Analysis
-
max time kernel
51s -
max time network
131s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system -
submitted
22-05-2024 15:54
Static task
static1
Behavioral task
behavioral1
Sample
Oneeshota_Infection.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
Oneeshota_Infection.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
Oneeshota_Infection.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
Oneeshota_Infection.apk
-
Size
71.8MB
-
MD5
bece83eddbbdc1fa965c96adce41014b
-
SHA1
f481d6fce6c5ec24fae79feedbb8306378760472
-
SHA256
7df5874698c9b42137280fb3db70256753ba9580d76b579e0a6cc1626aef3854
-
SHA512
fb85f531fbc58d62225a7235488a63dd2b512caf6baa606eb1d3570a525913e59159c6e8d7f4321558fb7fcf43059a4f142c496f08f043db7b63d12f7b5980c2
-
SSDEEP
1572864:f1Tvg8yPB3RZYINT/5FftPWUdDNiocfYqYsOW1TzQwQtyYCcvxS:f1TvtQ3MO3ftzdco2Y3slzQ7I
Malware Config
Signatures
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.oi.luccisandescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.oi.luccisan -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.oi.luccisandescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.oi.luccisan