Analysis

  • max time kernel
    175s
  • max time network
    183s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240611.1-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
  • submitted
    15-06-2024 03:13

General

  • Target

    CLIENT.apk

  • Size

    3.4MB

  • MD5

    e05f642a954e5fa5d06c56cf04c00b2d

  • SHA1

    19d28d4f2677d6311ccc90c74806383931f2c0bc

  • SHA256

    2bbe9cd94760ffe4f2ac5058343c25d7e9a24c5c678a1d3493999de2a5ea18dc

  • SHA512

    e0f516e534619b727d4cf1508c5f7408e18f2ffe5a432c2393d7add17927bead273ad38fa08e8a53f996c8b2ee69500ff3f1cbe2daf96a417c0e3e4b037587ff

  • SSDEEP

    49152:Yad2okaqMvh9/rY68za8sdWuDLA2LQm1cOdc/bpjgmVY2yocPKl65So:Rd2oPvHc/S+m11dc/b7Pcc655

Malware Config

Signatures

  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • cybershieldx.rainbow
    1⤵
    • Obtains sensitive information copied to the device clipboard
    • Checks CPU information
    • Checks memory information
    PID:4498

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/cybershieldx.rainbow/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
    Filesize

    8B

    MD5

    143a7ae43e90c76a58adf2c16c07a4c0

    SHA1

    4e02cf2ca45d4a571ab5fb308afbaf744467db67

    SHA256

    5d9b899819f17d6c1b84ee2953ad146e397103c9c06d8fdd0deebd37c381bc1f

    SHA512

    d056b30422ee837af3ff203d8b4a03f0293f5b09383711e6f10f2cdf5a3446b455bee7105c06f338a963ce178e755d684bd5c043eb16ad5f9463eb8d16972d1a

  • /data/misc/profiles/cur/0/cybershieldx.rainbow/primary.prof
    Filesize

    3KB

    MD5

    d64d8c71437f992a836c456e7c64f475

    SHA1

    143d5caa7da681824e4ca673dbf8dda6f8eeff66

    SHA256

    fff9514ad0440f098a41a8c1fd1a3179b475b3fe7cb055fde5400a4b9c40b4bb

    SHA512

    937a90737e940cbea207bb15609f73326d8a0cb3f15c3103dae6e4b29c878f6f3793e4c40ddc82ef97bb310ed9b148ae2e1384cf758d79528aeef56204a777c9

  • /data/misc/profiles/cur/0/cybershieldx.rainbow/primary.prof
    Filesize

    5KB

    MD5

    b31af44db5a55ffb745476153c624a31

    SHA1

    91bd45d2742b3853e28013c2423323efa08d85a0

    SHA256

    54391d38d9539f2a47b590a9a82c271bcbe6f29a45bdd081375e892f945cd5c5

    SHA512

    f0ac1cccc3581c897923e39f22a296db56ff68260c64c78e98097e8af876f5172d7c833660ae41d386a6f74d15592c5d5aca9e26357708e5884eccecf7e37882