09d4a5a09adb12d0153535d046d96849d4d83c8551b0be818626505e206e4a5c

Analysis

max time kernel
27s
max time network
188s
platform
android_x64
resource
android-x64-arm64-20240611.1-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
submitted
12-06-2024 14:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

09d4a5a09adb12d0153535d046d96849d4d83c8551b0be818626505e206e4a5c.apk
Size

4.8MB
MD5

e95e1f342ea8a16136a6ba8b5c461cfd
SHA1

2d7f51101fec9ecc3d84313088a6fdb7702fa02a
SHA256

09d4a5a09adb12d0153535d046d96849d4d83c8551b0be818626505e206e4a5c
SHA512

a88cc1361d5740f0caf81638d5de4bdf2c211e5f5b37817385f3c6e20c464e954b4f4a89a008024094a64814d53d428ba7598098a2e5d0636dd0de3666cf6bfe
SSDEEP

98304:lk5QKPD6MteM/0KBSj57a4PQ+vqJBBEypgZGRqnzK1YFqaPo/KrMJ:CP6L1GWqXB5pgARqnzK8p+

Score

7^/10

collection credential_access execution impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

com.hadifetrati.notebook

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.hadifetrati.notebook
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

T1603

Processes:

com.hadifetrati.notebook

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.hadifetrati.notebook
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.hadifetrati.notebook

description ioc process

File opened for read /proc/cpuinfo com.hadifetrati.notebook
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.hadifetrati.notebook

description ioc process

File opened for read /proc/meminfo com.hadifetrati.notebook

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.hadifetrati.notebook

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.hadifetrati.notebook

description	ioc	process
File opened for read	/proc/cpuinfo	com.hadifetrati.notebook

description	ioc	process
File opened for read	/proc/meminfo	com.hadifetrati.notebook

com.hadifetrati.notebook
1⤵
- Obtains sensitive information copied to the device clipboard
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4426

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.hadifetrati.notebook/cache/adivery-cache/1qr8dl8wps1jpzi951vok34zi.0.tmp
Filesize
29KB

MD5
5aaaec90a9729e4f660795be2fd48620

SHA1
5297e2b0cb795ba6e6c23ec90384bea31b3ab045

SHA256
a36b1c41a44eee1682fe431661ea0ed622582637d5f49609c8ac7f8bf48c66a6

SHA512
4c91460ccacd7670cce042841968c1b49252d6fa54dea3f9c385ab160c30c1c2f51badda29abc9465134b8f53c6543c5196ac73efd2aac1da314f5bea553011a

Download Submit
/data/data/com.hadifetrati.notebook/cache/adivery-cache/2iluxnebe51hekcjg8v1g5fq4.0.tmp
Filesize
27KB

MD5
8efefa3227e4d782a80d5f9da22a0058

SHA1
934293af173c80e3ca62e717d619acb57005a517

SHA256
fd9db8d1519624107a19b6a69985d592c5cb178706f1ea62bd13719400618fe2

SHA512
e9e2f3ca150c6b1cf7573cafe7d5866057094fe28a1eabfcfe2e86df7885a4ddcafde12dce53224c4e263fe2047d68dc626be45bda2f837756a3a8b2c606667b

Download Submit
/data/data/com.hadifetrati.notebook/cache/adivery-cache/2mpzv0ywwt0br3layyg7kosn0.0.tmp
Filesize
79KB

MD5
b4ba18af5e4803b5406d04d682f9eb51

SHA1
d6877e0b6c25047129e54c4629d9814b5b6845a3

SHA256
4a23b0af124d823f1d9877a51fa42fa8fc959810dc9c7efd23ca9e610f0a45d5

SHA512
fbef24e61151fe8c19339306a06752b4d6bfec9b7f50cee518c419ba277591af24a17d87a0e5b4d8e65936d63f14fd598e0fefe53b73c4f59c80e1895d4a9cb3

Download Submit
/data/data/com.hadifetrati.notebook/cache/adivery-cache/2uhrrdkqo8jjq7ppyhxsxfdm.0.tmp
Filesize
163KB

MD5
9c9d3dd3fb276bee23da93f639ae46ed

SHA1
cfaba0922e79567ed03dbb2f7b4c6c497d27d8d0

SHA256
b857723004b2357dd3152b526403cfb2b91fafe2957a283975c1358f28cc02a8

SHA512
b94c2329f973208de3002542a21fca629643caecbb6b83d100c69a2554a1a371e35ffa4a555e595bd44d3c472dbffa5c4c86049c3f54ed5f5c81ccdaf4a2f82f

Download Submit
/data/data/com.hadifetrati.notebook/cache/adivery-cache/368xkuacxmfeo3v0oesx88paw.0.tmp
Filesize
140KB

MD5
54914bafb1b97d16e353be49c81d8392

SHA1
fb33d0b5d200a61d37ac22c44e2fba6fbf53a8ad

SHA256
233142bf36cd7676c6e18856eac6861081c42f83cb4f7c865791d9c67b0636ba

SHA512
d7d495e3bdf675c5136d6bfd37f78cb75c847f770fe6a1b44876aa2ff425ee3a16774acf308ce992edcaf61a8ec2baa9251bfdedec0a5b4165562a30a3c7d5c3

Download Submit
/data/data/com.hadifetrati.notebook/cache/adivery-cache/4hi9t08341wkp6zscnhairpuc.0.tmp
Filesize
48KB

MD5
d6345ae86733f4ab79546cb0042c4c38

SHA1
9eb418ec4e87e666afcd42782e64328aaa762b72

SHA256
b1eea634f7e4a5a915f4316968b3a9e028211959c38c5f789aa7699f25424b56

SHA512
531a1a3364f0173230b8fac9a7c474a4c444e26b0462aa943bdde1cbc519b1ef4c1f6aab190d788ad779bc0b34b44418316340b63d833655c00838a808d0fbae

Download Submit
/data/data/com.hadifetrati.notebook/cache/adivery-cache/4im4mehi8oql8ccqtzqzuowhp.0.tmp
Filesize
5KB

MD5
bd00afba56e1517c53505a42fabb198e

SHA1
2b5a85dd2767bf33b2a57129226d00c48508d83c

SHA256
0b8ba338ce3b657a75d98d659fce4bea3e578a1af4eb845da33b9fc25ff357a3

SHA512
3eb6f611f33ff2ef5f632ca79f0595089c2ada3620f12ea38ed3ecb307ded38562eb953d0774115ad84004260f903d62c909e55f9c60a5c913ba8cdf2316abfc

Download Submit
/data/data/com.hadifetrati.notebook/cache/adivery-cache/5pbo4a7hddcsyz1wak1oojwhr.0.tmp
Filesize
61KB

MD5
4a3e4671e240fa87f955b86c32818358

SHA1
09c94521f832b980c3196436ef5b5bb9a0f5291f

SHA256
3ac0f177e2a226d398c51f1052c330b0af38e2c925579ab5a59b2438861d9324

SHA512
2b5a0f56a9eb7c3340a0080617179eb83d9880158120c23f44d38f72a7718725954b3fbe4c66f99aa74d8cc1f506390d20352af4e57a59d27b17ea35a46377b2

Download Submit
/data/data/com.hadifetrati.notebook/cache/adivery-cache/5s1oib9dxsbip0phnnqxsx10i.0.tmp
Filesize
3.4MB

MD5
68cc7e7ff81d72b65082da5d0d9b4718

SHA1
6c2ffd9d0b3505ad7efc9ef22bc0bbbcced4ab55

SHA256
11bde99d5cedb1d5aa1425ba3807f8cee8c60f16c6f607027553d167a11eb6df

SHA512
848155ff51abaadb475d7900e8e8494906c02ff85e21f8113f1a48c9002616c07077a8b3a7272d6eada0d5ec7ba2dca7cd021190eb0802c3a13e41d9ae69c68a

Download Submit
/data/data/com.hadifetrati.notebook/cache/adivery-cache/journal
Filesize
856B

MD5
02aa7617466618b3779ab6277311cebd

SHA1
d2a3f92b8ed0bd02b2e1fce79ae5ba22fc2c6d2f

SHA256
6137eb801938d6db6f81ad0b5d900d3a6dad8bdf7655d29b19cba72a8e18cb99

SHA512
7fdbb48568b9c6677da7dc50ccdbd3f8acefb0649675b103d4110f1b5f89076eb936f69a82a8c1564d8cfb6dbb29f6fb018cbfbad87a72964aa9c1c1cc36db6e

Download Submit
/data/data/com.hadifetrati.notebook/cache/adivery-cache/journal.tmp
Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/data/com.hadifetrati.notebook/databases/ADIVERY_RESPONSE_LOGS.DB
Filesize
20KB

MD5
4a4cc7aa82867197b9a26c9113881ab8

SHA1
5412e3ababaade4a7a41179c2b46e73308e1a83d

SHA256
f69543e3f82a93b09485a066cae47cad4c379c7566095901282f651743902a2c

SHA512
1f9614303caa1f9fac74c5625a4ddc668b6557f91d04099852be8c2ef6b3df77e269fbe8843d9d9979bfb9e20684d7476c48065991bd284262b12ec224fce869

Download Submit
/data/data/com.hadifetrati.notebook/databases/ADIVERY_RESPONSE_LOGS.DB-journal
Filesize
512B

MD5
b4d657eb9d5314ab67dad0783fa29042

SHA1
bfc27cfc84eeefe229f6f2501d5c3281ebbd18fb

SHA256
3b77c2a0f98f0bad152b357c959482f3172d8ca7a98fbd450bd6809a629bfa18

SHA512
337e5efba2d0619c84ef8d5a180167b8de55d26733631bf77289f5daef8ee5638764ab3f6703ee040833ffe887c8d61ab417a7a45634a4279a7c427be7e03ba1

Download Submit
/data/data/com.hadifetrati.notebook/databases/ADIVERY_RESPONSE_LOGS.DB-journal
Filesize
8KB

MD5
59cfed1e91649828d11bce4be1809ed2

SHA1
0c3c30638675b9eec49ca146f961bd1b37591329

SHA256
e26a08bcbb32b4c87247e709488efde75dd310078766dd6499bb2f1b71836a21

SHA512
9cce31e6ebdd5f36bdeadcc0394a1029a8cd0a405a1986af1613b61550b0b87a1d7286f8e74f71f27250bfb260b1083992f8f161d1cf531f6305721a214b8791

Download Submit
/data/data/com.hadifetrati.notebook/databases/ADIVERY_RESPONSE_LOGS.DB-journal
Filesize
8KB

MD5
b1a441b577a243c85230fdbda287da85

SHA1
37669ff2600169da4b57c60f2b3622151ac45610

SHA256
4502c343e7c5a63098370564e117134865085f0586a9efdb55a087baac6a0df3

SHA512
f409d23ae97a09dd4a0b1a9dbbe5bb0ac649099b5e252a14fef23637cd94abfd6de6a2980c635e881fce10841561b9fee8fc3689994efde75eb0988878981ed6

Download Submit
/data/data/com.hadifetrati.notebook/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
Filesize
8B

MD5
3774e74b00b338d3bf50dc78cbfce532

SHA1
d8b77fa949b1b3c89530ef0c44063f4b9fa36b2b

SHA256
a673868b2b2233c84f0b7a0a1e0dc86f92cbc7882f94c37b23aaec17d38cfd41

SHA512
8d8ab176aebf0fb05d47d86111dc64f0833d8b7d246f435ad30fcc67b7ea0946e59af1d6e12cdd6177954d597c277b92f9cfa4d366c1a8266f3746047af330df

Download Submit
/data/misc/profiles/cur/0/com.hadifetrati.notebook/primary.prof
Filesize
1KB

MD5
b74110fef75f6bd788b075005de35e9d

SHA1
a80e76ca6f3e770dd1671fdc25c15ee755632300

SHA256
49d617b2ebf59a9dc83afe76ffb69cc54f115d5e0e4bc3cd6742cab5975f0b46

SHA512
6f1e6a39fb607f1c7d4710552cc8bf8f194bd0823f4e6cb50542ce294a5292ad265b91e9d856a8d824869063f19c18815847243ce9ece31aaf1f48405434106d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads