780936deb27be5dceea20a5489014236796a74cc967a12e36cb56d9b8df9bc86

Analysis

max time kernel
4s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
17/05/2024, 18:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

wallpaper.apk
Size

2.2MB
MD5

2bee1749491b18907d5c3f84d6c812c4
SHA1

fcc36dc84b55cdf29af5397afe371a8ad3106673
SHA256

77d3ba2483a0f0297e71ba0600174193370d2d5e251da62a8121bd3ce50bbc7c
SHA512

efe382ffe2c6ef590ab11a4cff98e75db069a3ebde0ee9e5df60c289ecd189e8a894ec056c258fc1ec3b9d1fda4bacb6187a2107b112dd9db8d636c74259b102
SSDEEP

49152:0CPjilIJjTMVZh2aIvg67gOiPFlmZPG1vuyraAp3obGx:0C7tp6qgbkA0yBzx

Score

7^/10

collection credential_access discovery evasion impact

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.panshi.hostpayment

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.panshi.hostpayment

com.panshi.hostpayment
1⤵
- Checks memory information
- Obtains sensitive information copied to the device clipboard
PID:4638

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.panshi.hostpayment/databases/_nohttp_cookies_db.db

Filesize
24KB

MD5
1b01c7a93837cc900b78e254feff3635

SHA1
5c288a7117414fef7c2e49df27e596c0abb2620b

SHA256
2e67f91ca7fe08e4bebd5edcf445f5fffe401feb0474276efc04418998628d37

SHA512
fc1b1a8fc3dc2fe52fb94816851a7d5decbfb982148cea376626ca6488caf2938c001456223970560145bd11dd432bbc51e63d1e26de631de45c144fb642f481

Download Submit
/data/user/0/com.panshi.hostpayment/databases/_nohttp_cookies_db.db-journal

Filesize
512B

MD5
e63e9f8c8d51e2bc23dc08049af0ea81

SHA1
f0c72c615f3209908e732f6cc178316c0e744b1f

SHA256
cedea8a780da1a2284f8dd7e01b02cbd62785870ebf2b85dbc5c54ea9942212e

SHA512
e5415964c46f7aa2bf747dc13e1237255523699ac5d1db0f7f5747690d4ccb04b56b6f3d5da957f29781767a3ede88c4867216a0b4d6910cbddddeb9db2dcf6f

Download Submit
/data/user/0/com.panshi.hostpayment/databases/_nohttp_cookies_db.db-journal

Filesize
8KB

MD5
5ee8879c51f12b90371a9523b034c322

SHA1
642b1a81baebbc7d4e1868fa4be6ae27fefec112

SHA256
bfe65055ecdb3c803a6b03d5a05c2ad1097eaf761c2d791552e02e3c182a4097

SHA512
42ddfb9298ef9f5c324e6f3ea98b87607ae5ff129c392fa2056f2e3910cece49b8ebc8f5261de4c0460eba6e23247bb8de4305fb95f277345ae91cd04618a40b

Download Submit
/data/user/0/com.panshi.hostpayment/databases/_nohttp_cookies_db.db-journal

Filesize
8KB

MD5
0e286f7639458141bd2aa79b82c8dfb8

SHA1
7bebd3c1f153de88d3cf9c0d7a575ef6e72c9b28

SHA256
8cefdc7960e8e1263411524d65884dbf9dcc1710edee2ae62b057f50649ef607

SHA512
9cdef1313b8dce277e41d2b3e9e01eec7423887ef5e7b2eaed30704c5611b973abc614d10c5a46daaad8fd085e0a79a0dff8a85f274e6327238f0dc1c193a121

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads