Analysis
-
max time kernel
20s -
max time network
131s -
platform
android_x64 -
resource
android-x64-20240603-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240603-enlocale:en-usos:android-10-x64system -
submitted
09-06-2024 02:12
Static task
static1
Behavioral task
behavioral1
Sample
e4d7484b888deceefeb17ee346821a0c9d3112dffd5ad57c71f4df7d304580b8.apk
Resource
android-x86-arm-20240603-en
Behavioral task
behavioral2
Sample
e4d7484b888deceefeb17ee346821a0c9d3112dffd5ad57c71f4df7d304580b8.apk
Resource
android-x64-20240603-en
Behavioral task
behavioral3
Sample
e4d7484b888deceefeb17ee346821a0c9d3112dffd5ad57c71f4df7d304580b8.apk
Resource
android-x64-arm64-20240603-en
General
-
Target
e4d7484b888deceefeb17ee346821a0c9d3112dffd5ad57c71f4df7d304580b8.apk
-
Size
2.0MB
-
MD5
71f6cdb3d8eebe1c8e7e26896238e571
-
SHA1
019134386a6d900d61285e5e986249928a9504b6
-
SHA256
e4d7484b888deceefeb17ee346821a0c9d3112dffd5ad57c71f4df7d304580b8
-
SHA512
740e8bcde7462b99972ea472ee0cae53f4f61fcdc6d9ca1c8c44d0661323178c891f7fe82052cd7bae7239d7a953a6dcdb5e6fc42b28cd4acc9e1634e284228b
-
SSDEEP
49152:I8FjWz5Kzip37zl3fg1S1RvyzHth1mFI1/3Go1eiUMG1VummJwga8TGi3U/kX1l5:IIhup37zlviS1GHoFW3aiUM6ummJwgaE
Malware Config
Signatures
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
pl.spyone.agent2description ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone pl.spyone.agent2 -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
pl.spyone.agent2description ioc process Framework service call android.app.IActivityManager.registerReceiver pl.spyone.agent2 -
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/pl.spyone.agent2/databases/database.dbFilesize
76KB
MD5dd46d6cae176055d8617ceb3d40f1d96
SHA1b7a971b5f755f7fd5f9041bb1a0ffb1a74d9dd57
SHA256c4d2fc19a3c54c2d2cadde804546ce6f62f960865b829ea240026e1ea2706e96
SHA51254d353f7e746aa3935848cc2f694cd6cfbd1c59b6f56e276b76fad0f0a4c8ea09cd4835be8a8ccd615a7714d3e212a091d93a2b3b835f4ea767c8ba5950a5516
-
/data/data/pl.spyone.agent2/databases/database.db-journalFilesize
512B
MD5353f6fc2a3efe0258e72b092ca9acc08
SHA10a10fdaecc7041076ee7d7877d4ba4462b3f7d89
SHA2569cd16e220348f2f1a0a8a38ce20fc6e7ff0edaa63545bebdfa462a96635b9427
SHA51254dc9e154ce7e522ccf8a3928c2d6be6cb19bce8fd38f2284d1abafa5022cb43e6bc95ee1d6053614472e8ca452db1864ce7156ef5f081f3a4ae8f18677444d2
-
/data/data/pl.spyone.agent2/databases/database.db-journalFilesize
8KB
MD5c95e63dc191a08ad828f6837e9bb852f
SHA1deba3a22bf9e173acef14aa64ff0f6f2da66c606
SHA2562746c73a239ff81348b28571ab1abe8d212e624960c99d374d5c529d71f46601
SHA5124fa3d0da016bb96b1f3696e711520de11c8289abfed1302b5a69bab3051e3f8bdc3c659077ea5eab7da6ff5247aee78fb258ce676894fb9a6e8fc5124730755b
-
/data/data/pl.spyone.agent2/databases/database.db-journalFilesize
8KB
MD564a041fd0fdf9dee7c91936e74cdec6b
SHA196f232c8a6c10c86f5f53976b5b0e673aa4979ae
SHA2563ab3996aa5519f8ec341d27969f580b7ae1f96863205e1c06140ce2a35c0434e
SHA512e35f565d47efc0eaedf393660229752bf0d5da14ff10f8b7764ee61d8f9dda7cee02ff19c686259447b1bc9d4553f2dbe788996a99b68ae39e2112b5557860a9