94a3e03fcf39eb31d1c7a147af97eb4304d7525a6c4b563d05208ca61b7a6d47

Analysis

max time kernel
25s
max time network
131s
platform
android_x64
resource
android-x64-20240611.1-en
resource tags

androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
submitted
23-06-2024 23:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

94a3e03fcf39eb31d1c7a147af97eb4304d7525a6c4b563d05208ca61b7a6d47.apk
Size

2.3MB
MD5

2bfd6e068ee78c81d993d1a37684d8d0
SHA1

ea68ce71658760998bf21bffcc7055e4733d81d7
SHA256

94a3e03fcf39eb31d1c7a147af97eb4304d7525a6c4b563d05208ca61b7a6d47
SHA512

e2a5c483ee30b8b4df58f90bbccadefb540b7332cb05316181403b218c57dffda73f428afa79859e69cf82e50a6762e3a43736195b465c593f85fe78b7197874
SSDEEP

49152:4dZHWsBZ0GHiNxp/jdgfcPWsU9dag7Z3j:4dlLHix/jddWs6ZZ3j

Score

7^/10

collection credential_access discovery impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	kkkkkkshaasyl.karantaka

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	kkkkkkshaasyl.karantaka

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	kkkkkkshaasyl.karantaka

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	kkkkkkshaasyl.karantaka

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	kkkkkkshaasyl.karantaka

kkkkkkshaasyl.karantaka
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:5047

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/kkkkkkshaasyl.karantaka/files/profileInstalled

Filesize
24B

MD5
0d003e880535a15f20feb973a73dab25

SHA1
fdb1a264db13a46315a983ad180ad54501307780

SHA256
6ef0018884ce2f6f11108f72319b5fe9aa3ae061df7705d82f27d88d3cb9f653

SHA512
ea42bcf2d4698cab7f9e721306c36a75332493d10ff944124dbdcc8326edad64f64378a0a8e892242207c0c191fcfd7d200715df4767d619676c545c96993d3e

Download Submit
/data/data/kkkkkkshaasyl.karantaka/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
8becfc0746cd59955d9c25975a8b27b1

SHA1
f85d5f3b03fc711305acd13fb5be8d88d8e39262

SHA256
26f6d2426120b37bae402256d5db0978aedded14542837dfaeb27aa9d4c7c9a9

SHA512
f03e58bd0b61fb3615056dcd1f7c3ca5f4efd87fc6b876cbcb676a51591be190e063b542eb8ae38da62cf1f3590247412e7dec4e49d8899545c0e39d4e65149d

Download Submit
/data/misc/profiles/cur/0/kkkkkkshaasyl.karantaka/primary.prof

Filesize
1KB

MD5
68113fd630d64d8d191c4a85b100796f

SHA1
3424c37c4499928a8efe1488a60af3389c81dac1

SHA256
1df0505efd3fe3b3bcd4cc740573fca01d3dc5e34def0b8f3c6985b5eb00a981

SHA512
e270fbbc71918b5a7e5e29a0657cf7e54e0ce3c1aa76202268b1e7ff496b71288eec1b1279ed379733de92d62adb5c1dd189961491750d12836c5bb78f786189

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads