dfbfcb106b992394201c523c5a53a0847d9a36f844724435cdb822fc5faddd4c

Analysis

max time kernel
268s
max time network
298s
platform
android_x64
resource
android-x64-arm64-20240506-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240506-enlocale:en-usos:android-11-x64system
submitted
14-05-2024 12:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3.apk
Size

55.4MB
MD5

564db55f4d3264e1c9f68c3d0d927125
SHA1

17e1da8eb4f96f8942c385f0b392b4b56c3590db
SHA256

dfbfcb106b992394201c523c5a53a0847d9a36f844724435cdb822fc5faddd4c
SHA512

aa4d7286e1e230ca398da7c60a45c5b1a8cecd0811767e63631809fdef3ee00cf3f7ed7bb7b43f8aa3ce15f8b61d18cfbae28b3426947c549cec03852f904c98
SSDEEP

786432:CrSP/Bk9vOuEN7AMIIpH9PR8BxmFhiWQq6aayfDct4n73YcLAP8Ip98xbocbXnxF:bebU8qH9p8BxpfZyfDc4Ul8iG7xF

Score

7^/10

collection credential_access discovery evasion impact

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.csdf

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.csdf

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.csdf

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.csdf

com.csdf
1⤵
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Uses Crypto APIs (Might try to encrypt user data)
PID:4780

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Process Discovery

T1424

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.csdf/app_tbs/core_private/download_upload

Filesize
56B

MD5
aa3614ad951b11ee55c107e33cce1a8a

SHA1
de15638b683bcd6af21af15766dced33b4f92672

SHA256
5146ae8af18adb44814213238e474bfc77f224a3b3ff680ab83d9b164687e4d4

SHA512
c81565ec49bc71a480176ffb132a16c56985882d34c5c0af77e596b3c1b1f5c05ea397ee6998ebffbe0cc3f2842cfc5bfc745c2654ac676a6c42a2e2a1520d8a

Download Submit
/data/user/0/com.csdf/app_tbs/core_private/download_upload

Filesize
56B

MD5
70f7ff5301c580c3fe6a5c23f5cd0356

SHA1
8005f7fd63726f934a1eefc8f4876f4c10812b58

SHA256
12b3c70dd1cb7ab2c73439fc56309533c019f2cd21fda34ce70f1e47641beb7d

SHA512
07885660f206eaebf11f5324c75ee7210503d165b24f63537010f4f3d40bf343fcd6442e3907d307271d45bf9af76069bec13a8a10880a4332a1015fb88fd898

Download Submit
/data/user/0/com.csdf/app_tbs/core_private/download_upload

Filesize
84B

MD5
1b4051d61c56dd2905cf69e7c5d47cfc

SHA1
cacc0daab6d1b9fe9b09d41a718358a6327b597d

SHA256
f75e251a09303ae857904cfd5deefe6c28436225bb8046f8413e160139e63747

SHA512
a6d48e7b0ccb6a5ae1beea533ce94a00cc592ea50faf20cff4027a751420be3802673909a878cbf651ec83c2ddbea592d0b6d31c00a5c0e78ab493c927f1cdcd

Download Submit
/data/user/0/com.csdf/app_tbs/core_private/download_upload

Filesize
84B

MD5
54e122d9132bd3fafe2fa18395bbc542

SHA1
6260e4154db8b71a5db9571994527dad978db453

SHA256
e80bb50fd7fd1d2b13826f698b58ce561568c6de0a135bfea35d06574b17e699

SHA512
9880bd41651ebd0b11d7ecb5e857f062b99530e2f6f00f682f8b23dd349834a76c8c971c8b3c44165ab36a6b0611b5e07627ccf044675bcf26e4a2389486e727

Download Submit
/data/user/0/com.csdf/lrfiles/proxy.apk

Filesize
1.2MB

MD5
6142b23970ef35b2f18f8b7e84dae8c6

SHA1
44ee0436734693f5b983f26cb731cfccbc3388b8

SHA256
9f77108a48b5812a04e8b5bff432f36db14581bb30846c0b6a581b498b45ebad

SHA512
814c59380849f4770ccbb188187bd8dcd8c7e80502ffc53ddb5e1ea5e03cc034d4fa1dd97fbf29e2efe87f04b1c0ed460b3d11e2f5e31864d57f618edad401f5

Download Submit
/data/user/0/com.csdf/models/angle_net.onnx

Filesize
759KB

MD5
2110338ed034189ab529f86de41b6d72

SHA1
5911f4fcfaa66e357f80abeda7f62a9d028b2e91

SHA256
3c70f78733c84c9cc08814e55fee51cf15fbe33e23460b9af0302e0a84d9f6e0

SHA512
6d42742351a9ab8b73e3569ee1c33e3bda5c137c22dc92a7224b180f6747ed4db81abc7abe9ba57dde33fdc86bcac5d752229e12337af196a3e78214441acd69

Download Submit
/data/user/0/com.csdf/models/crnn_lite_lstm.onnx

Filesize
5.0MB

MD5
2e12fb5fc7eca461c0bf3365da230411

SHA1
6c2dd4782f414ab16f6a46bcd80f37eeacffeff7

SHA256
97cf9dcdb7a47063bea4207237ae922231f51228529ff5198d958ac99e2804e8

SHA512
04589ee691b84d7c9fccf96d69eeed0a40c563a67f2d089db6dfd35cd400d4a83092fa5c226792bf5d1cdbdd92cabddd276fae4274f55af7466d0e060b230f96

Download Submit
/data/user/0/com.csdf/models/dbnet.onnx

Filesize
3.5MB

MD5
615bc27acc59278f61d051a372a5f8f9

SHA1
3ca6db817a07043be1b245af76db283e66dc6027

SHA256
ec31eb2b7daa39c4e0307ebb290045deecd515f4e9656d5d987eb82148aea867

SHA512
c7e3bb90b8751602824501becbb77c055f8390e4fabc3a6122d212a140b2b746eef4f8b8f4e24b7c7878bf16a016be4f370ac744e0c81082e3d3523b95ca6408

Download Submit
/data/user/0/com.csdf/models/keys.txt

Filesize
21KB

MD5
e7b0b09311be418a932aa1ef9df0d432

SHA1
cddb75906fbb8121c0e827b0dac6a34e558bea0d

SHA256
c328d4126cd351f8ee73f347ea92eaf91dcf2c14a7f9b70d5280fa156917a5fc

SHA512
57ded49b4040a5e41550fda3f0fa8d801f5d1ff4d0a1687aae9788760c23b21bf641f0fa6f02cfba0c7ff23778c1fd0179f014af92c666ac348c264c8fa1157a

Download Submit
/data/user/0/com.csdf/nxcache/luasocket_x86.zip

Filesize
945KB

MD5
041aaca2cf894c9cda8d254e311f3a53

SHA1
834c5e992c76b2c30b7d59da2edc9e5879f27f6d

SHA256
851f741fb61c32a0f35ca71700e62ccfae30848cd3053f4d6d7fd8ad9e024e40

SHA512
6ef4e4966d112bc95911d843d5b7906b90ec2c94aa288b453ac660773c56a850418d37f3fdbba3fc576e33fe6964b83b4f4098499f80625f7f52072ab76465f4

Download Submit
/data/user/0/com.csdf/nxcache/models.zip

Filesize
8.6MB

MD5
29b2fa821e3500020290a31f32bbbd93

SHA1
cf31058a3496d262db67fc87f378dd353a4652b5

SHA256
b024a57619251399c5c158ad169b59b1158dfe65c1df47089348c47482d14cb6

SHA512
f70bc323b0e29fbd6adcbb1adbd308b9e896b4f66cee5c69073a84235e975275fba5cee61cad7feddd4c2314e0aa246ece092f48a4418b3b3756373f6777afd3

Download Submit
/data/user/0/com.csdf/plugin/lua/ltn12.lua

Filesize
8KB

MD5
85fdbc403e3db12ae78a428d12e09d5f

SHA1
e8d1205655b4bfd5d047b9715fd57bbe9d7d5088

SHA256
f8ebb246919c73c9fe1c12a0a8fb0f1124835a0bd56a55df02163f96d664f795

SHA512
3c3eef39bd653cb42cd315047dd3322e00c1e2c5608941505331062c264968f4fc3bf80cbe25e138ee8e151aaca1b9729804f917c205592ebb357468936fee75

Download Submit
/data/user/0/com.csdf/plugin/lua/mime.lua

Filesize
2KB

MD5
c8ceedbe56d980d320847c292ce8c5c5

SHA1
9d988b86a81228ae69cf043c423af2ca22746b97

SHA256
922ca4eb2baf9e24fdf6177027bca8e569563608748d1d658a20d7bfa2fd3c2a

SHA512
71f11d9d2a69dd32796ca00cc6387ae5f3832e959ab7e7220a5148167271b2ab38bed44fb661bd539685fff3e8728fbb7c84529aee14b228d19482b0159b6c97

Download Submit
/data/user/0/com.csdf/plugin/lua/socket.lua

Filesize
4KB

MD5
f62021b8c3d4b62d419fdb2054c86e31

SHA1
d4029602f48f4feaf3158fc58b895487c2d2ff43

SHA256
a92ae132ce092dc5b8e164ccbc7c737f987b8bbbd481b531db9b64d6c2be4e11

SHA512
b404912d47425fbabe069f81db3e1b35f73d620b14c25284240fc6bfe31f42006a42d29c9233711ddfaf9b171b943bacac8213b6775a0b67571c20507011eb0f

Download Submit
/data/user/0/com.csdf/plugin/lua/socket/ftp.lua

Filesize
10KB

MD5
b73f82e73c34cf4d802dc3cffdc2a33c

SHA1
aaa4ba09ce5d2a2cc255d3e90db6b74ca817fb7d

SHA256
f874ae11becdef5ad36488a2b2e7eb330443212be37d8170536938c9caf83f64

SHA512
a368f096d44e5436752688d158d97ba9af24f796c3ec2de68ae088038827382045cfebe1bd15ddbbfd7fe4422088f0646c6e480c8b47dee4027b4d2e545b58c9

Download Submit
/data/user/0/com.csdf/plugin/lua/socket/headers.lua

Filesize
3KB

MD5
61a437d6aeb2885e15540a01e32f85fe

SHA1
77c3b50cb5a730326920e539b85eff824a33cc1a

SHA256
aecff8c2d99d77a6473269367d5b085ad0db189d9699c2f47dcb97ae5ad348df

SHA512
d161d729c7ca1aa3b991a0bf1c280dbf3a265d413737a3019f32c81ce4452946a72570b8ccec5da4ad8cf73a72dd9cb883785c3bb318fff55aefdb541320e0a9

Download Submit
/data/user/0/com.csdf/plugin/lua/socket/http.lua

Filesize
14KB

MD5
ac41e8ca9fa5b7c80e26344a9984f802

SHA1
a550f19fd2e54321f77e59ad2949c80fe945f261

SHA256
bd3bb6b71c3f4a925be4b16b23dac10b750ed3943378c4e2191ed19926767ded

SHA512
b2bbf7590e84e10c8dbca0fbd045731cf2f5d42fd4803ef886e1793381dcab8d6be284e83b03eef0e1635ec559cbb2612e873d79c0045196f44ce44c860d6ad8

Download Submit
/data/user/0/com.csdf/plugin/lua/socket/mbox.lua

Filesize
2KB

MD5
f68153634b992ca72297da4deb9cd75c

SHA1
af1437857d69e2e7cced948f01b22b1988ce1e0a

SHA256
c66e22f1cbc1bdb705b32dd51db9daba315058f362cae5a8f1638d184cfddae1

SHA512
dd1c7bbc786cf67a1ead2b3f3accd79e8c401824f659a5daec8f66c7e62335fb8738c8cf9605ce3977014d03e46dfa8152473ed7684893bb53826b847cf55728

Download Submit
/data/user/0/com.csdf/plugin/lua/socket/smtp.lua

Filesize
7KB

MD5
163b55d0c7f29f68533758235fdae254

SHA1
0bfa6ada93af5dab6fae71f941e86e6a8b4f2814

SHA256
55bdeff392dffc381b1487b6e9493a7aadb52f851f78ec29316decf50d88df58

SHA512
b7b0038019ea7edc0adeb584fa0dd1cd63e049258cc9f6f0547c6514bf1b8c56c22ab355dc73a0bc1a190ff4b2ec2ea1123e9e74ee7d63cb598ad3da5996370e

Download Submit
/data/user/0/com.csdf/plugin/lua/socket/tp.lua

Filesize
3KB

MD5
8f24bdaa02a0e1579d2a3ff6b19eecae

SHA1
727810076d9ad66d81a559e313184b7380ffa586

SHA256
3ab4f0fc85807c1b1c0b329ff82c74f8dccf9b2a0eac4f2571956641e890c149

SHA512
7c147f1b2c3136ebb9af6dd866ba6bffee3a945f458b55084b02c96ef36bdea852671e0fa15b3951638a4e054d9a28e0837d1565027899292395135140cd0325

Download Submit
/data/user/0/com.csdf/plugin/lua/socket/url.lua

Filesize
11KB

MD5
cc7a58b2762ff5d3ebe12f594229af5a

SHA1
6fb0087adf732afe7196cabcc7d07deec7666d34

SHA256
50c742a3e7b9989e3b2502e81845e4818360ae3d648895a8875cc14008436ab7

SHA512
1aaf81cdfc3c545a2ab5677ee9d212402c4eab3c2c603fb577d0a915bf8156b2454d066a7f250ddf1299f93b9867aebb0ac2dd9923942f57ab484a7b1b55c17d

Download Submit
/data/user/0/com.csdf/plugin/lua/ssl.lua

Filesize
8KB

MD5
7bd527727afc2cb7f568026665a42650

SHA1
3a41e00611ff5e5da10c39b4fc467b59583f3b40

SHA256
d279430820050062db0043bc2c9a0c3ad0331859a14a738a6a12fd4c138776af

SHA512
08c1e0957807d256bb2233a20fdf2ea1ac18c09f6d8a22225520281c04a7e247a81a8a70733b4f050f9debc9ece8f0d234926d306cb66402be3b8caa3a940c87

Download Submit
/data/user/0/com.csdf/plugin/lua/ssl/https.lua

Filesize
4KB

MD5
c796841e0a2b45ce38bc359a8dc3ca83

SHA1
52c88bc6303a5352a204adba734f5d100f0f4f8a

SHA256
407e503b325cc13c0e3c5e3b5bc292f0a3561d982429f2e12c8e991afaede5ea

SHA512
29a675a08a462a5f55eb9c68d8745cbb374c2243e130c5b65967dbe7f7ac75b983653c6416fcbada2515ea04dbfbdde57859248e8479c41599e3c040775f6bbc

Download Submit
/data/user/0/com.csdf/plugin/lua/ssl/options.lua

Filesize
2KB

MD5
a271ae25322140596858bdd6f8105f28

SHA1
d118751b8165261d74818f3c0d1f7bbace566cc6

SHA256
fd28671638f1a51ad1b48b921cd66d924f2e9ad85185ccbf107b3d1949fd624e

SHA512
a7529ce41e3b7d510e4be10524c6f43caebfa88988843eb1779bf83c4d474a187450849dd57a120dda5fa5a8b1146687bbd3211dbab3bd460490a702f891a457

Download Submit
/data/user/0/com.csdf/plugin/mime/core.so

Filesize
66KB

MD5
a961d03890bd83c4b33f110b6ca6f708

SHA1
ecb1b9508dfab0c15cfc64cc2112d5f8a08af0b8

SHA256
4a2d77d562eb42530b49c8597932f9bda2b55b4e39c6fb36f29699c1da521df1

SHA512
c90917e3a1df291c189542a155971d68553576a91ac6cd5b5757791da64791039b0bfc1b67adade53b7c5f5febc3f488a01101fbe940e52179e6778e3474b436

Download Submit
/data/user/0/com.csdf/plugin/ssl.so

Filesize
2.2MB

MD5
eb5d881cc3050bd27ae97a86aebd316c

SHA1
a1d5db40a186714a711c45bf3d1e778070681cf1

SHA256
698acd5fd585cb0c2bcffdb95e471985ecfbab64acafa31e7da71134fe802d8f

SHA512
59c5b5c34cb402a809a74919a2f9ce9846ff5c3dd9692df470fff065015b2b2fd88425c0df2d28f1f4fefbbc1db01106d346dd520402649e3594547a61549199

Download Submit
/data/user/0/com.csdf/tressocr/tessdata/eng.traineddata

Filesize
3.0MB

MD5
b566f11da1bfad8cb6af0e82e4dde0f4

SHA1
88a9bbb630af50a3d0179fa25b9a0fb167483326

SHA256
355e8fa15574940b644a3e4526fbe372508fb15ab67cedef2e7ee573d5a26067

SHA512
cff5f9ad9da758e3c798d4512243b3a207466c8e768a0470433878c06bf1a71f8843e78c40da1048d25bb74142d1c5db6161cbc1d864ddf8ff750e4641efe990

Download Submit
/storage/emulated/0/.lruuid

Filesize
22B

MD5
835dc309ed2dbaf6915001a9ee4c4e0c

SHA1
c607f7a5a73c1a93b0f3c29b602500a897f01de9

SHA256
180a09472e86c0b9117237b78c5aa741326daac66c8db32ce6215dec39001a56

SHA512
a394269ad6a0ab1d6c5452e761d63ddb55ce9e42cfce83cf9843e2a72dbc76888f02bfe98cce112745c6c89309eeb010ef7c307ae8e585e824d7ca8afee24897

Download Submit
/storage/emulated/0/Android/data/com.csdf/files/tbslog/tbslog.txt (deleted)

Filesize
33KB

MD5
7af01c4dd5ac31a5a7f7352507015ed6

SHA1
528d07b9364f4a669fb64e2dde6e2c014ef9acf9

SHA256
28180f4b9bcb96d7c9d85d8542fdd63ca045c1973e260f9a6de16bf24a16037c

SHA512
d39c1d1448f13bd18095548062edd30713bba0fdac84e2fa4e6f0b3ba6ae3ab63aa71d4fe8c0f02a00e412b53e2a48a99b897d6f0e5f75d2d1a2f124ab7c8be8

Download Submit
/storage/emulated/0/com.csdf/syslog/0514130427log.txt

Filesize
453B

MD5
360eca6dd6e85ad59241932ab9bc864b

SHA1
29c6608f82040d0a4d0e43157cc526d02ddbced0

SHA256
7a6bae3fccc27cba8e893ce65038d4c4ec39b59072cdd374bfa42aaf2425b015

SHA512
15fa5b68da0178a94283244322e38620a2b6de188d0cb963da64f1b332a691c0c70bdeddee704feb910b71d0e41149a0d3f9720ee07f0947155af09c4075f6d8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads