dcc1c4078e111132c4c50f4ac260ac13d48dcbd48997426b0242626cc85a0957

Analysis

max time kernel
161s
max time network
148s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
22-05-2024 12:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2a57ce9a-c7a4-4fb2-a5f3-c3df65c0c53c.apk
Size

2.5MB
MD5

9b2270e41068dbfa50ec39153716b5ce
SHA1

35be18b6e606fe79d1175f8766101938f14cdf39
SHA256

dcc1c4078e111132c4c50f4ac260ac13d48dcbd48997426b0242626cc85a0957
SHA512

6a4d0a5b7b88a4087ace924f41a7df18cc1d6158a709344896bfffe0ba44b4c6520ebe2cd19c5d6b8ccde4c2b7cb9a706b9fc1eca679eb9767cd0fa648fc4f5a
SSDEEP

49152:n8nRCBgwmi29FauHdJjHaqEUPQ44G2vTmdsy7hmyyq3LkHU0dgu9A/g9mgvR:yRhwmiYF1JjxEUUlvIjlgHUymgvR

Score

7^/10

collection credential_access discovery evasion impact

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.example.CangKuGuanLiXiTong12345

description ioc process

File opened for read /proc/cpuinfo com.example.CangKuGuanLiXiTong12345
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.example.CangKuGuanLiXiTong12345

description ioc process

File opened for read /proc/meminfo com.example.CangKuGuanLiXiTong12345
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

com.example.CangKuGuanLiXiTong12345

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.example.CangKuGuanLiXiTong12345

description	ioc	process
File opened for read	/proc/cpuinfo	com.example.CangKuGuanLiXiTong12345

description	ioc	process
File opened for read	/proc/meminfo	com.example.CangKuGuanLiXiTong12345

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.example.CangKuGuanLiXiTong12345

com.example.CangKuGuanLiXiTong12345
1⤵
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
PID:4618

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/CangKuGuanLiXiTong12345/cangkuguanlixitong12345.db
Filesize
11KB

MD5
6d6af3982ec9310e63d46c91aec44497

SHA1
c8800318df8841147f9752ea4ab5b89a3a50ac28

SHA256
6dcad7787178660dd88451b9346090ab006c187a83e140da0eed0a07d8b15bda

SHA512
7671ad4d47786e9f401897fa1295cf517e4b3b1a25aabd65f6a9c17361501ea07508f2f8f9e5d71177a412f209ded4575ebc08e9a6b7876061bfa3b23c30dd54

Download Submit
/storage/emulated/0/CangKuGuanLiXiTong12345/cangkuguanlixitong12345.db
Filesize
18KB

MD5
4fcdc3a826ede80d01afd817f27fc98b

SHA1
ce773578daa1c6b3052db551d20d536a9ee4a7ec

SHA256
2dcf4b2ed770a97627e0df472e510502cf4ff201f5918dc0ff91ad15550f4a7f

SHA512
1e4bb50e4177861ae417df18ee417187a39acae823d1357d864307ba2b4d7df7b6fc4b9259903933553bbce484dff6b1936248ab06bfbc75739b73f89911122f

Download Submit
/storage/emulated/0/CangKuGuanLiXiTong12345/cangkuguanlixitong12345.db-journal
Filesize
2KB

MD5
e92fd00f88ab7faf0b36d5d962d31e6f

SHA1
7747c871c5519649ddc29eb7f4c24aae6d6dfcaf

SHA256
3c4c8f28d257098208588422ad90192a5fe411afaa749c652a1187f616e78be2

SHA512
361f743843d365ac2a864b60fa11ba279974069383b640f701aed0936b03da5d2ae59acf9ed247fab0f6d13bf41c0cc8fab2322a1139f6c8a0f4c3b039d66c56

Download Submit
/storage/emulated/0/CangKuGuanLiXiTong12345/cangkuguanlixitong12345.db-journal
Filesize
2KB

MD5
abf3d1fefc7dbb620bc415548d9d8e67

SHA1
151e93ab75ab02bfbb4cf67c6be373488b132b7e

SHA256
50290f2180a11f4430d8bbbb5248176cdb41cd2e510cfa2058dd3456939975ff

SHA512
b70227dfde9bca6ec1b2dde68d4468cd40b9fce0004aea0bf2ca0f0014aa4c9e4ad25e70855a23bafd151180d2f1ab3937c6d215e522d36871211be2813ef30d

Download Submit
/storage/emulated/0/CangKuGuanLiXiTong12345/cangkuguanlixitong12345.db-journal
Filesize
2KB

MD5
16ec47591a4d0c31dd0c83db7b7c6547

SHA1
49031e5a7047ae84603aa1cff3eeea9c286bf83f

SHA256
e6b10a7d9ee7043b0b1aecd0ddc8db0ff5fd1b0a7ddfc67d33419b675710c903

SHA512
81641a3533cacd3a1d4d509f62c44aaec60f74eeecb68d06d447b5b1bed1ffb8bdacf92ed97c2cd541cc71d17de44d9dcee00d6dea2d6c2d700dedaa44b8db22

Download Submit
/storage/emulated/0/CangKuGuanLiXiTong12345/cangkuguanlixitong12345.db-journal
Filesize
2KB

MD5
00ec2002228b2f5eda3d69168d0c8aa4

SHA1
2ef72e13aeab9a861f04412a49d7d392b7156e6c

SHA256
64ca0258a7bf193d85691e3945e464d5cdabaa677d7ec7696f7dc06eded20269

SHA512
79193f6b3dd2b663e56dc7aedd48784043d85086bc33f188bf62d182ca6e2e29d7f33c4ed250b86e102ed9ae2155d2230d9e12a43e0b4cb5f7eff17d5804ef91

Download Submit
/storage/emulated/0/CangKuGuanLiXiTong12345/cangkuguanlixitong12345.db-journal
Filesize
2KB

MD5
d9712e47e88c2096700503593ea819a8

SHA1
749665618c7857a22533debf9bd95c0da71ad33d

SHA256
6433dd647d7d87a4d36c502d17e068f230bc683ea5883afbda5fd3dfee0910f0

SHA512
f949eba7bb10ee137991d094703ab54dede47e811afc322a288499cff6fc489886a49b1a8a50a9e9fed72859ffe466926b99e3debbb9812c962c9498ed680a6b

Download Submit
/storage/emulated/0/CangKuGuanLiXiTong12345/cangkuguanlixitong12345.db-journal
Filesize
4KB

MD5
bc90cdc39150d39c6c1a4010bc03d6a3

SHA1
5a701998a5df562c61824049951fd705d4ce64d6

SHA256
acfe6eda742161c4fb1318eaed68642c78573673af227baffe853db8634b4b14

SHA512
b2eed5f4cd1919dbb190416b9bc36c58f8eea017ebd58b0326a2ae5d5e3490766311ffc864ed5c704ebe6bb12ad9f1e3048de4ded9c31b99e6f5ae40b3ad6304

Download Submit
/storage/emulated/0/db/gg.wav
Filesize
113KB

MD5
8028ea6ad5309e86f08a2ba6fc502735

SHA1
e69019188af6f0fc93e0b36d31489d077804861b

SHA256
e6a5d1891b91f439b85271b825808dc4c27c1a9947b943e291f60df7867087b9

SHA512
b8c65d357abc52cd91b331a2d28f02b842cf7ed50e266d987d19fecda2b89da0bdf78e61a14f60dad319eb75adcb49c48a6402053d66bb2311171b185fd37db6

Download Submit