d8fae0867ab1a7f159c2204b7bf2000c32d8f60f79ad6535c8be5a23529c903f

Analysis

max time kernel
157s
max time network
131s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
27/06/2024, 08:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

D8FAE0867AB1A7F159C2204B7BF2000C32D8F60F79AD6535C8BE5A23529C903F.apk
Size

23.2MB
MD5

5bb386abf3404da1294c5f9511e92d90
SHA1

c1cdfb121cb07a502f3adc48ce30f1d7ebd03dbb
SHA256

d8fae0867ab1a7f159c2204b7bf2000c32d8f60f79ad6535c8be5a23529c903f
SHA512

6e5b5d9de2faff53712228ec3c06cc421315dc210a846e67978911aa39404b0a071f8eae185bba1ec37f70d13d128d3d5d08baddc0dc08867613e0c20e363298
SSDEEP

393216:ELLmSHaS7OdeFXBxIl5Ch7f+PY2YwTpMHTLoYBFgERXcEjIgKjffAe6Dwa+V9i:QLN7OQFXBh7fOY2hOLoSgER5rgCwtE

Score

8^/10

banker collection credential_access discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	mody.stepcounter.application
/system/xbin/su	mody.stepcounter.application

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/mody.stepcounter.application/cache/1582435991586.jar	4477	mody.stepcounter.application

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	mody.stepcounter.application

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	mody.stepcounter.application

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	mody.stepcounter.application

Checks the presence of a debugger
evasion

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	mody.stepcounter.application

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	mody.stepcounter.application

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	mody.stepcounter.application

mody.stepcounter.application
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4477

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/mody.stepcounter.application/cache/1582435991586.jar

Filesize
9KB

MD5
e8e0527a01aefdb89afd2c508f131da1

SHA1
f1103e6b260c657ceb3d95f1b023af3fda8b133a

SHA256
f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

SHA512
fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

Download Submit
/data/user/0/mody.stepcounter.application/cache/1582435991586.jar

Filesize
20KB

MD5
fde2ee00cbd121cfab5290b078aa3ceb

SHA1
e2b77d5320e155e413d040a8c20020962065b2f8

SHA256
2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

SHA512
a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

Download Submit
/data/user/0/mody.stepcounter.application/cache/oat/1582435991586.jar.cur.prof

Filesize
153B

MD5
f9431a0cde5766b6a47fe517f0dbe91f

SHA1
41ebffb9e03db4e211961286e6c233726d1c704f

SHA256
48409024aacda3669e2112419ca8742dedca12f5310521730db60c8387710616

SHA512
3102a350b8cdbfe686564eb79892a609f3cccd74d4b420f831156b1c57b736853f1cba0988d4dea7bf728f341e3ed2b997274684726afa2d97d31115e5213382

Download Submit
/data/user/0/mody.stepcounter.application/databases/Steps-db

Filesize
28KB

MD5
ecd9ae2fd188142ad75125d0c62d4ca0

SHA1
53f20d15b2fb6087a9da7935b38630201fe5c3cc

SHA256
81cb5724c195382df710ad5e11e093089d5eec1fa67d376eeac6ceaf2d21152a

SHA512
dbb12cbd7e2a42232ade4c717ea60d84807a01a09601894b6f198c757476cece4dbc3539cc6f756741f05d054d09b1b46fb5d9e74dc43dc1f96fbaa5fc20533a

Download Submit
/data/user/0/mody.stepcounter.application/databases/Steps-db-journal

Filesize
512B

MD5
07154f4c2b778b77cb4fe3e0991a51f8

SHA1
0375047b5c75d453e2841bba8dc691e3173bcddb

SHA256
56c5424d8637d46d14aaff0d5b73c8813813f2b992839caedf2b5239418ac372

SHA512
29e3619f2188df2026666d3026e58c522670a676fa145acae4de36aa683cacfefe46b719929ceb7c679c6561946c28b21abce6979b17f0b4a91ddc15a6009fba

Download Submit
/data/user/0/mody.stepcounter.application/databases/Steps-db-journal

Filesize
12KB

MD5
9b438101648bec6c8bf1ed85bbde9ce3

SHA1
4fdc086564c24d5e620d8c11be88b19e5722b3db

SHA256
88cbe208780d7895a41db0e2fce72b6a5047fa8a760eb1410ea764dbec8d1bb6

SHA512
f6f421973d156c81e5b974305aa81fc6993bf411562b13e200d42663ec7a93aeade01be9180b6afadf2296d0dfebd75efd9e7ade09f4095e81ffd86c37f42e80

Download Submit
/data/user/0/mody.stepcounter.application/databases/Steps-db-journal

Filesize
8KB

MD5
9b9d2cf5de260f5889b34353c5456b0f

SHA1
ff38e9c1bc724e16ee1a63a37df323d05edd03a1

SHA256
6eae98c9c26d849c123a1977835a043fae47e9d5756b00f1a2fb0e2775df4225

SHA512
3fca613c477b031e27fe02ab058ddcf7e9d0ac5735438d7000daadfb2a49d7d3d1ece67b84216fcf12ac6f97b4d13ad590f6d7a32cdd0214d2340567b4210152

Download Submit
/data/user/0/mody.stepcounter.application/databases/Steps-db-journal

Filesize
8KB

MD5
9d7145ed5efd6a1b9c29e0adc49db705

SHA1
b62b0dad808067072deb244e4d2e2045fd8e07cf

SHA256
ff30faee25ed6dc50b581def88bbd5263bcb10c6aac1bec46af87feb1d036adc

SHA512
c7731a1e7ee1d8a8eabef25f32bf2174b7199aefec9dcd3b8a65ea8f691e9639645cc5b0ab7a197e0fdf414317121ba4156d715d5c590f74b66e3c7ae2972523

Download Submit
/data/user/0/mody.stepcounter.application/databases/evernote_jobs.db

Filesize
16KB

MD5
58c0b6e45328752b20ac6e719ac034f8

SHA1
372b2638afd00bbbc4034657b3df3d2e428fb367

SHA256
9d74f93afa5a179b1ba2f19f154b2880aa8b99c88209802099045a0874d2426a

SHA512
2d347d5824b9ab701e341c89e8327a95fd6bab8e92ee15ce9550da368d773e22bff304072a4854df5ab763750a7401f7aa61a49e3292d62c27fa9f20536eb3ab

Download Submit
/data/user/0/mody.stepcounter.application/databases/evernote_jobs.db-journal

Filesize
512B

MD5
ae3427d26f9ad11416442eccb5faf64e

SHA1
c6766f7a020bbe84a45866a7c44eff2cb52f8fcd

SHA256
fa7af461a35227ea5444c84cfd74ecb30e087bc28f285c7f07c1ad9e6efc3d68

SHA512
90ea68a3b03dc1ffb9c3bfe0413dc69f7b16450f7095350d4786b5b43aee62e14aa942428dcb0d58607a3b83a8be107c892fb28ee47d622bb4c3470d2a76d01e

Download Submit
/data/user/0/mody.stepcounter.application/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
c52218ada247004186822ec1b5f73d53

SHA1
f02b4508104fb44a2c7f1363613664abe24272db

SHA256
ae0ba40184f0fe51acd2d59242d3a1659e80173b810248462432c8b3e2287913

SHA512
f68bdcadcf657e38e1e6fffe85211f71d1230eee347c6d4853b75e90f11a10251c6e1a15cdae3734ded86dfea3dfed1ae6eca2560aace0edc77a03fcf1c5fdc9

Download Submit
/data/user/0/mody.stepcounter.application/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
59d2f912ad4429645e73070b5d110753

SHA1
08d64e679df495e486b027046d0df13e2d11c614

SHA256
de284a947fdb29205918bf1f441b10bf7f4ec9983bdf9386bac221798679d644

SHA512
597d0545efecf9a5b04a2e57c7bbc8bd73d8cd08cb7a56a7683c5a9befb22b4cefc2a3a7e06144f229a0c43fc721225f62998ea2b2cbb912726bac5aff1fcf6e

Download Submit
/data/user/0/mody.stepcounter.application/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/667D247A02E0-0001-117D-BD61ECCCD432BeginSession.cls_temp

Filesize
77B

MD5
43b4d490188c32f316a6e8c4181a1ded

SHA1
4a69ba6dca680d108ef1d6ee67c8ef93440fd2e4

SHA256
9d3ae5a1d273dbcdd4e52293f84584d167b656ee8eedb90e6595b6df692bd471

SHA512
7d0671bdc0027b4789c384372d4f1598933eb18d865bf6726f97568c460fe4707b5c11eca93b84a15124142ad23d561958b0e21cfd113e448d6eadad326d9639

Download Submit
/data/user/0/mody.stepcounter.application/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/667D247A02E0-0001-117D-BD61ECCCD432BeginSession.json

Filesize
132B

MD5
4a65d24a88804d61ecedd7a416a71002

SHA1
e6a006a99c7b3073f974737d5f4014d4b7cc14f0

SHA256
bac7decd0f39fae1973a266e4aeb458e413d826a94330aa316635e1cf44ddb77

SHA512
94dcf4fc3e894b780e1874e1426db733190ff96c6a1f8a26c65e3504632f89cf377346cbcd001f30f76a57c9d9620f381db35ba9c67897a6f4a99df389e443af

Download Submit
/data/user/0/mody.stepcounter.application/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/667D247A02E0-0001-117D-BD61ECCCD432SessionApp.cls_temp

Filesize
122B

MD5
2bbc7621000476bc38b1f744967d575e

SHA1
bb4d5e224b527417a1398e4f49091c497d39a95d

SHA256
72050634f0e42f2a5796bca56194163f7428531146c4c6dcabd8c82c09e10978

SHA512
e7262a4c167f7561dc7ed1c5174962151344a0d4e8301aa26b3097e1a92d004ffc2d3229076acea3c867d2348f4543e8677b8d7cad3dcff737d6d946ac197406

Download Submit
/data/user/0/mody.stepcounter.application/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/667D247A02E0-0001-117D-BD61ECCCD432SessionApp.json

Filesize
236B

MD5
7e363e7c9bb954fa920e1f68c344fd6f

SHA1
44099e95536b4c8ff0cd2dc38d80a77568921e86

SHA256
d9f36b95b647ab52af9edb83ce554fb1586889ff764a84cd248f909a9219bc45

SHA512
1658ad144a29be77861f4cc864593ee1bf2ed9f288ce42184744034fc19d253f035407d2c2b51da2c8a449bd57e9275983498aec8036d484a32c61edd24873b8

Download Submit
/data/user/0/mody.stepcounter.application/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/667D247A02E0-0001-117D-BD61ECCCD432SessionDevice.cls_temp

Filesize
48B

MD5
fd6372364a5c5c9cf8945ac3ea7a5d94

SHA1
3c798cab71f6ae7a81e71e58712368231230588a

SHA256
7400bf714ca32b64dd89440c9d5ace4e0115ddce44d169839e465df0e1638641

SHA512
a18b18d061dfd979bce1e0b769009668c322300e7174f51d2532e86dc6018769194507a106dd30b97317f8c1a7539d13a7baeab2900c1e00da7c74e899dab276

Download Submit
/data/user/0/mody.stepcounter.application/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/667D247A02E0-0001-117D-BD61ECCCD432SessionDevice.json

Filesize
202B

MD5
eeeb942571fa704cf8ae49731fbe9789

SHA1
b5989c4cb932ffc779ee25bb3f7bfb79cf720427

SHA256
78809f7ae96de01e3922b6d3a134c3f7e9a0cbdacef313f70e8d9345bf5fbd71

SHA512
71e55c16f9f8fc936f8607448916bbfa1ba233b7120b8676fe11552916ac4dd3e3a7b0f9c31e14048933c8bb9c9d6d630ab7d28389f31749640cc965b2636565

Download Submit
/data/user/0/mody.stepcounter.application/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/667D247A02E0-0001-117D-BD61ECCCD432SessionOS.cls_temp

Filesize
15B

MD5
b3d9541cc92a9153d14e5160f8d8c008

SHA1
2e1ac80eb381dd82a03795b682f92020348c0113

SHA256
1ead5b213c87f182ffce484c34f7d9f140ad3425c0f303f460492efe8a26c56d

SHA512
78074409135a210ba4e1407ad9b3f784f5683e83aac4ce3482d4e8135425cf2b30db1ff5dd0041901c490a551a477237c6d255671c7b1fad74090980dcf3334f

Download Submit
/data/user/0/mody.stepcounter.application/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/667D247A02E0-0001-117D-BD61ECCCD432SessionOS.json

Filesize
55B

MD5
fc1dcee4e422d77e7fab7c08c8a41344

SHA1
d5340127e9d5f735b9d33b9dc61c772fb0e2dc15

SHA256
b843f05ed78cd137c272ba7f0ce8ede3aa853098a856863e51d5c223b58f21c7

SHA512
3ec07617e3e1008572f6f2528de9d4b827050cc5a7cf19a1604c961f9ec370ede6f5fd83bfcc252c0ee286fe244ee6734046ef1aa638dcfc689cd4407a6a8f61

Download Submit
/data/user/0/mody.stepcounter.application/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
901B

MD5
b55936a8e2783bb96c057170af6d52b1

SHA1
27623e870145a459dcd99c35a7830df3e4ae638b

SHA256
7e3ca2ce92cb51335970018b30e3e188e982ebecac7cb0d66b4894fffca28fb5

SHA512
54a843f60a748e74ea80a8cece21e0b4d9ca614924a940d54f59f256612421e0995f6ebbb5426c7ce7ac7b2e27cd5355a8bc924da347912e7c63269f0eec4f1e

Download Submit
/data/user/0/mody.stepcounter.application/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
440B

MD5
44625bbbf495396698f1730ca08090a5

SHA1
ed4ed9645632f8c3fe530cb5b90554396896a547

SHA256
45eb42d627d0bebdb7febc3827463cd81a8d64107243531b72d1a58dc780d773

SHA512
2c68cb0a13daaea5409c5bbb6901579e34472900e6855719a03838807445049bf9c8f01495239187394838206d4c708fddb81567b5158fd209ff7a2b8610e9fa

Download Submit
/data/user/0/mody.stepcounter.application/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/user/0/mody.stepcounter.application/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_017be918-f930-471b-8a26-089032a07383_1719477371044.tap

Filesize
355B

MD5
75c2007278508409d91e8065a9a546e0

SHA1
7b1e7c45b6119bfd11a04845f25c453c397ea921

SHA256
88de3bb5b14c40c7f2f396b5dfa4c2434159a91e76665e8992035af25f508b74

SHA512
64feccfb85e017c1b4d4323980177b28d41065ef0b0de1c6f35ac355680b8fac90da356dc3abc2e6ae6832479d3b8123e6bf0cf8180b4c86f8a74bf83c2dc58b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads