Analysis
-
max time kernel
158s -
max time network
179s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
22-05-2024 11:42
Static task
static1
Behavioral task
behavioral1
Sample
com.zlya.intfire.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
com.zlya.intfire.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
com.zlya.intfire.apk
-
Size
12.3MB
-
MD5
b6d435344bf58df208d454bb1c0a6712
-
SHA1
b22b1b715caa47f3b16c6506a8fd1c0e01a519a0
-
SHA256
5995d3d351344aa6491501b9bfe907ba4b5eed9d088094f7a05de7dd7e40940a
-
SHA512
f74578328882e5f3fa87107da1912be9b353c755760f2670abfb46bc7caee216fb232017630813c7f930b58b5efd734087360313f82827695772f21434f67bd2
-
SSDEEP
196608:9qHboFwiStUy2b3Vyp8isbN2muzhTLNDMvZgMwDl9rUmM+xgiRWeQ2xsbCnD+EWV:98MS6b5isbYdZLCilSC2EYd
Malware Config
Signatures
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.zlya.intfiredescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.zlya.intfire -
Checks the presence of a debugger