Analysis
-
max time kernel
155s -
max time network
173s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
23-05-2024 12:08
Static task
static1
Behavioral task
behavioral1
Sample
1.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
1.apk
Resource
android-33-x64-arm64-20240514-en
General
-
Target
1.apk
-
Size
4.3MB
-
MD5
bba684883c695c5261dfc3a2e3007ebf
-
SHA1
275024f65f133b94ae3c2c1105c7ee96f7e3680d
-
SHA256
2fa026eb7dcfc0b6f32d2ac5e5244c183e51eec17c12c6972b87f043d97ba640
-
SHA512
bf5c4a007a35ded6d854f196afd869bb7c9a24170593354df25616d14870b4cdbb573de3472feb7b6fa1e589293069ed2d25bd10bd69d644707dbeb55ae1dbd3
-
SSDEEP
98304:Nrkal0ke1Bw5qkPzQiwqiJWQz/mj8Ow4BKsxlVXG0DMKsxlVXG0c:NoauXkqkPzdzzoeIOwavVW0DkvVW0c
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
io.dcloud.H53E0C750description ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo io.dcloud.H53E0C750 -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
io.dcloud.H53E0C750description ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone io.dcloud.H53E0C750 -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
io.dcloud.H53E0C750description ioc process Framework service call android.app.IActivityManager.registerReceiver io.dcloud.H53E0C750 -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
io.dcloud.H53E0C750description ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo io.dcloud.H53E0C750 -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
io.dcloud.H53E0C750description ioc process Framework API call javax.crypto.Cipher.doFinal io.dcloud.H53E0C750
Processes
-
io.dcloud.H53E0C7501⤵
- Checks CPU information
- Checks memory information
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/io.dcloud.H53E0C750/files/cnc3ejE6/eje3cncFilesize
335B
MD5585839d66722cfd02e40cb740cccb633
SHA1374c19200fee201b26d0153487a281a934615884
SHA25686a9bb4985cca6c9636c4fd071bef4b70ba7b3a5eb51af869a1299dc2b1574a8
SHA51209bbe1bf1455861fd4732f2d1945c84bac34090906ac2fab75d144c22ffcf6bc585c8209e94a2b1919c8402df53966081a1af2993e12261ae4c4ac5568667d88
-
/data/data/io.dcloud.H53E0C750/shared_prefs_ext/test_appFilesize
24B
MD55291edae17c81a7909dc027d2647903f
SHA112e42bf8a5b39b6d9736abb9defffa5f5d6d0c12
SHA256dc093e9c4253c774619c65d11c44c6625d474ae2047320fc0396f11a38cac513
SHA512fc0817cd9daa23d49d25a09763a72614281fda171f69837731b4af810eb1943b638ccee85ccbf84c7a6807d6fd541e518f6424c254b1b75795310e85170ed62f
-
/storage/emulated/0/.imei.txtFilesize
32B
MD55d28abc7a878780f7391bf9b51fbb261
SHA1d2a1b2d6568ca250cf72bd71cfd95f886bc7a055
SHA256a1cfac48503e235e0e853ba043f34b8bc604e9bc3cd9bbc21d4627958130e83c
SHA512dd4ff09a14657d362820be8c91e72e685f72f314a354aecc5003261a04c711b5e2fa89e70e196edc8a02bf388c118d3a60000bca92715bc5331e03b91e51b4ae