7df96467c4d47cadea45542432e4cafb80aceff0a93bd90efbd5c18191323f7b

Analysis

max time kernel
93s
max time network
151s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
22-05-2024 15:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NPC S School Chapter all you can F.apk
Size

31.7MB
MD5

6538096828aa34de23462951f8941bd4
SHA1

b224b5bbd14f9840e60b520675e07fd34b629822
SHA256

7df96467c4d47cadea45542432e4cafb80aceff0a93bd90efbd5c18191323f7b
SHA512

73181d33fd2ea87888838f86405d242e77763fbf3ce1b0ea6f0489614295fe6df27b748df67f1c672033baaf2273e2dac127f7a1231d0b9aed97ffe9ff07e3d9
SSDEEP

786432:R3DxGAxPy2dwK3d9y+IVVZ1jvlps3GgjDyhgwqIT6WVT9vKW:RTxB0K3OVVZ1jvAGc6g47VT9vv

Score

7^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.sensitiveusername.npcscfcg

description ioc process

File opened for read /proc/cpuinfo com.sensitiveusername.npcscfcg
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.sensitiveusername.npcscfcg

description ioc process

File opened for read /proc/meminfo com.sensitiveusername.npcscfcg
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

com.sensitiveusername.npcscfcg

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.sensitiveusername.npcscfcg
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.sensitiveusername.npcscfcg

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.sensitiveusername.npcscfcg
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.sensitiveusername.npcscfcg

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.sensitiveusername.npcscfcg

description	ioc	process
File opened for read	/proc/cpuinfo	com.sensitiveusername.npcscfcg

description	ioc	process
File opened for read	/proc/meminfo	com.sensitiveusername.npcscfcg

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.sensitiveusername.npcscfcg

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.sensitiveusername.npcscfcg

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.sensitiveusername.npcscfcg

com.sensitiveusername.npcscfcg
1⤵
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5082

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads