0bcbefd0236fc1d9a531add77f22e034ecffd9e8bf401ec7497db572b48722f1

Analysis

max time kernel
176s
max time network
186s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
30/05/2024, 07:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

indusIndBank.apk
Size

1.5MB
MD5

7114e0481b9a454e3d61132ce3808b3a
SHA1

0e5c5adb6b67b3562ea7a17c3423515fad88fb56
SHA256

0bcbefd0236fc1d9a531add77f22e034ecffd9e8bf401ec7497db572b48722f1
SHA512

867d99be181e17de53842b47e8aab075a68eb6b5f819400fcaa8e1f0eaade67f2142e5edccde00b981a99b68e468704ea4d4f6047ad1dbf10c8d35b8842c4814
SSDEEP

24576:SxiQE6R8OhcDE8rutWkC5Uh3L/UVdl4EB1blw0e7v4y71YUvHV:SAM8OhcDUtlfh3LcVdzbyx7r/V

Score

7^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.example.sms

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.example.sms

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.example.sms

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.example.sms

Checks the presence of a debugger
evasion

com.example.sms
1⤵
- Checks CPU information
- Checks memory information
- Makes use of the framework's foreground persistence service
- Obtains sensitive information copied to the device clipboard
PID:4570

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.example.sms/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
81bacc2e788116d2cd314f031d8c7f56

SHA1
d459de4a90ec67bd450902a3c20069a7f15ce833

SHA256
6cb470cac6741a2f577b8d2aae2c5454f8c6b473c1087371bd4ece7b0b14144d

SHA512
c936b5b9af4ba9bead6224910d93b0ceac1ecd7d2a2e714fa26f77a0f9bcc814c644536a11b119c7dae642a2d27f434d29c7686364899c86055a60f3ea3e2453

Download Submit
/data/misc/profiles/cur/0/com.example.sms/primary.prof

Filesize
1KB

MD5
b53461c78f1281447ffee33f343a7947

SHA1
e0afe5ff27e0e96c8181ad8d7b9fb87be28d3849

SHA256
14390e9160ae956d99390444a1fbfbe8331e65614e6a7615a4067b9aee140810

SHA512
2153f5234d68c08bd5fbff4484125ba00a92e6f99dcabf6b3b5c40c89be9d3154ccbd0499b8b369f9425ca5064e3a79e20d8adbcb7e33cfec3c8a8a14db42aaa

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads