780936deb27be5dceea20a5489014236796a74cc967a12e36cb56d9b8df9bc86

Analysis

max time kernel
4s
max time network
145s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
17/05/2024, 18:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

wallpaper.apk
Size

2.2MB
MD5

2bee1749491b18907d5c3f84d6c812c4
SHA1

fcc36dc84b55cdf29af5397afe371a8ad3106673
SHA256

77d3ba2483a0f0297e71ba0600174193370d2d5e251da62a8121bd3ce50bbc7c
SHA512

efe382ffe2c6ef590ab11a4cff98e75db069a3ebde0ee9e5df60c289ecd189e8a894ec056c258fc1ec3b9d1fda4bacb6187a2107b112dd9db8d636c74259b102
SSDEEP

49152:0CPjilIJjTMVZh2aIvg67gOiPFlmZPG1vuyraAp3obGx:0C7tp6qgbkA0yBzx

Score

7^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.panshi.hostpayment

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.panshi.hostpayment

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.panshi.hostpayment

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.panshi.hostpayment

com.panshi.hostpayment
1⤵
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5109

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.panshi.hostpayment/databases/_nohttp_cookies_db.db

Filesize
24KB

MD5
8b88d8ed6786b69e2bcfafd38ddbe5f4

SHA1
2d0e5db696a423e48d9dec06edb15ea7e1ee31c3

SHA256
d0eb89463fdeb0a62e43db6094305fdae72131a09e030e5febefeb7cc1cc5da1

SHA512
f1ef59c1065199347615401ce91c20a90b30a9e3d434c09abdf121da985fb0146b0835570b74dbe2689f68ee93c98958dfd2550375d20efdc3dfb88c9d238868

Download Submit
/data/data/com.panshi.hostpayment/databases/_nohttp_cookies_db.db-journal

Filesize
512B

MD5
c2c81b91b29ce4098571ab128550fb06

SHA1
ed9098e2d7dab3d815423854bcd9cf55e80abac5

SHA256
e488d9756f1931ef0b34898259c3a367447cfe8545bf28be8e9e63db073362c3

SHA512
0c0bef5abb98ce56b566067a51039435cb658ebf2979212cb92ca4d4bae943b078c5fc7d67ad7018aede71046d775220ad5a129bfabf868d28ca10551e8870e7

Download Submit
/data/data/com.panshi.hostpayment/databases/_nohttp_cookies_db.db-journal

Filesize
8KB

MD5
f040549337e6d63806dc91aebf425fd5

SHA1
67bda26c755f356f8ddec79370b2fc18c9e72c6b

SHA256
acc7c7cc6a705b5118837c66cea122b3d03c36d4162783f5a8626d1d3208e583

SHA512
37cd9ccc4f7ca31e6f5bf407fc323408457f5c67e048b54a8fadded96448bb1165ad078f82b05eee82ab6b6f2fe0f5353a60dcd49171687b9a7e024c95a33f6d

Download Submit
/data/data/com.panshi.hostpayment/databases/_nohttp_cookies_db.db-journal

Filesize
8KB

MD5
090c32557b2f20a2b400ad078f4784d6

SHA1
ef34c6950d6650fbd20fe0d5aba982c7916df9b5

SHA256
7325cbc9e0206fa846221e862715fb42882302cca9d4fbc218bc9db75785dfb9

SHA512
c5fb6512500edb98476c0424f0c765ae44f5fad5df738c648b945162b655aa2d0497e601c795abd17eb7d77942a53d94ead19eedb96bebcdf72dd1b76d5c006b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads