Analysis
-
max time kernel
59s -
max time network
132s -
platform
android_x64 -
resource
android-x64-20240603-en -
resource tags
-
submitted
08-06-2024 17:23
General
-
Target
VirusShare_b01ecde97d96d1e3dadd481fda2fb218.apk
-
Size
52KB
-
MD5
b01ecde97d96d1e3dadd481fda2fb218
-
SHA1
93bc9b9e2092d592dd6845ee7210b05139c9587b
-
SHA256
d12d3ae07d9de40aa38f63eff80788bb47b12103d83afe2387c0a4bca0619123
-
SHA512
af84c8c1fecacfb4fa33d9db50bbc3d79e6fa84d3fe809c0b4508680e9c2a1b18f1d4d5d3df5414d248d2207deda29e0b4f47464c0b5e19f103ff129a9d9237e
-
SSDEEP
1536:OAhSKRjXmcnxZOHTepJP/WbjJ+puIOoPZNFCbnpn:OaJRjXmY6a3P2jJ+4Wwnpn
Malware Config
Signatures
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Reads the content of the call log. 1 TTPs 1 IoCs
-
Acquires the wake lock 1 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
content.popularising.converging1⤵
- Obtains sensitive information copied to the device clipboard
- Reads the content of the call log.
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/content.popularising.converging/databases/morningFilesize
20KB
MD5f342ee922707cc404e195fb21d0f0ad2
SHA1ea47d02a310e17102b7f567dd760829099f8ef1c
SHA256308052c5e9fa1352876a6b99e718056261e6640ff8b39391f21c701c4b02f3db
SHA512f615c38979def4a91782f6beb60990a39ac08bb3b01308381f3b8a0967ecc8f5874c5c574a361ca652f7fda8ec397372c4db341b8b196efc68a5d02797e0c14f
-
/data/data/content.popularising.converging/databases/morning-journalFilesize
512B
MD57811d365eab155d9262e5b0c5927f8f0
SHA1c83a187fa1daa1f37621172211180c5a3d2736cb
SHA25629605a8ef075d8ccc779e906f3e57f2a593ec98ca01c6a9c1b02c9394870fb5e
SHA5125b9da502e4fb877b9b71c44894c40cb2171e8388707018406fc0c07dbc372b81e7b8338f5f246982dd81a50f98afd6c32ce2420fc5ba5fcd01207063057bcb32
-
/data/data/content.popularising.converging/databases/morning-journalFilesize
8KB
MD549cd34bb8c3ddf53702067b0313c19da
SHA183318d2807a1e3583b1a3299ea1e702d332628f5
SHA2560979b6a3fd08b74cba321547d41f87ba9ba88a9557db8f3c062f415401cda28b
SHA512859481dbaebf7d936a8116be0a76f4c1141622bec3bc9dd222cecc2813035955bb06c2701ee8c1b64718f47fa77ed4933c505a296dbe953f04ebe5d80307c8e2
-
/data/data/content.popularising.converging/databases/morning-journalFilesize
8KB
MD50820cb462dab97297d0acdfa5be25ed2
SHA1193b822f97f6722d0da34baa59dbf8ad399af08e
SHA256f440fd743bcbe5fe5cf442d9fd603d0781c31d269d7de483acf06693aff965f4
SHA51266094b008ed097d834b9867031be02b77b722b5145bd6cfea723c4464bc61e75713f3aed7e677137f03156246712644399ebff82ffb557fa748f4e088359025d
-
/data/data/content.popularising.converging/databases/morning-journalFilesize
12KB
MD57355d3bc06fb9408a8462d5bb6e1f84b
SHA104ce72ac8af9649a8c046e586525bc7df6300c59
SHA256c243e99b9236b0c14df913a10fce362d728b40e40bf600c0093d60064439e21a
SHA512aea5dd5dd9b79dd418f3477d27b8c25bab548c741e27812ffa46fdea909d8855bc31b3e1eb1ab1c0f69b24f9a784d41abbf283a61da5ff047e57d3bab15ff8fd