Analysis
-
max time kernel
63s -
max time network
73s -
platform
android_x64 -
resource
android-x64-20240611.1-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system -
submitted
15-06-2024 03:13
Static task
static1
Behavioral task
behavioral1
Sample
CLIENT.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
CLIENT.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral3
Sample
CLIENT.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
CLIENT.apk
-
Size
3.4MB
-
MD5
e05f642a954e5fa5d06c56cf04c00b2d
-
SHA1
19d28d4f2677d6311ccc90c74806383931f2c0bc
-
SHA256
2bbe9cd94760ffe4f2ac5058343c25d7e9a24c5c678a1d3493999de2a5ea18dc
-
SHA512
e0f516e534619b727d4cf1508c5f7408e18f2ffe5a432c2393d7add17927bead273ad38fa08e8a53f996c8b2ee69500ff3f1cbe2daf96a417c0e3e4b037587ff
-
SSDEEP
49152:Yad2okaqMvh9/rY68za8sdWuDLA2LQm1cOdc/bpjgmVY2yocPKl65So:Rd2oPvHc/S+m11dc/b7Pcc655
Malware Config
Signatures
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
cybershieldx.rainbowdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone cybershieldx.rainbow -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
cybershieldx.rainbowdescription ioc process Framework service call android.app.IActivityManager.registerReceiver cybershieldx.rainbow -
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/cybershieldx.rainbow/files/profileInstalledFilesize
24B
MD5ef227a4bf3a55dd8ced630012fc89354
SHA19f451790895fdf87ddf9cc7c0d2be99caa7b00dc
SHA256f467c4aaf9ee324bd463657fb642d6c2aff425b00be377e808221819b9e628d7
SHA51283a15bb4bfb646c4c2d5ade26873edf45d33ccf70fce08156faecdcd8ae379e40fc1684f01472151795bbc94016217a948152b582d8fd3b39c2dff101f38783b
-
/data/data/cybershieldx.rainbow/files/profileinstaller_profileWrittenFor_lastUpdateTime.datFilesize
8B
MD5b2a4dd127329a72a83f557ab026fb05c
SHA1d2565a3db905b1380c81e1f37519315ce739f7d5
SHA2565d45c9e7f23e2eb06818995b6ca6e9aa49e2edab3377a11dedca3aaf1856fee6
SHA51281932ccf02ce97efc9a6d6c40b58eca4cae051bbf0840455773ad63a1996c28582578346760e2d23d14ded85e6d85a5731fffba30b6d1893d09602e6b50c399e
-
/data/misc/profiles/cur/0/cybershieldx.rainbow/primary.profFilesize
3KB
MD5d64d8c71437f992a836c456e7c64f475
SHA1143d5caa7da681824e4ca673dbf8dda6f8eeff66
SHA256fff9514ad0440f098a41a8c1fd1a3179b475b3fe7cb055fde5400a4b9c40b4bb
SHA512937a90737e940cbea207bb15609f73326d8a0cb3f15c3103dae6e4b29c878f6f3793e4c40ddc82ef97bb310ed9b148ae2e1384cf758d79528aeef56204a777c9
-
/data/misc/profiles/cur/0/cybershieldx.rainbow/primary.profFilesize
5KB
MD5f472fe8af462c540a583ae7e7a70eda3
SHA1d4fb7156496c00465b963cafa45d19798bc94a59
SHA256c83d4ca2698f374cec233cbaab8156fc8b401f2aafce694eb6c9f2ae96621a79
SHA512d9f00ba7ef039f86662c64716c7163d4aec835fbfefbf51dd07a8dac24692fe3b780feb7560432c23225bcd1af829500f351898edeeb79bb7de2dbc5efc8c1c8