Analysis

  • max time kernel
    20s
  • max time network
    131s
  • platform
    android_x64
  • resource
    android-x64-20240603-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240603-enlocale:en-usos:android-10-x64system
  • submitted
    09-06-2024 02:12

General

  • Target

    e4d7484b888deceefeb17ee346821a0c9d3112dffd5ad57c71f4df7d304580b8.apk

  • Size

    2.0MB

  • MD5

    71f6cdb3d8eebe1c8e7e26896238e571

  • SHA1

    019134386a6d900d61285e5e986249928a9504b6

  • SHA256

    e4d7484b888deceefeb17ee346821a0c9d3112dffd5ad57c71f4df7d304580b8

  • SHA512

    740e8bcde7462b99972ea472ee0cae53f4f61fcdc6d9ca1c8c44d0661323178c891f7fe82052cd7bae7239d7a953a6dcdb5e6fc42b28cd4acc9e1634e284228b

  • SSDEEP

    49152:I8FjWz5Kzip37zl3fg1S1RvyzHth1mFI1/3Go1eiUMG1VummJwga8TGi3U/kX1l5:IIhup37zlviS1GHoFW3aiUM6ummJwgaE

Malware Config

Signatures

  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • pl.spyone.agent2
    1⤵
    • Obtains sensitive information copied to the device clipboard
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:5038

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/pl.spyone.agent2/databases/database.db
    Filesize

    76KB

    MD5

    dd46d6cae176055d8617ceb3d40f1d96

    SHA1

    b7a971b5f755f7fd5f9041bb1a0ffb1a74d9dd57

    SHA256

    c4d2fc19a3c54c2d2cadde804546ce6f62f960865b829ea240026e1ea2706e96

    SHA512

    54d353f7e746aa3935848cc2f694cd6cfbd1c59b6f56e276b76fad0f0a4c8ea09cd4835be8a8ccd615a7714d3e212a091d93a2b3b835f4ea767c8ba5950a5516

  • /data/data/pl.spyone.agent2/databases/database.db-journal
    Filesize

    512B

    MD5

    353f6fc2a3efe0258e72b092ca9acc08

    SHA1

    0a10fdaecc7041076ee7d7877d4ba4462b3f7d89

    SHA256

    9cd16e220348f2f1a0a8a38ce20fc6e7ff0edaa63545bebdfa462a96635b9427

    SHA512

    54dc9e154ce7e522ccf8a3928c2d6be6cb19bce8fd38f2284d1abafa5022cb43e6bc95ee1d6053614472e8ca452db1864ce7156ef5f081f3a4ae8f18677444d2

  • /data/data/pl.spyone.agent2/databases/database.db-journal
    Filesize

    8KB

    MD5

    c95e63dc191a08ad828f6837e9bb852f

    SHA1

    deba3a22bf9e173acef14aa64ff0f6f2da66c606

    SHA256

    2746c73a239ff81348b28571ab1abe8d212e624960c99d374d5c529d71f46601

    SHA512

    4fa3d0da016bb96b1f3696e711520de11c8289abfed1302b5a69bab3051e3f8bdc3c659077ea5eab7da6ff5247aee78fb258ce676894fb9a6e8fc5124730755b

  • /data/data/pl.spyone.agent2/databases/database.db-journal
    Filesize

    8KB

    MD5

    64a041fd0fdf9dee7c91936e74cdec6b

    SHA1

    96f232c8a6c10c86f5f53976b5b0e673aa4979ae

    SHA256

    3ab3996aa5519f8ec341d27969f580b7ae1f96863205e1c06140ce2a35c0434e

    SHA512

    e35f565d47efc0eaedf393660229752bf0d5da14ff10f8b7764ee61d8f9dda7cee02ff19c686259447b1bc9d4553f2dbe788996a99b68ae39e2112b5557860a9