4a1873ad25c558a909f5347b7d6d9ab4933306d2836cad2d8386653399cb1a8e

Analysis

max time kernel
396s
max time network
405s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
03/06/2024, 07:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

app (5).apk
Size

3.9MB
MD5

a78e115709758cb54556bf87ba40e552
SHA1

e5afb7d01172b5815d30672e8cf45dd05f8f7a26
SHA256

4a1873ad25c558a909f5347b7d6d9ab4933306d2836cad2d8386653399cb1a8e
SHA512

4f46de0447bb952bf14450fdc2a44f0ced65246597a793ee6e37c6b50882c262817b75bbddddaceea11331f1ee39358c6876aacbde7121324e61dda6259e415e
SSDEEP

98304:lP2dEvZCQGO17qWa+db9XVHz48im1BOBZ7j3uJpVt:ledEvcQGIdbllB1srk

Score

7^/10

collection credential_access discovery evasion impact

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	adaaegjb.fbfabdac

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	adaaegjb.fbfabdac

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	adaaegjb.fbfabdac

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	adaaegjb.fbfabdac

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	adaaegjb.fbfabdac

adaaegjb.fbfabdac
1⤵
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4656

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/adaaegjb.fbfabdac/app_tbs_64/core_private/debug.conf

Filesize
101B

MD5
4130f9282536626954a0491bcc800ab9

SHA1
bba4307e34ae52e2f46d0ff60acbdffa6ec9c671

SHA256
84ff351164221c9288872f5e5b0b32f0666008680f0707fb48612ed66452f4b9

SHA512
de8ba55c2bedcdd1cf0b7c3168a362ae96ea0d627be22fdc9a98a75dc9e770d67e10f33b65018911942b889f26a061193554daa3ca5d43acb518e60d2c360e11

Download Submit
/data/data/adaaegjb.fbfabdac/app_tbs_64/core_private/download_upload

Filesize
108B

MD5
4ff980b26190f2ba6871604f283c9cd4

SHA1
42d3d7297a4ae338f16ea65fe87f02e62bbe20c6

SHA256
ea94369fbc2560c934e11a8e9239139cd1e6e5d521f7491512394855020185b5

SHA512
018d11953320d04da48cbf54a9dec77e5d26b757799bd097b88898a71e027ddc2899f3d1d84dd36fb4c6cdb4271a925e021c92f87a4b294db12d11bc4aa23be6

Download Submit
/data/data/adaaegjb.fbfabdac/app_tbs_64/core_private/download_upload

Filesize
179B

MD5
3d473b2c3f7560c365b74c859022cf66

SHA1
9507a9f9f8c949ce141a1decc0b029a6a348f25a

SHA256
da6c23bc4c98897d4ac4c497b21276d9ca99ed49901bc5c6c40d791ff3944944

SHA512
e3ebae682d8ac7c6ffa71ca6399c743c644b54b56773fe349f936a9772a95a611669b4a718e4557751a21c18607ab0a99eb2e22da1c09534ccef977933b116b2

Download Submit
/data/data/adaaegjb.fbfabdac/app_tbs_64/core_private/download_upload

Filesize
56B

MD5
8887e8a63a56bc4757d0d9e897214c22

SHA1
add49096ca5ca8c0503133cf137719d8dde9bdcb

SHA256
586b490e1c2435a036b1900ceecd81c602e7a2fef5a6b308e1a5cb30c683cc2a

SHA512
1b0ca3c0136c47a58e9c034cfb5a3f347337d6e8616bce1403a824737b14ad7327bf33f4ee67f562963e0ac57d78629c87d72a3003de8cb7cd1c875750fe3a08

Download Submit
/data/data/adaaegjb.fbfabdac/app_tbs_64/core_private/download_upload

Filesize
56B

MD5
3aac0b9da38fd6730134c857428ffc56

SHA1
b7493e4281c00f9fb3edc299a73547184abf6191

SHA256
742213fe3b09de0a4b67a5d3e639be8efe6b7f0e77baecb412211c3cf03c79d8

SHA512
e318a2ce8335ae1390186ca4ee77e7699591d33db642fd502faa0f3b6830778904442c061f66bfeb35ecfe9a3df23f3c23b6a5f64d1c0bb016bc38201a4f99d9

Download Submit
/data/data/adaaegjb.fbfabdac/app_tbs_64/core_private/download_upload

Filesize
84B

MD5
770b9112284bc520b0563be4c8d04a4c

SHA1
be6599c784ad949aab95467aea67c9ebbc017631

SHA256
648b352092a1bef26fa82d105288da4ff8d5a8e5ba60d0401a6e84f8f5f2372f

SHA512
6b2012b65b41ad0c0d633bfe79752e092ba8bbff6cec781d175b3440ca8b899c8760fabc52f0789c1e5b46f7334d583ddf64c95413c0911973b41f66a542d07d

Download Submit
/data/data/adaaegjb.fbfabdac/app_tbs_64/core_private/tbs_pv_config

Filesize
30B

MD5
894cd3e3153b60fcaa620dd354fc6140

SHA1
d20dec611e8b0d4331302caf8978af437003c57e

SHA256
c64d4d9f3365666ff6053a1e74d3c1190202fbbaee229983be2290adc09e8edd

SHA512
77482e52df38ecd545e003d7463e657da18bf09b83f2370fa80d73362b748f6bdd26473e4d95e4ce9c6df022ba125c730a5ae8b3609767ff43a0ec552d89fd25

Download Submit
/data/data/adaaegjb.fbfabdac/app_tbs_64/core_private/tbs_pv_config

Filesize
30B

MD5
ac17899c5e426b3cc50e72456fcb6a33

SHA1
a5cd3e1ef03dd54c94189a819d53a4a500cfc85d

SHA256
505643ac3fd42e01df64149bab2e4aaf12183f829d96359058803594fe853e82

SHA512
4b77118ecc497c4e1b5d5023d060b28c10d008c85435dce52c69f1ecc27979af223379bde2de14847b5b411916a7e1356040c58314817a9c0f30af23460a04bf

Download Submit
/storage/emulated/0/Android/data/adaaegjb.fbfabdac/files/tbslog/tbslog.txt (deleted)

Filesize
56KB

MD5
dac96d54a3a924a7d73ddbb0a9bf47d2

SHA1
f94d01ce747aa4cf28d88739769924b365007739

SHA256
27fe384330acd33b1fd89506fd4f6f60d460f726e10745f0fc9df800d864fec4

SHA512
7f4a04381219d6b77777a8d30c5c1d29a10f55d884d598806741ea584fa4d66797ba23ab1ec863cc8e71c18bf42992bc18bd891f8b1d0c66c4ff70c714a55ea3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads