Analysis
-
max time kernel
19s -
max time network
132s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
22-05-2024 12:22
Static task
static1
Behavioral task
behavioral1
Sample
AAA_OTL_1.5.1.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
AAA_OTL_1.5.1.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
AAA_OTL_1.5.1.apk
-
Size
9.8MB
-
MD5
b92146427445598b49d0bba02139758b
-
SHA1
79791e06081a0b51a189f109272d20de444f2162
-
SHA256
0efdc8f5e0c75e1c4a4b7008b1406a25915f5df9e6b0d08c69dcd2786909c2c3
-
SHA512
9b699ec7babe19833b673fd8a7f6c44fb2e90d30ffff5bbb6d86a4c52fa8ecf6294aa1c3c3a41031f906ba611cf812fa75116147ff305eb582de45dbdba89529
-
SSDEEP
196608:2uhTgnaC91Bv9qBnnuN94iuAeqizOW3SbkeT3L5C6hbG1uRwiTyaxdIGfFvPL:Rny156nSa0eqiz7CbkeT3NphbG1uRPuS
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 14 IoCs
Processes:
org.outline.android.client:vpnorg.outline.android.clientioc process /data/local/su org.outline.android.client:vpn /data/local/xbin/su org.outline.android.client:vpn /system/app/Superuser.apk org.outline.android.client:vpn /system/bin/su org.outline.android.client:vpn /system/app/Superuser.apk org.outline.android.client /system/bin/failsafe/su org.outline.android.client /data/local/bin/su org.outline.android.client /sbin/su org.outline.android.client:vpn /system/bin/su org.outline.android.client /data/local/xbin/su org.outline.android.client /sbin/su org.outline.android.client /data/local/bin/su org.outline.android.client:vpn /system/bin/failsafe/su org.outline.android.client:vpn /data/local/su org.outline.android.client -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Checks the presence of a debugger