14caec9b011946b73947cefc1819bb2fbea1324af82edf6758de2707d7f49932

Analysis

max time kernel
158s
max time network
172s
platform
android_x64
resource
android-x64-arm64-20240603-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240603-enlocale:en-usos:android-11-x64system
submitted
08-06-2024 17:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

VirusShare_d9a91a7f674d6f332deac024b0084c5f.apk
Size

73KB
MD5

d9a91a7f674d6f332deac024b0084c5f
SHA1

096fe624aa3334d2cef1acffd8ea538ce0c5132f
SHA256

14caec9b011946b73947cefc1819bb2fbea1324af82edf6758de2707d7f49932
SHA512

bb1992dd26e5afb4c6835bd002a607b6f84fee26bb0bc2a3e01bc4dc21a4da12eda7f52362953caf657c529f5af83a9ee85a23f2f7b4a7cf3e1b4b2631418f6b
SSDEEP

1536:f9b9pvKVwT4U3boXOx4XOKEFkCfEabazKjTH8sIYXzZOgnuyBeMUu+0JNM+TS:IWTPUamNEFtfEONH8BezZXPe2pe

Score

7^/10

collection credential_access evasion impact persistence privilege_escalation

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

com.ayurvedic

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.ayurvedic
Reads the content of the call log. 1 TTPs 1 IoCs
collection

T1636.002

Processes:

com.ayurvedic

description ioc process

URI accessed for read content://call_log/calls com.ayurvedic
Acquires the wake lock 1 IoCs

Processes:

com.ayurvedic

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.ayurvedic
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

T1541

Processes:

com.ayurvedic

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.ayurvedic
Tries to add a device administrator. 2 TTPs 1 IoCs
privilege_escalation impact

T1626.001

T1640

Processes:

com.ayurvedic

description ioc process

Intent action android.app.action.ADD_DEVICE_ADMIN com.ayurvedic
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.ayurvedic

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.ayurvedic
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.ayurvedic

description ioc process

File opened for read /proc/cpuinfo com.ayurvedic
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.ayurvedic

description ioc process

File opened for read /proc/meminfo com.ayurvedic

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.ayurvedic

description	ioc	process
URI accessed for read	content://call_log/calls	com.ayurvedic

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.ayurvedic

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.ayurvedic

description	ioc	process
Intent action	android.app.action.ADD_DEVICE_ADMIN	com.ayurvedic

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.ayurvedic

description	ioc	process
File opened for read	/proc/cpuinfo	com.ayurvedic

description	ioc	process
File opened for read	/proc/meminfo	com.ayurvedic

com.ayurvedic
1⤵
- Obtains sensitive information copied to the device clipboard
- Reads the content of the call log.
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Tries to add a device administrator.
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4602

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads