Malware Analysis Report

2024-09-09 16:29

Sample ID 240608-tkglwsdb5y
Target 15210-v1.9-4248-noads.apk
SHA256 dbe1f38fd27bfe08b15a93e47dd81071a587ef153badcf947fe8eb04d4ec0a65
Tags
collection credential_access evasion impact
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

dbe1f38fd27bfe08b15a93e47dd81071a587ef153badcf947fe8eb04d4ec0a65

Threat Level: Shows suspicious behavior

The file 15210-v1.9-4248-noads.apk was found to be: Shows suspicious behavior.

Malicious Activity Summary

collection credential_access evasion impact

Obtains sensitive information copied to the device clipboard

Loads dropped Dex/Jar

Checks CPU information

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-08 16:06

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-08 16:06

Reported

2024-06-08 16:10

Platform

android-33-x64-arm64-20240603-en

Max time kernel

73s

Max time network

132s

Command Line

xyz.aethersx2.android

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /system_ext/framework/androidx.window.extensions.jar N/A N/A
N/A /system_ext/framework/androidx.window.extensions.jar N/A N/A
N/A /system_ext/framework/androidx.window.sidecar.jar N/A N/A
N/A /system_ext/framework/androidx.window.sidecar.jar N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

xyz.aethersx2.android

Network

Country Destination Domain Proto
GB 216.58.201.106:443 udp
GB 216.58.201.106:443 tcp
GB 216.58.201.106:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.200.36:443 udp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
GB 142.250.187.227:443 tcp
GB 142.250.200.36:443 udp
GB 216.58.212.196:443 udp
GB 216.58.212.196:443 tcp
GB 216.58.212.196:443 tcp
US 172.64.41.3:443 tcp
US 172.64.41.3:443 tcp
GB 216.58.212.227:443 tcp
US 172.64.41.3:443 udp
GB 216.58.212.227:443 udp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
GB 216.58.204.74:443 remoteprovisioning.googleapis.com tcp

Files

/system_ext/framework/androidx.window.extensions.jar

MD5 3056e1bdb7d4e19789d0319eff484bd0
SHA1 6791ae47aa9466fe0bca27ad6643f846853bbee4
SHA256 8e6331a07c9f2ac139214c527dcaff2c82d126bbe7bd3420cdc36d6a8c9204b0
SHA512 c790980fd68d9f89e32743bc28846807d5e5947c555f494de47714dec5cbd0c08d81c3260fa463759d1b17a953af3c44ec30b14fb08bf6b29db3837346c9f658

/system_ext/framework/androidx.window.sidecar.jar

MD5 29469324e59dfcc052f24b5af4e7b2c4
SHA1 10c1e17ac6f598037bb51baa07945663645de4eb
SHA256 9195dc6a1c75a841384050240dfc972e48178964993fba6619788625f4b40d1a
SHA512 5e27c2b1431369a248298f2f749136a575005584f9999f2a4c204a0c47adce2e33c8df9f058bdafa1bde1c99e46d175560cedfcddcd8581718ed1d9973c37cc2