Analysis
-
max time kernel
177s -
max time network
183s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
15-06-2024 03:13
Static task
static1
Behavioral task
behavioral1
Sample
CLIENT.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
CLIENT.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral3
Sample
CLIENT.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
CLIENT.apk
-
Size
3.4MB
-
MD5
e05f642a954e5fa5d06c56cf04c00b2d
-
SHA1
19d28d4f2677d6311ccc90c74806383931f2c0bc
-
SHA256
2bbe9cd94760ffe4f2ac5058343c25d7e9a24c5c678a1d3493999de2a5ea18dc
-
SHA512
e0f516e534619b727d4cf1508c5f7408e18f2ffe5a432c2393d7add17927bead273ad38fa08e8a53f996c8b2ee69500ff3f1cbe2daf96a417c0e3e4b037587ff
-
SSDEEP
49152:Yad2okaqMvh9/rY68za8sdWuDLA2LQm1cOdc/bpjgmVY2yocPKl65So:Rd2oPvHc/S+m11dc/b7Pcc655
Malware Config
Signatures
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
cybershieldx.rainbowdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone cybershieldx.rainbow -
Requests enabling of the accessibility settings. 1 IoCs
Processes:
cybershieldx.rainbowdescription ioc process Intent action android.settings.ACCESSIBILITY_SETTINGS cybershieldx.rainbow -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
cybershieldx.rainbowdescription ioc process Framework service call android.app.IActivityManager.registerReceiver cybershieldx.rainbow -
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/cybershieldx.rainbow/files/profileInstalledFilesize
24B
MD564785e086e963faa94b8a752eebccbd9
SHA1a375aa22ea2a58e83df921275d8c7ac15033ed6e
SHA25640ae81014afc40eb2eb136d7eecc62a7c4cf0fef48f3f1f18df975cf802e044d
SHA5125f0dfb21d1daae5a8fe20ee9b9fba048868b2000dfdef34616b4f95b0948d960e825891bd1dd8df3812aa4a77a65204f382ffafc5005efeb1589da6fcfeb7c92
-
/data/data/cybershieldx.rainbow/files/profileinstaller_profileWrittenFor_lastUpdateTime.datFilesize
8B
MD56a6a72eb7fd73f87bd0dedf33bd5aecb
SHA1586293c1596f9500e089f12af3b5e5bc9707f74f
SHA256818aa79ecff8f7bf6bd79b65730af28366d5ea610c29bfa372936a33cb793dc2
SHA512202fa850647ab59343ef2b5ea377dfc158f2260d5ad989bc26d9d784538e651cf11cc0d060474cb7862080dc42e5c92260ab1a5861b608ebbd2a0d895e2dd4af
-
/data/misc/profiles/cur/0/cybershieldx.rainbow/primary.profFilesize
3KB
MD5d64d8c71437f992a836c456e7c64f475
SHA1143d5caa7da681824e4ca673dbf8dda6f8eeff66
SHA256fff9514ad0440f098a41a8c1fd1a3179b475b3fe7cb055fde5400a4b9c40b4bb
SHA512937a90737e940cbea207bb15609f73326d8a0cb3f15c3103dae6e4b29c878f6f3793e4c40ddc82ef97bb310ed9b148ae2e1384cf758d79528aeef56204a777c9
-
/data/misc/profiles/cur/0/cybershieldx.rainbow/primary.profFilesize
5KB
MD5feb57e6ed95b94e012b0120b514501fb
SHA12c59ec47c2101603ea109955d1d36be4dec502c4
SHA256e75e66aa373be1d42026485c4cfd136a97a70febfe77cbb8dc2482bd9c538ee6
SHA5125e4f9ae6a57d58d61be45f9c3264badb4631c63726db0bf0c0687bda73e14b939cda7e6b8cd304ac3d02c3983bc5704cfbdf01912a60c2411902e178a47dc2ef