f8a809cf09ab7a47a6df92287d1ec79d7d2446f0f83975d1d25ae806ea8f0f07

Resubmissions

Analysis

max time kernel
27s
max time network
133s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
17-05-2024 05:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bruno-wi.apk
Size

2.4MB
MD5

293b41d03ef40d850c5ec85f53a86b08
SHA1

9978c669edd8fb82f1e1e2aaee5346756a924c85
SHA256

f8a809cf09ab7a47a6df92287d1ec79d7d2446f0f83975d1d25ae806ea8f0f07
SHA512

26880f93579e6f763b4039c13372af9bf20a8de3db5571a14ee9691bf56ef372381337990bb5b7765bd7bf95b3548bef8de751938a25e6f8db17bedb84846bf6
SSDEEP

49152:CC8vcHNS/dklW9XuBzvB9RjXStOvv0/SvEfOKoO9SIW:CC8U0lYkXazvB98svkSvppIW

Score

8^/10

collection credential_access discovery evasion impact

Malware Config

Signatures

Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery evasion

T1430

T1627.001

Processes:

com.yxwkwcsk.bgronvby

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.yxwkwcsk.bgronvby
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.yxwkwcsk.bgronvby

description ioc process

File opened for read /proc/cpuinfo com.yxwkwcsk.bgronvby
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.yxwkwcsk.bgronvby

description ioc process

File opened for read /proc/meminfo com.yxwkwcsk.bgronvby
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
evasion

T1407

Processes:

com.yxwkwcsk.bgronvby

ioc pid process

/data/user/0/com.yxwkwcsk.bgronvby/files/dex/VIJPHPiHNvnlrRpCQ.zip 4615 com.yxwkwcsk.bgronvby
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

com.yxwkwcsk.bgronvby

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.yxwkwcsk.bgronvby
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.yxwkwcsk.bgronvby

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.yxwkwcsk.bgronvby
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

T1422
Acquires the wake lock 1 IoCs

Processes:

com.yxwkwcsk.bgronvby

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.yxwkwcsk.bgronvby
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.yxwkwcsk.bgronvby

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yxwkwcsk.bgronvby
Reads information about phone network operator. 1 TTPs
discovery

T1422

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.yxwkwcsk.bgronvby

description	ioc	process
File opened for read	/proc/cpuinfo	com.yxwkwcsk.bgronvby

description	ioc	process
File opened for read	/proc/meminfo	com.yxwkwcsk.bgronvby

ioc	pid	process
/data/user/0/com.yxwkwcsk.bgronvby/files/dex/VIJPHPiHNvnlrRpCQ.zip	4615	com.yxwkwcsk.bgronvby

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.yxwkwcsk.bgronvby

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.yxwkwcsk.bgronvby

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.yxwkwcsk.bgronvby

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxwkwcsk.bgronvby

com.yxwkwcsk.bgronvby
1⤵
- Requests cell location
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Acquires the wake lock
- Checks if the internet connection is available
PID:4615

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.yxwkwcsk.bgronvby/databases/privatesms.db
Filesize
16KB

MD5
df5c8186fb22a98af5f11e32940b718d

SHA1
a17b812629f622f016a305b55254d79155f95c33

SHA256
efd974132e07d0feac04432b4136ba9f7e170470b2b1bfdc8587a32aef52d2b8

SHA512
1183208100d47bd2291da53d642274574fc0bf2cddcda9fdca307db624c681b1bfd1877cc83c557e9a031a5f9f500ef4f312312c7c86d53be43421ca196fd45e

Download Submit
/data/user/0/com.yxwkwcsk.bgronvby/databases/privatesms.db-journal
Filesize
8KB

MD5
7f10001d98dca1dcf35bf0d3ed5446fc

SHA1
2c837b77014a53c3699bbd55232833f5eb74b258

SHA256
3b8ad50bc40e8d90d113e58aa27171398d55bfc5f4bea09b86ba35ecd4b9e6f8

SHA512
21595a4a9c9d76f4040ffc15eed83ab208b212101fef1eda0f566b1f11e7ff3e9236fdc826e478f9b2d6784f02825893d506f21b657335d1f061898264e65e1d

Download Submit
/data/user/0/com.yxwkwcsk.bgronvby/databases/privatesms.db-journal
Filesize
8KB

MD5
b6d0d2ca8e5abe8f889d6089ecae4fd2

SHA1
88e8e0c6d33479448fb034555aae98f29e0eadb0

SHA256
a2b6dbeb0c75cc615541d28c6336d09a19e23a0389ff751ba05d4d8258013c48

SHA512
4d6dae11d155061c467b207671da2ebf53a55e4944fdd7ec0c645d4e6028ff2267e30163539844451faf4ea72c2599263d2e23b327ad8bb7a4dd67df9f4fd503

Download Submit
/data/user/0/com.yxwkwcsk.bgronvby/databases/privatesms.db-journal
Filesize
512B

MD5
f244c40a9f11e553aeb906a5bdda85fb

SHA1
8698ced91c7905da9c8343152e50a0a43ced6372

SHA256
d7192984fb2eff73dbe56b8d8656059b98285f32b5d7f39af52cb7500d46aea4

SHA512
39ddf5251445c05bb943b0a13d00c2250a6ab90fd6970128dd79b8b064820a64a97899b78998ac2a10f26fb89c4396254133cdafafdadb8d035a7b4e655b0d84

Download Submit
/data/user/0/com.yxwkwcsk.bgronvby/files/476639.so
Filesize
145KB

MD5
bbef4b886d31f635fe95aa0f3f789160

SHA1
7ef9f43a0468c80983c8989237349fe432a21119

SHA256
9d226ec83b72c19234bc3ec3d3f3d5909758fd84f0fabf8ac1c1510893d0ed2c

SHA512
a8606b5cc6db7b4cd3ac6d3f2285ed7bd60065e77d8002e4d907cb9e00525e5a0e411de330b7e4c154cca22ca78a6467302870bd941ac5d184353a504f3ed979

Download Submit
/data/user/0/com.yxwkwcsk.bgronvby/files/476640.so
Filesize
270KB

MD5
f45d6438e7da3be57f3c24d19ec9b578

SHA1
48a3713d7619b111da2fa4b03ddcbe77c0e968b1

SHA256
72a300e5cf97f03eb4d93b1de0ec02d92ccd15e9dd1a2ce0d6cde387204d4194

SHA512
ca242872dd28ed4e68d68e8a430e490f46762d333d4028aa6f3ed5b4fb7da9e3f4e8c79281703d811bd8fdc7b1f92e0fd18ee07d8f37cc155bb989b894200eb1

Download Submit
/data/user/0/com.yxwkwcsk.bgronvby/files/Background/black-wallpapers-for-smartphone-102-700x990.jpg
Filesize
3KB

MD5
4651e1fd4234ee465d6fe6349f2e178d

SHA1
1a86fbd1edd11fa983155172d484959760c1fc0e

SHA256
725ccd777793d5b05707aa28438b58a021c15b0f9cf47ace83aada6ea93a921b

SHA512
6962571dbc91930f4624e3c80e1ab7a5ac23f8f13ccb4587d1619c5d5f8e9731974ae954e8b9ba2e86084f8e797c6a9d49267667a98e47bd7af9e0af29686b0c

Download Submit
/data/user/0/com.yxwkwcsk.bgronvby/files/dex/VIJPHPiHNvnlrRpCQ.zip
Filesize
530KB

MD5
5149343a09071177d23c89604a770c5a

SHA1
364d821938415340a9f1b83451520d925b104829

SHA256
5c95153b2afeeef5a0f30d624c5b130782cfd4e23fb103eeae5a0b2bae33b141

SHA512
c2170c720e44d0babbe23466222810969ce9d0c1beb04efc95cd5ac9932f7f98a39db1d9e4597667068de7c163307ad04aaf21038bea4d96bd8a208beab965b5

Download Submit
/data/user/0/com.yxwkwcsk.bgronvby/files/dex/VIJPHPiHNvnlrRpCQ.zip
Filesize
1.3MB

MD5
d7763f3233f8e9a0f951dd9464d748b2

SHA1
991e68d99cb8f8a19f59d87bdfba1f8214ed117a

SHA256
844be5451b49ccc7ae4ad12f9188151683cf2520e6a944482f86a2900e175514

SHA512
7c76a39c88783d6363c7ff2b50ec64238cbc9304f34b557b2a9693224fffa595f84cc333541d6c0d9ee40956db553fb21b97fe0a51ddaf05959335d841daa208

Download Submit
/data/user/0/com.yxwkwcsk.bgronvby/logs/Sistema1715922915390.log
Filesize
17KB

MD5
4810f4e7cda0fe9f5677519103603f79

SHA1
b2396c836266f14a6231151aae59fd4f3699d94a

SHA256
307f265f7dade4e14ec22cfe5c56d4b70f87dc0133ca295f9a378e0a1d878100

SHA512
f4567dfe4fe50ad31c1329e014e4132f4dd48a174a81c017b4d680c21e51ac5e08e83ec702be1c65fdbf6ddaa499fe6d3cafaed0c4f8fb2df85129ffdbe0fca4

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads