5a9d8ddfc19dc9997c26b142f227fb50de9db39413d57ae4338b9c9229291f4e

Analysis

max time kernel
20s
max time network
59s
platform
android_x64
resource
android-33-x64-arm64-20240508.1-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240508.1-enlocale:en-usos:android-13-x64system
submitted
10/05/2024, 04:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sbilh_appzillon_prepro_23.04.2024.apk
Size

184.9MB
MD5

83531b6bf07aff5da441f188f40c5ce9
SHA1

26a14d289ff5a0844e61c86576f4bdab25d21759
SHA256

5a9d8ddfc19dc9997c26b142f227fb50de9db39413d57ae4338b9c9229291f4e
SHA512

db4fe8926f0b7eec9e6b8bc646abd535e0394226e1b2a2b61010c0ee1f928002505a82afb6aaaabd7a8c12f02a0379f862e052fc55968c82fadf1745fb494ce2
SSDEEP

1572864:DlGKL04jQdgyZEn59sBc14jQdgyZw9z0iqXBAHQEsqiE96hiagQZF66bgq1+F7Dg:DQ8QgZ5+DQgx9zrZ3wi5QFbgT7ZVqV

Score

8^/10

banker collection credential_access discovery evasion impact

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.kh.sbilyhour.retailbanking

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.kh.sbilyhour.retailbanking

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.kh.sbilyhour.retailbanking

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.kh.sbilyhour.retailbanking

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.kh.sbilyhour.retailbanking

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.kh.sbilyhour.retailbanking

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.kh.sbilyhour.retailbanking

com.kh.sbilyhour.retailbanking
1⤵
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Acquires the wake lock
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4452

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.kh.sbilyhour.retailbanking/databases/APPSDB

Filesize
10KB

MD5
e9138f4fb0cd035b15abb6665a58b40e

SHA1
ca5a0424ad42e1227f36da9d729f84adb1dcbead

SHA256
0572902ba67fb8934a863b80ff1599c3eccde7836b25342ff1b940595303580e

SHA512
6cb9817f62b25fad3825cf7626aaa7523638b54940ecf225fd80dddfd254ad821b0d950c5ecbf28adb78925e60353b5fc059ebf6c43d7a91590abd5fbf721e65

Download Submit
/data/data/com.kh.sbilyhour.retailbanking/databases/APPSDB

Filesize
4KB

MD5
1e6a16c30d329fc63914830730160d83

SHA1
f225c613ee939136790f478c850d8adfe6eb5ae5

SHA256
0d6d12b9d4980834f6052030dcabffa1c08d70cf3d2c9e7433d932304c98ff2a

SHA512
a19594e57b4161989fd8af8a823a849689b86358d3f724fc35b83e708217d3694d5f6fbc6a6dc66ef583992ea394cc854cd5172dfdebbbfa661b41e028c6de16

Download Submit
/data/data/com.kh.sbilyhour.retailbanking/databases/APPSDB-journal

Filesize
2KB

MD5
684f570503f2187f7535969eac1db0d3

SHA1
f6cf0696bb88f3436d1f0dfc15664483a13ac860

SHA256
bfbf510ca728999782624fecdd33e556d1b3fb268617d973528574750c846863

SHA512
3402ab7406a3d0ea59d4e162f5590aed0dc887aecf0054c4366ef839870303187b471b87ba9fcf0e4aa1693968a1674fe6e352686cf9130cc08c172d18e9339e

Download Submit
/data/data/com.kh.sbilyhour.retailbanking/databases/APPSDB-journal

Filesize
1KB

MD5
44aa86803c5665062632dd065b7cf00f

SHA1
963bf8bfdc76701a57a3316b7d4d85b393571edd

SHA256
6295fc5dbdf4177b38eed1f10adc34c02aede30b838e790ee5a18b5f4d63713a

SHA512
7aa4f26efb2304b49616d892a36bad63726fce9b2cd152516bf5f4ccb2093d9c0dcfad2b4690f6362ee9fc200c9992dd179c7604958d840e245273e23c11191b

Download Submit
/data/data/com.kh.sbilyhour.retailbanking/databases/APPSDB-journal

Filesize
1KB

MD5
9f33c4466d16e9605b37777bee9f1796

SHA1
67030750a1cde6b55e43699246d2949b23234896

SHA256
17f92c63630e256762229228f6a45ce0f9e94e18a55502b6af19c218be16e4e2

SHA512
7d9a383abdae43faf86a637b37ff23fd7c6ec5d5e6aea26c8d1671f0d3968f216c3909b8e3fcc57765b3c674746d2e0564a97fe0b6edd22ef3c66bc47e617945

Download Submit
/data/data/com.kh.sbilyhour.retailbanking/databases/APPSDB-journal

Filesize
1KB

MD5
afbfdd0b23bd810e2d1fa6bd212fa5fd

SHA1
b21194dc321895fda12709c113a76a242b4ebe38

SHA256
948f5f361b174f2634a9134717a18d8cad0a5a52a7fd2a7243f11cb146835a67

SHA512
7880f31d81b1d3ebd991d663cfe729e76fe68890ad9ab20c5c157280cf4450cd6e7f085f6757eec277cb281951f37e14a87c577a1eb18ec670ea8ea3f8e27198

Download Submit
/data/data/com.kh.sbilyhour.retailbanking/databases/APPSDB-journal

Filesize
1KB

MD5
f96bc1a45f935ac529bf484050a7e186

SHA1
4a67a58004bc17d977cd9b5cd5baed4f10ac1a16

SHA256
b127f4ee73eb53cb3566e774aae1e5204b30ae204ee60cd9215b39c08e1b93ab

SHA512
25d395b773b823b97f5c9411b35c3bb86078d63ecb31113063c6471a863496b59f7974d7b07f18a14b526bdedfa96c3bfa4f9bdf17bbbe59f829701febeb65f4

Download Submit
/data/data/com.kh.sbilyhour.retailbanking/databases/com.google.android.datatransport.events

Filesize
40KB

MD5
571112758fefc013ca64f73bc959a009

SHA1
64b3e995d49a74c647cb467f54fc72c28c5af3bf

SHA256
632907b2357e6d3e99c86012795c6a2eebd1e8c1ee0a64c64878c5c1201413a2

SHA512
ce75b2bf73c4fd98b5391cf39610260fc90a91a7e85388c6074fe7b21f8b54eb88a0d0ce83a3403b496bcaf885deceab36daaae18976dc1f18fa4dd0605e2e34

Download Submit
/data/data/com.kh.sbilyhour.retailbanking/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
fedae5db05df25cf2ab147f8bb9b8196

SHA1
e533cf9927e0c672bb08dded418338ce05086df8

SHA256
288d9b0c95f7fcbe8116b83f305bbc2ed103e802b2429fd5b7483f0f325e2958

SHA512
2a92a1a2b3e0bb00f34ee2a7d4964564ee8d03325fd8bf917f65966044fe775973d3564a531caed22215a154e3a932ad17ce45ea016c1efac70a156a0896c955

Download Submit
/data/data/com.kh.sbilyhour.retailbanking/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
22e0b6fbc0ced3277125bc077c924139

SHA1
c5438eb8d7382878f0c8d739d2275a0c3b194fcc

SHA256
459deae82832fb57667073bdcaf592028bc7eceb80bf7ab747cb264d6d8cc70d

SHA512
bcaf1f2f2490291d0d229f10d1fad533c185fa8d44a207f7b6924a904a7236671f40b360460affa41dcb86d252699b96c1d369e225f800aaaa6f4736627a1e86

Download Submit
/data/data/com.kh.sbilyhour.retailbanking/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
2293c754b024e170f92eb4dfe81813b9

SHA1
430a85a48615845ae65ba20fa4e49cea8b76869e

SHA256
e683390be097ea0e804fb9cf84abb24d3767aa7dbe8dff5749d95d2ff6bd00cc

SHA512
34b49a543e46dc6d12a77fc53eec90b28312b850c81d574bfae4dca353e060a2861550b8373c7d53e2357d95f08238b9af835e9b6aa6eab729050c5f70acdb98

Download Submit
/data/data/com.kh.sbilyhour.retailbanking/files/GEZRKWDLS5F53LVV7GAW6VPM6ULAK6CZ

Filesize
549KB

MD5
1215bfb9cde8a2f1dc354385e61d6fdc

SHA1
6d5cf5131d119abd7e7c184e0c85eb6321f36473

SHA256
c220dbcf895212b7f63cafa0ceb72869974310c3b94419bfc7c1fe10d892cb9d

SHA512
3b7d251c72752548a00d43597cec1c4c71ef9cd96b69ffcd2cc8c150fa8795c3304bddd2a915c2cd90a278e8a7539af593a116ead7aa0cd03e1975e3076be899

Download Submit
/data/data/com.kh.sbilyhour.retailbanking/files/GOZGGKUZB7RDT2E375RH4GTWYPKZECYH

Filesize
14KB

MD5
b9ce4542691d82ec7fc846438f2811a4

SHA1
2f7c62f2c14688f8dc97fa4d9d4f6cc77a02a07e

SHA256
aefa26e5c4e397bb49444e7fffc45d55659493713b91021f4a626ba226c055b2

SHA512
fad2ffe52fed11e372df2d704fd8f98df58c414f3f49d305676f526c7138539fd0048686c917459a947d9a8ad252c286ddec5353639866cd8fb1a9d0605dc711

Download Submit
/data/data/com.kh.sbilyhour.retailbanking/files/J2BWXWRXS4ER3ANG6TR5T52I7GOK4GGO

Filesize
5KB

MD5
ac16271a918f3557df5dfb4913e08338

SHA1
1480a48d247fe9a829bbd6dfc106e0b2e4aedfc5

SHA256
d9afdc0c173445c7f8ed0a631fc4e5bb512f0b8e5914c6293dddb79fea31549c

SHA512
106a2e1262f71799a7e7871700ca8c8e54723c6b768fccbd42976c08e5a43a64c0e9e5a10afa1ef7392427fe31b448c9db578e7d9b2803a7707cc79487e805cc

Download Submit
/data/data/com.kh.sbilyhour.retailbanking/files/KOP2XUFTCUFPRWPBBIFGCCEWWQWFZLKX

Filesize
5.6MB

MD5
ed052c55d16994fdefcdef3bf3ff13f0

SHA1
ad956ede38caf4341ac24b68b0759d51dff28719

SHA256
46cb921aa673e658b309a2e7b144e73ff9d8547238bdc7ef352fdaffeb624df9

SHA512
0ea659d5c63f0f217f90ae82ce1ba812989dbffaf9af0491854334d96eb249dc416897942b4ce701edcc7af228daacf1c082caaafd10acc3990eb6b55b409692

Download Submit
/data/data/com.kh.sbilyhour.retailbanking/files/N4EDZ66SCA3A7K2FMCTB6PSJVRFAUNYE

Filesize
21KB

MD5
f1cfa4f47f5379c06cd9140a2413f335

SHA1
85c1e32efeaa1ec3ebe6a55a545d877492e4d7b6

SHA256
84bbce623a64f6555febc0bde3abf3055203662c2c9bfb707fbc88ece6d2da18

SHA512
c89929684bf3aab5b911420ee8fbea68221a3e45d9fea7458452b69980b1c1d39f20db5796e2b2557b4803079b80c0a936f8f91d414ed56869e3a073980d5e75

Download Submit
/data/data/com.kh.sbilyhour.retailbanking/files/NBLVVFIDTO22PIQZ3XYDKV4VME32ZPEY

Filesize
367KB

MD5
7975962813b84e4c7a52d29b2d7276eb

SHA1
2164802c03ef2b951214f5cad0e1740174ae3642

SHA256
f3f2fb012e8c49da839813b32420c303c21dc4d0f611bb74d0a5d82ff853b476

SHA512
cf9410df4b9bacc326cf53c6a4966b80b23130265bddca03dee72824b9cd464faf1c455a3a86fb49b7257f00f2da7ca6f0c9dbcd558c423c287b0d8280513678

Download Submit
/data/data/com.kh.sbilyhour.retailbanking/files/QWWJ447SBL3424LOLNRF63TP4ZJON4RP

Filesize
134B

MD5
b5ecc0bb9f442ca60348d1008d41a852

SHA1
d39c5321b205a1492bb57c193505c4abf8407a2c

SHA256
53c1fefc0746bceca0a8db51ce7c34a1f77c134f922d8f6e00e5fd56b5afa5ba

SHA512
ba728024f502829b002218a750ba49cc139a49fed0bb4f2deb03bf111bd3968be5e884f0c95ba841943f6301e2e99fe324dbe08a62ece3bc442f76dfafa53111

Download Submit
/data/data/com.kh.sbilyhour.retailbanking/files/RIFW6OIBCP2HBR46OQDBDNNJ7DPD2C7Q

Filesize
138KB

MD5
de6d97a5dc99a7566717ccab5d1d6066

SHA1
9cd432fad9010d0df54ba119ffda9974ed3ab2df

SHA256
a23b33b9ec949ad2114d7a763d7705ff7f96136ad7e09397722e966fa5d72d07

SHA512
5fde666fed4def583d60fb9db2a759dd57f9c66b74d2cc400d7937ebf76863b0df5cdd1e953e8ccd7e0ae9d26d7b9354fe00abf04fcc684d4009d663130232e5

Download Submit
/data/data/com.kh.sbilyhour.retailbanking/files/RTE66DSBVONLNIVVVZDWAQHIXXPWINPY

Filesize
69KB

MD5
b550ff7cde176b480c93761eb293a048

SHA1
c27ca0f7108aed0b06f451c4f281817f3093a463

SHA256
43b370d54ac13f04e525c76cb2087779445dcc8aaa85d93b3a77556b54cc7e07

SHA512
886ae41be87effb37b6a4cd5d7dfdd887902cd7ce564d58c06f4ba9d62cd6174678ca562c8fe739087b77f7020d35c0293e06e219bf91b1f801567f64cbe1b11

Download Submit
/data/data/com.kh.sbilyhour.retailbanking/files/SIKGO2S3RMWFC6H7DUNBHHNQS6XVW7PI

Filesize
2.5MB

MD5
108a1dd741d792ec63ef001101888cb2

SHA1
e31206a084d172552b7966d555f1be6309985918

SHA256
213cc728311f6c849afa8484f67b325e85853bbee23d1eb478b4be0ebc53769b

SHA512
97b56948b78fe478db1e1384f13716c6146aad2c4eeb2d0bc51c0677bbf9788fbf731fc8ea07f65eb1d418e71e4fae5e4b88c12ee64deddd5023d09429d6b08c

Download Submit
/data/data/com.kh.sbilyhour.retailbanking/files/WC27NOJLRWB4GNGDGIBCBNG33FJCZRAL

Filesize
11KB

MD5
87613ea14c56013e20b010bf228e9776

SHA1
5c095f8a6e931fc82a24293824ec4565c10a3f46

SHA256
7835aad513bb6b4b47feedcf823a39c918c32eb60e926ffd4e1918ae33e4669c

SHA512
23ca28f3c252ddedeaaf0e913fabb670274797d9db09312d4241345901ed599e1ed159b59dfd2a8d1d5106efa7c05ece3c005b936463c0b0949a105fcf025333

Download Submit
/data/data/com.kh.sbilyhour.retailbanking/files/YZEQZL5DAGAVGNDI2IUJ752LUAPQRG6J

Filesize
4.9MB

MD5
8b30bdc210d9117893981717830f6e3d

SHA1
e8c395766a0fcfc2f1781df698652cd6e421b59e

SHA256
3dfd8b9c2c9836caf67f17fc871868f1656ac6f2fbd102837cd8e82f2da81ba6

SHA512
dd8fa80e3cc077e646da6dd07f49e9dcc482ffc1be55efe978097766487d51e55fc4096a7b6de7053e107fc84e36c02c66ec53f6be3219e64cc42d0e02bc7b76

Download Submit
/data/data/com.kh.sbilyhour.retailbanking/no_backup/com.google.InstanceId.properties

Filesize
63B

MD5
03127232463272239231fa5f405470fe

SHA1
b32ffdad57134c7d87300f11538c49ded5c607b9

SHA256
3e12f5a4ec92582784175bda90dc03a72762193b0d6c961a2d70f0d30f3a7794

SHA512
c697dffc6ed049420cc92fcdca7ec8e04d36b226f67b5d19e090092c52a8d8034b0b9225b1147d1cf17c1b57c5f38129efd0be2cc5dd57ee38a1300adc50cc2c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads