Overview

overview

8

Static

static

6

civio_ship...��.apk

android-9-x86

8

civio_ship...��.apk

android-10-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    civio_shippark1.3.1内测.apk

  • Size

    5.7MB

  • Sample

    240523-prtgtahh4x

  • MD5

    2223a5d90ab31d0fb70697681f7c249a

  • SHA1

    193604f1c495c172e52e993d28b5081e3927b9c0

  • SHA256

    fd04c0f2ee81e834e6da4be44b6592e55b6b06de43c7f8dd391c6a2ef8339141

  • SHA512

    57f241deefada894df6528e4b84423d89d5f6e32a028d710178fefc3cfc1e0b40d140b88094788f410b4f88be6cef76c34537197501e1a66fc6ca37c11a520ab

  • SSDEEP

    98304:uL3SSxOr4BuzoXTUTCu7shaITmx99Jg8MEYA1pQhHKsxlVXG0SJV8BEAM:uLBOr4gUTNUsEJFavVW0QAM

Score
8/10
androidbankercollectioncredential_accessdiscoveryevasionimpactpersistence

Malware Config

Targets

    • Target

      civio_shippark1.3.1内测.apk

    • Size

      5.7MB

    • MD5

      2223a5d90ab31d0fb70697681f7c249a

    • SHA1

      193604f1c495c172e52e993d28b5081e3927b9c0

    • SHA256

      fd04c0f2ee81e834e6da4be44b6592e55b6b06de43c7f8dd391c6a2ef8339141

    • SHA512

      57f241deefada894df6528e4b84423d89d5f6e32a028d710178fefc3cfc1e0b40d140b88094788f410b4f88be6cef76c34537197501e1a66fc6ca37c11a520ab

    • SSDEEP

      98304:uL3SSxOr4BuzoXTUTCu7shaITmx99Jg8MEYA1pQhHKsxlVXG0SJV8BEAM:uLBOr4gUTNUsEJFavVW0QAM

    Score
    8/10
    bankerdiscoveryevasionimpactpersistencecollectioncredential_access

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

      evasiondiscovery

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

      collectioncredential_accessimpact

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Checks if the internet connection is available

      discovery

    • Queries the unique device ID (IMEI, MEID, IMSI)

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Mobile v15

Tasks