29e028d52b0a5b8e7b3d627028828cdf2e0b4ccae1dfaaeb3884cc7babbe17ce

Analysis

max time kernel
178s
max time network
157s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
29-05-2024 21:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Flash-Browser.apk
Size

1.0MB
MD5

8b183c787aa69873965d24d67abeeb9a
SHA1

b80d5ed35d5cf7df5ebdf9169ec71dbb7a411a1b
SHA256

b4617f5735eec873ee271a8642c5fc29f293d2d6efc3f8504f808c5e1176816d
SHA512

d81b3cf096e6a89b700193389da1a792990207e1ed92f9aae54a340598c54b13db3ade1b315c342789e73e3697f5e02b40a436377ff4d4ec3823314f5c59ca1f
SSDEEP

24576:/SG9qt2Cfu0iusUs2RGLEJTZNrzljfUJLkHOO9t6J:/SGVCfKa+EJNNpyC6

Score

8^/10

banker collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.tech.browser

description ioc process

File opened for read /proc/cpuinfo com.tech.browser
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.tech.browser

description ioc process

File opened for read /proc/meminfo com.tech.browser
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
evasion

Download New Code at Runtime
T1407

Processes:

com.tech.browser

ioc pid process

/data/user/0/com.tech.browser/app_ttmp/t.jar 5114 com.tech.browser
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

com.tech.browser

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.tech.browser
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

com.tech.browser

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.tech.browser
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

com.tech.browser

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.tech.browser
Reads the content of the browser bookmarks. 1 TTPs 1 IoCs
collection

Data from Local System
T1533

Processes:

com.tech.browser

description ioc process

URI accessed for read content://browser/bookmarks com.tech.browser
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.tech.browser

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.tech.browser
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.tech.browser

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.tech.browser
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.tech.browser

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.tech.browser

description	ioc	process
File opened for read	/proc/cpuinfo	com.tech.browser

description	ioc	process
File opened for read	/proc/meminfo	com.tech.browser

ioc	pid	process
/data/user/0/com.tech.browser/app_ttmp/t.jar	5114	com.tech.browser

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.tech.browser

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.tech.browser

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.tech.browser

description	ioc	process
URI accessed for read	content://browser/bookmarks	com.tech.browser

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.tech.browser

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.tech.browser

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.tech.browser

com.tech.browser
1⤵
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries the mobile country code (MCC)
- Reads the content of the browser bookmarks.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5114

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Data from Local System

T1533

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.tech.browser/app_ttmp/oat/t.jar.cur.prof

Filesize
364B

MD5
059c45b0cf793fe1e53b391ab9dfc147

SHA1
82c60f03dae6f6ea4866d6104fb5487eee0bea59

SHA256
2c403ed9ffd05c9888a7a016d64ed64ed54ba5a5dfe339881d823d82f98e6292

SHA512
ed6a88f9240113d7274acd23c6acc4a9bca50a4ba0719eb7d189576d92994722e36950024226d2509693cae8081b7e99a9288d57c18e5edc41998c4241dd42ea

Download Submit
/data/data/com.tech.browser/app_ttmp/t.jar

Filesize
172KB

MD5
39f7c5d4a7962708aa7d98bf2fadfc27

SHA1
cb348f750596b2e54705eb7d20b9fb2cc9d8807f

SHA256
e303dc3a3e31e4d525840e20486b6a99821e330b75c11e61c0f78d56f5dd9558

SHA512
55267b2721b056f9dab24c9f29df40db648cc3bd2eef0f4464da5545e6540f3f18cd8cdd9b7e7c77fe7a4fe37a08eb1bde482edbdd7eb364dd840f7f83740caa

Download Submit
/data/data/com.tech.browser/app_ttmp/t.jar

Filesize
172KB

MD5
cf9c7fb39d30b43019bfac428a3269ab

SHA1
912d7b2f83d9d0eae24d5b4cf1a5033cd2b8a283

SHA256
9031644073855d5bc7ad4ac8f211b472c7b52b8a5b743e85b40d1864f95a09af

SHA512
2450ac53f0f2ecec5d32ce0fb90ce4ed051d25319965d6758d90e0ede8cc813d445911e7511f140510d3ed19390a1effb9c1758861a95cecde8760abe127590f

Download Submit
/data/data/com.tech.browser/databases/com.tech.browserb

Filesize
64KB

MD5
2428ecdd7fef7b383041b29a7df1d648

SHA1
913791d111e6bf82831a86d1e36168a3c8bfdbf0

SHA256
7c5f4f92b787785c21f8c156890f0eb18c3dac64edb538a7289084f4936dbe7e

SHA512
55dc9d95ea2483a1af526761db23e937604e9b77de366206e098f035bd6d48ce2d4b834b89609c93bb46af475de813991693105f9162f4e0b062a615e0fa8e85

Download Submit
/data/data/com.tech.browser/databases/com.tech.browserb-journal

Filesize
512B

MD5
f5c43eda0f130e813620869aeaea2747

SHA1
03196789b13dccb9f2dfa5e6caf42985784c9386

SHA256
93b257faab4af1f5713f942ba1c3784a87b039dcda35777dd6c408d93a964aa1

SHA512
63760acdfa8fa5d2dfe55aed167403f66eb75358e223d1a6642dc95ce773d9b11675480c580561e250a6f1125210c461f114088c6251e7f2039d9f3dc1afb192

Download Submit
/data/data/com.tech.browser/databases/com.tech.browserb-journal

Filesize
8KB

MD5
983720de308997daeaed3a7863bc956f

SHA1
5d24287631fb29a47a15e419b3ac635249a805f6

SHA256
6e4a20c6242776bf9f522359752c967c5d488cb0d73ab633450fbb18785a6875

SHA512
0dee8ff79fcd2813d8cd4a54606c72d2cebd4013fbdf6b62d61a4638383344490f06f80ac799600517e5aeda967f8a76a036e3f7e507b2461671607f5c0c4b88

Download Submit
/data/data/com.tech.browser/databases/com.tech.browserb-journal

Filesize
8KB

MD5
b842367f1fdb6c5825971e3f26b61002

SHA1
5e6cb869ea275ff48b8fa5798155cac0a61d36ba

SHA256
332ff6c489ca2f437bf711a19a92791d3077a4b11185878767ab31e215fb8ea1

SHA512
9c447fedceba89e5ea6f1855dd11f625e15efa8f96652ee10e1b536f96eeed5a8623f8d5176af8ab912476501338d1790b5e6a002b12b5af04516f03652740bf

Download Submit
/data/data/com.tech.browser/databases/com.tech.browserb-journal

Filesize
12KB

MD5
c756310f962de6f47484157e1bc01334

SHA1
e5eb32e1a32a394ac8b3bf30f3bbec39654daac9

SHA256
e15d323e8923bc262d6db327a4c23d374aa0d80504542486ddeca26805c886f3

SHA512
fc8407436defb3efcf6f113181d9f6e02edddc0764ae9826c1b3f7522bbc26fe434ebc21e829b13aba343fde7665be23e7656349b051b8a820ba76ebafab3393

Download Submit
/data/data/com.tech.browser/databases/historyManager

Filesize
16KB

MD5
8f591d1720a7c8443172c5c80b9a89de

SHA1
7a3ae3118ffa3a2c8a92a07ae3563be067cf9411

SHA256
e2da34d516d01572616f0cc3888d6d6f54b6553f346986ffec791253b195ed65

SHA512
c2ebe1ec89e8816b144dbff1d221dfc1afe66ce762fa2d3e6c1bc873300d10fdccee3455374d5015b438bfcf5fceae42b095d26c6139107ef1a3141fd2b6c171

Download Submit
/data/data/com.tech.browser/databases/historyManager-journal

Filesize
8KB

MD5
6efcbeea3b86527970f47ab471f0327a

SHA1
8b850d2883cbcc83aabb56c3e136db52e536f61e

SHA256
6fa643ede30257f9fe039d246e0113b0c142456865c457d269fec2e23ffbe554

SHA512
733d72a38b0cd7804bf474dcb4bb96064ae68fa09eeeaac3b26ad64f3c77baad6f83a49d6799ad654d7c1eddf0fea4fef6a1c02c822d1cc8acf343d5ed728996

Download Submit
/data/data/com.tech.browser/databases/historyManager-journal

Filesize
512B

MD5
3670f3cebd8558b52b5dd14fc85f09bd

SHA1
2f870ce23ed396ca41f5ab98ad29bfe9c147f976

SHA256
f15291bc7c69223dcfea45ee4043a51a3c19d96d7f9bd90c09672a0e4b215796

SHA512
0ccdb27aca88646e7be2064b8b65c10ab4377ce559e3c85ee87b1af6d90d12c9583234e94187d98b39a8209b0d34413cb3046157019c6541013c88c1a24577e0

Download Submit
/data/data/com.tech.browser/databases/historyManager-journal

Filesize
8KB

MD5
c543037495ed1500f45158383b844f59

SHA1
212da4cb65f78294c2243b292ccf15b35a94fd3e

SHA256
bb007c5a131dac62885061e465b9895551ef7eb390bd46e89a28c1b15fd5e8fc

SHA512
e3098e6b4e4ccdbcc6e29b33f020a6149915158d5266e912a579c9f6b3453b412e2020288aa39890b0763b2e38d89253d6b27db9ebdcfb9792a552507c2cf41c

Download Submit
/data/data/com.tech.browser/databases/historyManager-journal

Filesize
8KB

MD5
1bdc3b93ac6951d460183e4856bce833

SHA1
b41ccd2ff52030b6c0d44158fea3c0e284575cf3

SHA256
acedb4ada22098311f22693e01af9d53adc4a4af90fa6fedd79f6e586320c15c

SHA512
d04d37cbc72dc61362a9d96286308dc50455a33ad91a628d13fc263b80e632d81e4417417e00b13a6e581f208455923f1c7efd6d76a5acd00981d5be97bfad83

Download Submit
/data/user/0/com.tech.browser/app_ttmp/t.jar

Filesize
363KB

MD5
71f79ba9526f0b6a04ff423212d75238

SHA1
ff505b3673f566a812ae925acc84157a1b6f34d7

SHA256
ab9672e93263e2459e8381f5216b8d8ce928c7bff5fd74cca8ae6f32977e557f

SHA512
b8df08dabb951a4881c0bb7cba6b80b76eeef9776fff51730daa8672f0afb6fa514b9c8bb8981b93db698698a83b77391e16aa612b55cf1150d6c18881aa2253

Download Submit