f8a809cf09ab7a47a6df92287d1ec79d7d2446f0f83975d1d25ae806ea8f0f07

Resubmissions

Analysis

max time kernel
55s
max time network
139s
platform
android_x64
resource
android-33-x64-arm64-20240514-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240514-enlocale:en-usos:android-13-x64system
submitted
17-05-2024 05:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bruno-wi.apk
Size

2.4MB
MD5

293b41d03ef40d850c5ec85f53a86b08
SHA1

9978c669edd8fb82f1e1e2aaee5346756a924c85
SHA256

f8a809cf09ab7a47a6df92287d1ec79d7d2446f0f83975d1d25ae806ea8f0f07
SHA512

26880f93579e6f763b4039c13372af9bf20a8de3db5571a14ee9691bf56ef372381337990bb5b7765bd7bf95b3548bef8de751938a25e6f8db17bedb84846bf6
SSDEEP

49152:CC8vcHNS/dklW9XuBzvB9RjXStOvv0/SvEfOKoO9SIW:CC8U0lYkXazvB98svkSvppIW

Score

8^/10

collection credential_access discovery evasion impact

Malware Config

Signatures

Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery evasion

T1430

T1627.001

Processes:

com.yxwkwcsk.bgronvby

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.yxwkwcsk.bgronvby
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.yxwkwcsk.bgronvby

description ioc process

File opened for read /proc/cpuinfo com.yxwkwcsk.bgronvby
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.yxwkwcsk.bgronvby

description ioc process

File opened for read /proc/meminfo com.yxwkwcsk.bgronvby
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
evasion

T1407

Processes:

com.yxwkwcsk.bgronvby

ioc pid process

/data/user/0/com.yxwkwcsk.bgronvby/files/dex/VIJPHPiHNvnlrRpCQ.zip 4315 com.yxwkwcsk.bgronvby
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

com.yxwkwcsk.bgronvby

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.yxwkwcsk.bgronvby
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.yxwkwcsk.bgronvby

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.yxwkwcsk.bgronvby
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

T1422
Acquires the wake lock 1 IoCs

Processes:

com.yxwkwcsk.bgronvby

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.yxwkwcsk.bgronvby
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.yxwkwcsk.bgronvby

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yxwkwcsk.bgronvby
Reads information about phone network operator. 1 TTPs
discovery

T1422

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.yxwkwcsk.bgronvby

description	ioc	process
File opened for read	/proc/cpuinfo	com.yxwkwcsk.bgronvby

description	ioc	process
File opened for read	/proc/meminfo	com.yxwkwcsk.bgronvby

ioc	pid	process
/data/user/0/com.yxwkwcsk.bgronvby/files/dex/VIJPHPiHNvnlrRpCQ.zip	4315	com.yxwkwcsk.bgronvby

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.yxwkwcsk.bgronvby

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.yxwkwcsk.bgronvby

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.yxwkwcsk.bgronvby

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxwkwcsk.bgronvby

com.yxwkwcsk.bgronvby
1⤵
- Requests cell location
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Acquires the wake lock
- Checks if the internet connection is available
PID:4315

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.yxwkwcsk.bgronvby/databases/privatesms.db
Filesize
16KB

MD5
8a10f85bcb419b77dcf49fbcf348e67d

SHA1
de45210ab1cae4be6ff7485386a0be8abed04faf

SHA256
a0ff1b8c48b78918fb218515f955a788620ea0b61002f73febba862b47092dda

SHA512
8662fc33368068066dfa7bf3543e6b1f68c857699991761afca16c5142995efc4074bac500044591b3af1c221b466bbf4a3e562610494b42cc2019e1f69b1226

Download Submit
/data/user/0/com.yxwkwcsk.bgronvby/databases/privatesms.db-journal
Filesize
512B

MD5
901dcbad89c7a41d201fd99f07591044

SHA1
264364cbc1a161d6b388dd56d5b7d6c174b0fd56

SHA256
5e975eac5f1a39c46492260bf250d7e65af8fd0f48c4e58e5decfb4991879792

SHA512
fc7f54a05b05dbbccc62d9aa0a3ebd641fcc77cfc5c784eb01e45b902b92478a6e6581ed8c33ec567b5fd682ddcb23456782addcb86832b4388aab790b921bd6

Download Submit
/data/user/0/com.yxwkwcsk.bgronvby/databases/privatesms.db-journal
Filesize
8KB

MD5
4bf303390c74587b9ef2927f5462a9f1

SHA1
8dba7f2ec02f7d381d754b4dff68bf35da6deecb

SHA256
6557bd118f898f8edb1b9b63ad7ea9e7a0bf78c0675edf247c4b4acb56a224ee

SHA512
252ac8c1f0969cb865a3fcf41f94c3d9fab2078ea9c1f49a1f5e49cb9ef6888c0efd3a438155036fcc1b608e29199f1898dd17341c7524708f1027cc8b27e2ca

Download Submit
/data/user/0/com.yxwkwcsk.bgronvby/databases/privatesms.db-journal
Filesize
8KB

MD5
81e84f8c196a1bf81e6ba84796ec701c

SHA1
bacad6d04ffaab0692e98a67c10a2f5012582b52

SHA256
59eaf95647aedcdfb2e3793ec9898f07abeeb0cb1f7950b90a836739dc855156

SHA512
7175c4dd2305cadff2f635009d1074af18ab5a645e54f01334e2ad069401e0cc71792f0031fdd59b369145042978b222c8f4258ca533a0382ccf680a2e3f3741

Download Submit
/data/user/0/com.yxwkwcsk.bgronvby/files/476639.so
Filesize
145KB

MD5
bbef4b886d31f635fe95aa0f3f789160

SHA1
7ef9f43a0468c80983c8989237349fe432a21119

SHA256
9d226ec83b72c19234bc3ec3d3f3d5909758fd84f0fabf8ac1c1510893d0ed2c

SHA512
a8606b5cc6db7b4cd3ac6d3f2285ed7bd60065e77d8002e4d907cb9e00525e5a0e411de330b7e4c154cca22ca78a6467302870bd941ac5d184353a504f3ed979

Download Submit
/data/user/0/com.yxwkwcsk.bgronvby/files/476640.so
Filesize
270KB

MD5
f45d6438e7da3be57f3c24d19ec9b578

SHA1
48a3713d7619b111da2fa4b03ddcbe77c0e968b1

SHA256
72a300e5cf97f03eb4d93b1de0ec02d92ccd15e9dd1a2ce0d6cde387204d4194

SHA512
ca242872dd28ed4e68d68e8a430e490f46762d333d4028aa6f3ed5b4fb7da9e3f4e8c79281703d811bd8fdc7b1f92e0fd18ee07d8f37cc155bb989b894200eb1

Download Submit
/data/user/0/com.yxwkwcsk.bgronvby/files/Background/black-wallpapers-for-smartphone-102-700x990.jpg
Filesize
3KB

MD5
4651e1fd4234ee465d6fe6349f2e178d

SHA1
1a86fbd1edd11fa983155172d484959760c1fc0e

SHA256
725ccd777793d5b05707aa28438b58a021c15b0f9cf47ace83aada6ea93a921b

SHA512
6962571dbc91930f4624e3c80e1ab7a5ac23f8f13ccb4587d1619c5d5f8e9731974ae954e8b9ba2e86084f8e797c6a9d49267667a98e47bd7af9e0af29686b0c

Download Submit
/data/user/0/com.yxwkwcsk.bgronvby/files/dex/VIJPHPiHNvnlrRpCQ.zip
Filesize
530KB

MD5
5149343a09071177d23c89604a770c5a

SHA1
364d821938415340a9f1b83451520d925b104829

SHA256
5c95153b2afeeef5a0f30d624c5b130782cfd4e23fb103eeae5a0b2bae33b141

SHA512
c2170c720e44d0babbe23466222810969ce9d0c1beb04efc95cd5ac9932f7f98a39db1d9e4597667068de7c163307ad04aaf21038bea4d96bd8a208beab965b5

Download Submit
/data/user/0/com.yxwkwcsk.bgronvby/files/dex/VIJPHPiHNvnlrRpCQ.zip
Filesize
1.3MB

MD5
d7763f3233f8e9a0f951dd9464d748b2

SHA1
991e68d99cb8f8a19f59d87bdfba1f8214ed117a

SHA256
844be5451b49ccc7ae4ad12f9188151683cf2520e6a944482f86a2900e175514

SHA512
7c76a39c88783d6363c7ff2b50ec64238cbc9304f34b557b2a9693224fffa595f84cc333541d6c0d9ee40956db553fb21b97fe0a51ddaf05959335d841daa208

Download Submit
/data/user/0/com.yxwkwcsk.bgronvby/logs/Sistema1715922917164.log
Filesize
19KB

MD5
7e60807935be1a218c26081b6b438860

SHA1
06f0bb8a34ea85f365b644f4e5b28ed73916ad81

SHA256
02e2c7435f0ff7da3c32ef77efc1972781af1f13ad1a9ddcca35fee1bb86b268

SHA512
6ea3036b5d1bfa251e27bac62bfd3a82d10da6e1fbd52c921e02dca77870cf2d3d717d21c0a3156614fb3235f3778b49b54d5236fdb16f893ee43d095ce99938

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads