291262ce868cbc79f1fa9083a75c752221ecdf7f13b0c4f0b0464df604343c34

Analysis

max time kernel
165s
max time network
188s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
23-05-2024 12:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2.apk
Size

5.7MB
MD5

a874bf4c4364e0deac61461dd65f17d7
SHA1

0485f924e89be83c8b18e81fd160bc3bb4166ccf
SHA256

291262ce868cbc79f1fa9083a75c752221ecdf7f13b0c4f0b0464df604343c34
SHA512

7e4e6b593a2fffd140a33b575bdd47606d0537ad546a52fde80b29c57f2b774e72f05a533022dbcd1b576318ca8e38b91c7bf8ffc47757ae5ab761fafda89423
SSDEEP

98304:nAqo4gvFkYMMyL0py/kzM0yQfBwBm+PzQiwqiJWQz/mj8Ow4FKsxlVXG0XYKsxlB:njoKvMMyyMz3P2m+PzdzzoeIOwuvVW0s

Score

8^/10

banker collection credential_access discovery evasion impact

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

io.dcloud.H53E0C750

description ioc process

File opened for read /proc/cpuinfo io.dcloud.H53E0C750
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

io.dcloud.H53E0C750

description ioc process

File opened for read /proc/meminfo io.dcloud.H53E0C750
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

io.dcloud.H53E0C750

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener io.dcloud.H53E0C750
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

io.dcloud.H53E0C750

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo io.dcloud.H53E0C750
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

io.dcloud.H53E0C750

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo io.dcloud.H53E0C750
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

io.dcloud.H53E0C750

description ioc process

Framework API call javax.crypto.Cipher.doFinal io.dcloud.H53E0C750

description	ioc	process
File opened for read	/proc/cpuinfo	io.dcloud.H53E0C750

description	ioc	process
File opened for read	/proc/meminfo	io.dcloud.H53E0C750

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	io.dcloud.H53E0C750

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	io.dcloud.H53E0C750

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	io.dcloud.H53E0C750

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	io.dcloud.H53E0C750

io.dcloud.H53E0C750
1⤵
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4512

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/io.dcloud.H53E0C750/shared_prefs_ext/test_app

Filesize
24B

MD5
5291edae17c81a7909dc027d2647903f

SHA1
12e42bf8a5b39b6d9736abb9defffa5f5d6d0c12

SHA256
dc093e9c4253c774619c65d11c44c6625d474ae2047320fc0396f11a38cac513

SHA512
fc0817cd9daa23d49d25a09763a72614281fda171f69837731b4af810eb1943b638ccee85ccbf84c7a6807d6fd541e518f6424c254b1b75795310e85170ed62f

Download Submit
/data/user/0/io.dcloud.H53E0C750/files/cnc3ejE6/eje3cnc

Filesize
335B

MD5
585839d66722cfd02e40cb740cccb633

SHA1
374c19200fee201b26d0153487a281a934615884

SHA256
86a9bb4985cca6c9636c4fd071bef4b70ba7b3a5eb51af869a1299dc2b1574a8

SHA512
09bbe1bf1455861fd4732f2d1945c84bac34090906ac2fab75d144c22ffcf6bc585c8209e94a2b1919c8402df53966081a1af2993e12261ae4c4ac5568667d88

Download Submit
/storage/emulated/0/.imei.txt

Filesize
32B

MD5
d6a6ad4d37f25e70d6686f0da5f4479a

SHA1
75986452099e4ae1ff6b11d93d7464f82001c84b

SHA256
89581ed0677af28cf0e33957752c0db73807e634aa0f6042a0e27198dfa96ffc

SHA512
00b53b7aeb82da7d02f99a2979094450614a9fe13dbca4e667b1d4c3a7665dc069082db1e5aca3497e295b15275eaa6930ced935b18dd74a3a21fed24f85e2ac

Download Submit