytics_v4.db-journal

Filesize
8KB

MD5
2266955edffe95d22e78071a8d64b453

SHA1
44c935f7a62922b838964d5f92a11b70778fafa6

SHA256
da345efd2ee38ec7c6dc3be58d3aeb8f20c9f3cbc98239ee044e2d53b06efa9e

SHA512
003f32caa5bf182619320c427e9c68f44aeb2addd00bd293542995b5193ed83bf07f6e19d1385cb3ecf5d6ad6b42f8815c005ce2ca5d50a516e8e5d1fa606ceb

Download Submit
/data/user/0/lmh.android.gjbus/databases/google_analytics_v4.db-journal

Filesize
12KB

MD5
4b51bf89e897b5098e55bf3cf7e4ca3d

SHA1
4e84258cc3e28b970b237bdfb921c59b947a6163

SHA256
e421365cc52641553b0269caccc3266257327032d66f770950af8ef0a5e34cf7

SHA512
10ea2a9f670dc72534bed21527553b76cd464cfc74580030d0c81877b9681dfe2b87db54d64fe90036ef0abfdf58e9a7ffb37736ddef85a85aa8dbe7765011b7

Download Submit
/data/user/0/lmh.android.gjbus/databases/google_analytics_v4.db-journal

Filesize
512B

MD5
17ee50b1a97d083c85f839e968db4a15

SHA1
ac714b7786b536f2a322001baaa5f7b97184dacd

SHA256
6542a79d198d1c7905085291949971043d4cc67cac4f337310553a90ea28940b

SHA512
ef4c278b34918569b347f2269bd9ffad0e4f6b7d357da742368b98f21099d4f362718b15901736bddff6286af0eb3b1cc40a36f04218b9ae30416648f3af17e3

Download Submit
/data/user/0/lmh.android.gjbus/files/com.adlibr/common/uuid.dat

Filesize
32B

MD5
c7c3851bc3922aee4df7461db1302dfd

SHA1
a66d669736a6fccb8b1d903864ed2ee09d3dbf24

SHA256
2ab6fcb091d7dcbe9b95b6df04658d909cebc66e146ec62ee41d1a47e6b6f8ff

SHA512
1a2698ce0152d945ef38d736845e18bac7349904742049b20e74c1c6b52649cff58abf31f4df9e8e55b0bfe2c4d22af8c001132f91483d949c69cd72e939ef60

Download Submit
/data/user/0/lmh.android.gjbus/files/com.adlibr/image/1979924498.tmp

Filesize
2KB

MD5
61e7bb9867dc6e5a98252189b970c1b6

SHA1
c49f812511c0d818d7606cf5a62c5f48af27664f

SHA256
45197a7845ae47040cafb4c475c9cf00ba10890361abce36472ee362eff8d66e

SHA512
cae70154632f4f7b6e4f68267f376ee9d5016d348ea5212d692138a0211e9c72b49c315b0b22141375ebdc0ec45c1ebe35752e2b19e071a74f8312f31f9ddf96

Download Submit
/data/user/0/lmh.android.gjbus/files/gaClientId

Filesize
36B

MD5
50db87b1da6f22067d80e1625b4d723b

SHA1
a1958c561ce8e2b5baba2605728d649dd4ffb57c

SHA256
98cbb8194a8067ebbb7ba7c59987e5291697960afc558717a79ee4bf70f66cc2

SHA512
8912af49046d782022c86e07a398341bf183b8948c8e1c1503c0630fe8ad7b3e713e17e9e2df7cb8c1b64f27e8bd8df4bc1473722192cb34f32cd1ffa8ab6162

Download Submit
/data/user/0/lmh.android.gjbus/files/gaClientIdData

Filesize
32B

MD5
cac43b67d91f1015bb9f53f9b2b385f5

SHA1
d43d85ee9a1a20751301b8d99f3c463606e1654b

SHA256
3d0ce04f9da6a834dc662ff2fbb309c2b009ad9b9793276e6c9032a16cfab0e9

SHA512
7d49fbe56c4cdbe85783e039f4b11d380908913db6a0877bd58c5b99e449f930580f56de4c768ccee7475faa59727e5de1737d34a8d1b9722068df38ba7064b7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads