6cd5feb4ff16926fe8c7443eb9e38c47768dce2a87a7d38f210b4a6fc9c5760b

Analysis

max time kernel
77s
max time network
154s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
27-06-2024 08:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6CD5FEB4FF16926FE8C7443EB9E38C47768DCE2A87A7D38F210B4A6FC9C5760B.apk
Size

15.7MB
MD5

6f1de63a845d5f14196c6f57e7fd8680
SHA1

6229fe154ddac84d329881fee192c6b095988443
SHA256

6cd5feb4ff16926fe8c7443eb9e38c47768dce2a87a7d38f210b4a6fc9c5760b
SHA512

3f59cbb5e06bc3c8da38fb06be4427fa2af36bbf8d627a452703625a06fce27575585137098b82fc720a121b5e56df9bdfa7915a11938e5a581161aac9780a56
SSDEEP

393216:fuEqd1CSPUnd5CixspsyPltW03ojvCi91SLOwzr:f82tSiCpQ0Yj1sn

Score

7^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.lavoro.compra.vendita

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.lavoro.compra.vendita

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.lavoro.compra.vendita

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.lavoro.compra.vendita

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.lavoro.compra.vendita

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.lavoro.compra.vendita

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.lavoro.compra.vendita

com.lavoro.compra.vendita
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4334

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.lavoro.compra.vendita/databases/data2.db

Filesize
60KB

MD5
60a5a1faf96e2c18c3b91c8d58f88c0a

SHA1
57bde1b36a5158564eba7007b43c86cb0f6ebdb1

SHA256
df00c785c3943c57625311a347afebffc9a782509f58acdc0e956c6dd8e523bb

SHA512
c1c721ba5abdf62fbbd4881593bb7565a15a9d6c0237df7dca29b8ac13900c2f6cf3b9aa3a151e1c0c5c2ecd109f39ca08a74258ad006dce14c49e00b51db7d5

Download Submit
/data/user/0/com.lavoro.compra.vendita/databases/data2.db-journal

Filesize
512B

MD5
18ae228fddd1898f6679d461d59fbc99

SHA1
d0f7240bf1be35d24628ab5210d387ef16dacd51

SHA256
662a7fb66e1ea086b5721c92784a63a49af79455bacf304e932f49fc99523a80

SHA512
d4751253ed92d5bdf1f78edf38c8613c6ad19f8add55765e43aea800706418323c4551eab4bd66edc3b4a09cff1b7bc65d85e9df00d74f70a4794360752ee9da

Download Submit
/data/user/0/com.lavoro.compra.vendita/databases/data2.db-journal

Filesize
8KB

MD5
39f296e34eb262fbd3891c2d2e055021

SHA1
4a8ebadb1430115806cc0476e73768f8d94151ff

SHA256
6437af4416be4a9b22d8f96f087c99549db42adf1c736b65b059127204b8c58b

SHA512
1ce37b0f5f692f10b46cd42493894c47364d4044f9d4b3ba402fd5ef775d411422d04cb6be8655d3c8c7dfc5ecd7aa09d8844a46fe41e35d2dc580ca6fb821e9

Download Submit
/data/user/0/com.lavoro.compra.vendita/databases/data2.db-journal

Filesize
8KB

MD5
a64930ffaf27242fd8b4aef65ab992c4

SHA1
a8a7d051605281cde5b58ec267d390b95605c6c3

SHA256
b49a998a582e341c0c2e73bcc5a44a9e66ecde089237fa5d8964fa83a2a0d947

SHA512
62697eec768aba06246a68859cdb1b89741d0cd1695382e195e48823d31349375a0b92d8320baf1dad0b80bb46a13ceba50d77c52d8ab75dd54ad9869aac0500

Download Submit
/data/user/0/com.lavoro.compra.vendita/databases/data2.db-journal

Filesize
16KB

MD5
d87688aaeaf472ee2058a2c25a5447cd

SHA1
9af1ab343a67c3a32552a7cbfdb8abab1597754c

SHA256
ae1b3c5a5ba0a7af77cb250e2e44dca74a568959ed0c99c37e207205fc414206

SHA512
35c3ce52ee3eb8895f70c33f16a54ae100b14f55152cb38b60cb64dd423af261389f49591262f575ed66e4e7adf3f47853e9c2b41efa8f05d840fe5fef193993

Download Submit
/data/user/0/com.lavoro.compra.vendita/files/.YFlurrySenderIndex.info.AnalyticsData_FHVHX8QSYRFSTPTJ9RFD_284

Filesize
88B

MD5
d59a25bcdebf54d9b2875f42ef7a1f6a

SHA1
02273af1eaea381578d638138cfcd77d44598c8f

SHA256
b882b1d2abf140cb00f86ea2b94a7f9166d3f577af103162c38f2ef653c12bf5

SHA512
f11ded55c7f72a42d066502b14fa5c2b3bb3059a34a9a3eec0cb3c9d5077ac9f23191f8baf08719fee08cebacb7317a6b55a2f19a94f4474310763e34f51fb95

Download Submit
/data/user/0/com.lavoro.compra.vendita/files/.YFlurrySenderIndex.info.AnalyticsMain

Filesize
72B

MD5
2cfba917f4360ea4ede416f9afdd3d47

SHA1
55b5ab074822f3deaaee9b1d14648e1b7bc1eb75

SHA256
4e66ac52a677d58de58885e8ec0f95260809bf3d6842e91545023803f50c1ee6

SHA512
72a928d25f5a952f7d46287593ce9238592f1728667906d55003ed62df0d6b541e14de8b88712025733a0db1f1111024560689fbf453a19e8048c1a1f3619516

Download Submit
/data/user/0/com.lavoro.compra.vendita/files/.yflurrydatasenderblock.5ce1e72d-1033-4be0-af31-5ca9ad73abb2

Filesize
368B

MD5
b3855af2cc3c853e7c764b61bb05e4a0

SHA1
bb1734cd4cfaf7be05c4304ad4333b0980591069

SHA256
b3080bdb75d9af4fa0b171e1da547b6b34d8ebc643eb2b221679be3094306151

SHA512
8997c3a307fdc230de968e3fd4a135e49a964d9423c0b7af7a1f9dde416d526dc98becd2d1acdcd0ad50024553de97e1b2b418d991e47a780e9812a2203e20ca

Download Submit
/data/user/0/com.lavoro.compra.vendita/lib-main/dso_deps

Filesize
432B

MD5
34dcdaa5501a26554c076196bef2aeb2

SHA1
2c2c4407bf2dec8bd607e87a45ae8d5cccf094ad

SHA256
1f02b5454de066746e5310db88e59243a579124dc3d127e22b58d8957a2ebe33

SHA512
e4cf90888ab614db94b40dc90c88927df87bb906651bbfaf06a6c569f402dfa0a42f4e861a32bfaba3ec0b1862e8444888ae637f21f558dd80d134315b4557a6

Download Submit
/data/user/0/com.lavoro.compra.vendita/lib-main/dso_manifest

Filesize
5B

MD5
c06857e9ea338f3f3a24bb78f8fbdf6f

SHA1
c5a0a2529d2deb60fec041b4fbd722a2ebe31702

SHA256
957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

SHA512
29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

Download Submit
/data/user/0/com.lavoro.compra.vendita/lib-main/dso_state

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
/data/user/0/com.lavoro.compra.vendita/lib-main/dso_state

Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit
/data/user/0/com.lavoro.compra.vendita/no_backup/.flurryNoBackup/installationNum

Filesize
100B

MD5
2e921e2c0770d957a4ce92023125b1ee

SHA1
68bb327c5fc4869b696ec0138688bc5d98def59e

SHA256
81b4c29f15b35e8bfa894b029576cf5862b270e0312f660f8a1e7388aa097eaf

SHA512
75abaf0e04e33ce9914ceb44c7c5903afd2a06c1726f0758c4cb86e26646e4b122368ac2c88829313820f85a074af50caec694ebf8a36fa7b05e18e528ac8475

Download Submit
/storage/emulated/0/Android/data/com.lavoro.compra.vendita/cache/FavIcon/500f691df7747fce99c0ce48f5b243e90 (deleted)

Filesize
919B

MD5
c7f9d0cc0623972100b3785a814c5e7c

SHA1
3246e6b92a3b536db07d545fe6134d1f430cb183

SHA256
95dac88b2a37a7cdd2486e2fce8c7e51247385741b29d56e447479c6a6a605cc

SHA512
40253d9667258dabc3ddcad3ff267729a377f274ace4cce7ceb3ec5b56525b17c8399a5810d4c93feeafe71fbe9e74e41f0c291a40c6829eb28538817d176457

Download Submit
/storage/emulated/0/Android/data/com.lavoro.compra.vendita/cache/Object/journal.tmp (deleted)

Filesize
32B

MD5
6a1f76b33dc12d82e5bdc8d0653ee225

SHA1
65607c78d23758ee27275e5c25c75395c7ad39e6

SHA256
e89a1de7e24075f85893cc146fcc21d1c3eccf9ed6d7d099f0a63a3cb2680c64

SHA512
114f78f37c9dab14d543b0fb1f05b6f4c4617323032e0e719731fa64276e47f8ae0823c8f11c9cf4810759284498d1235ee15603c398a09c40c8a20687f1f3f2

Download Submit
/storage/emulated/0/Android/data/com.lavoro.compra.vendita/cache/http/journal.tmp (deleted)

Filesize
36B

MD5
37e8e716e0e2f4a0b05cd9571d95b84d

SHA1
f8d068f6931707bddb8cd69f706f2224ad1fea3c

SHA256
7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

SHA512
e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads