Overview

overview

7

Static

static

6

e4d7484b88...b8.apk

android-9-x86

7

e4d7484b88...b8.apk

android-10-x64

7

e4d7484b88...b8.apk

android-11-x64

7

Analysis

  • max time kernel
    49s
  • max time network
    131s
  • platform
    android_x64
  • resource
    android-x64-20240514-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
  • submitted
    24-05-2024 02:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e4d7484b888deceefeb17ee346821a0c9d3112dffd5ad57c71f4df7d304580b8.apk

  • Size

    2.0MB

  • MD5

    71f6cdb3d8eebe1c8e7e26896238e571

  • SHA1

    019134386a6d900d61285e5e986249928a9504b6

  • SHA256

    e4d7484b888deceefeb17ee346821a0c9d3112dffd5ad57c71f4df7d304580b8

  • SHA512

    740e8bcde7462b99972ea472ee0cae53f4f61fcdc6d9ca1c8c44d0661323178c891f7fe82052cd7bae7239d7a953a6dcdb5e6fc42b28cd4acc9e1634e284228b

  • SSDEEP

    49152:I8FjWz5Kzip37zl3fg1S1RvyzHth1mFI1/3Go1eiUMG1VummJwga8TGi3U/kX1l5:IIhup37zlviS1GHoFW3aiUM6ummJwgaE

Score
7/10
collectioncredential_accessdiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence

Processes

  • pl.spyone.agent2
    1⤵
    • Checks CPU information
    • Checks memory information
    • Obtains sensitive information copied to the device clipboard
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:5199

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/pl.spyone.agent2/databases/database.db
    Filesize

    76KB

    MD5

    dd46d6cae176055d8617ceb3d40f1d96

    SHA1

    b7a971b5f755f7fd5f9041bb1a0ffb1a74d9dd57

    SHA256

    c4d2fc19a3c54c2d2cadde804546ce6f62f960865b829ea240026e1ea2706e96

    SHA512

    54d353f7e746aa3935848cc2f694cd6cfbd1c59b6f56e276b76fad0f0a4c8ea09cd4835be8a8ccd615a7714d3e212a091d93a2b3b835f4ea767c8ba5950a5516

    Download Submit
  • /data/data/pl.spyone.agent2/databases/database.db-journal
    Filesize

    512B

    MD5

    d0eedb5754c1b37598bef3702997abde

    SHA1

    ee7d3585b45ccd51b418b3646b7048c7fe9c4cae

    SHA256

    a8f99cfc16c1066494ff4babfc1d166a1e0d5c97b430aaeb39425446ef74e426

    SHA512

    4ef80611becaa9673a0952413f98787110f32ca29eee08d9fff414f1e2dc084326df80cec96e79ac530c59576388f1275317a28f8665dbbba6e982a66588def9

    Download Submit
  • /data/data/pl.spyone.agent2/databases/database.db-journal
    Filesize

    8KB

    MD5

    94a1b5007e3abdbf6b3ff65768334580

    SHA1

    4c74dcf65f47f64bd4d4a2afc61ad880bccbae87

    SHA256

    a13f1623d0765ccbb291e34de8f87a216e46694fa6ade5ab149b14f10047f266

    SHA512

    6f5dcff04a95b49dd6640435cdb4f3ee76664d1b393c33f3c2b532296abb844b990e6e12304a1017353f3500262aa821d9c6768fc2414956f11181fe8d26c287

    Download Submit
  • /data/data/pl.spyone.agent2/databases/database.db-journal
    Filesize

    8KB

    MD5

    cd573d7096c14d9bfafda9a9fe2b4a62

    SHA1

    888e752dd035590820d9944ea12aafb599b91ccd

    SHA256

    b8d8a36e02fdbec027a15db26f255b34b667852167e422c6760499594611bb3f

    SHA512

    e39f4b5f377bdba87f6984ac516adc71f5385262ccb41d0ea9dde25acee752a6a278e23c6be3b11901598bcab1047274e45263cf8c837fee2ba1db27a89dc1c0

    Download Submit