a4a1457a068e14ce2dc61d997bd7515b12f5c7d447d50608bc138f8e4d13eeaa

Analysis

max time kernel
48s
max time network
180s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
27/06/2024, 08:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

A4A1457A068E14CE2DC61D997BD7515B12F5C7D447D50608BC138F8E4D13EEAA.apk
Size

5.2MB
MD5

780f4e6f1b04c62b1b38dcb6b42d1eaf
SHA1

17ac26030f34cf954adc965482ab57dfe69c47d1
SHA256

a4a1457a068e14ce2dc61d997bd7515b12f5c7d447d50608bc138f8e4d13eeaa
SHA512

074ede4620586f90cd13f75f1cbf0804372fdcd2ce788b30c1f0e683a8ac012f49b95f35bed7482710b7194b48dcae018890fa8303f0804cdea869ed47fb9bb8
SSDEEP

98304:5WcTRUAhfHDGlXSGzP8ddiapZ7F4cQPgPzJNsERMRCoMDok7hINx9MnIRe:5fOzN6T4exroMckmQIc

Score

8^/10

collection credential_access discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.suthakar393.PAN_TO_AADHAAR_LINK
/system/xbin/su	com.suthakar393.PAN_TO_AADHAAR_LINK

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.suthakar393.PAN_TO_AADHAAR_LINK/cache/1582435991586.jar	4482	com.suthakar393.PAN_TO_AADHAAR_LINK
[anon:dalvik-classes.dex extracted in memory from /data/user_de/0/com.google.android.gms/app_chimera/m/00000000/AdsDynamite.apk]	4482	com.suthakar393.PAN_TO_AADHAAR_LINK

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.suthakar393.PAN_TO_AADHAAR_LINK

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.suthakar393.PAN_TO_AADHAAR_LINK

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.suthakar393.PAN_TO_AADHAAR_LINK

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Checks the presence of a debugger
evasion

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.suthakar393.PAN_TO_AADHAAR_LINK

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.suthakar393.PAN_TO_AADHAAR_LINK

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.suthakar393.PAN_TO_AADHAAR_LINK

com.suthakar393.PAN_TO_AADHAAR_LINK
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries the mobile country code (MCC)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4482

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.suthakar393.PAN_TO_AADHAAR_LINK/cache/1582435991586.jar

Filesize
9KB

MD5
e8e0527a01aefdb89afd2c508f131da1

SHA1
f1103e6b260c657ceb3d95f1b023af3fda8b133a

SHA256
f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

SHA512
fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

Download Submit
/data/user/0/com.suthakar393.PAN_TO_AADHAAR_LINK/cache/1582435991586.jar

Filesize
20KB

MD5
fde2ee00cbd121cfab5290b078aa3ceb

SHA1
e2b77d5320e155e413d040a8c20020962065b2f8

SHA256
2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

SHA512
a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

Download Submit
/data/user/0/com.suthakar393.PAN_TO_AADHAAR_LINK/cache/oat/1582435991586.jar.cur.prof

Filesize
85B

MD5
57216efd9bed40e4888a3ec86b8a1a53

SHA1
4a43aca78e0523d2cc49fd0bd855f51c1ddfbffb

SHA256
5278f76d77d7c6583e9998bca58f1216bd1edd85cfe40a1783b8982d595bf39f

SHA512
e5d241798c8a570498e1b9b737d78ea9933d6f6e53e8b2076dd69e5742501952aa1d65f20c977cc7992fc455deb64f82c13809be742fae519792dc9153a64614

Download Submit
/data/user/0/com.suthakar393.PAN_TO_AADHAAR_LINK/databases/com.amplitude.api

Filesize
40KB

MD5
4317370513233c62df53ffa5288fb605

SHA1
dbbeca700fcda00c627d837c53f4b7ec6cd77259

SHA256
5d76800b2fcaf1a0c728611aec05af8be1123647024c61b2774c50134c874d55

SHA512
b267a813f8c4999c41fb6d8e019efb738c41cc265088345e22722082d78a05f4eaa2691e60448a596a3c4dcfc772d05b6aa1e6ce6a3f0643103316cffb16d34a

Download Submit
/data/user/0/com.suthakar393.PAN_TO_AADHAAR_LINK/databases/com.amplitude.api

Filesize
28KB

MD5
d68035e35717addec96ede652145327b

SHA1
286bbf891d4a1c24a0f3abe49695f36ad99fc41f

SHA256
cfcf8ecba197ee775c76401af4e5f07a7cbe8cf2ba774f549aa2cc1f5f6a5a89

SHA512
3b9054435b5251c3a42f4ce0d1af741dec661c820c8c105e6d57afc254e5a4943a245788161b46851cf3a8f1acb6af41eccea76e06a7789aeca4e67565558e1e

Download Submit
/data/user/0/com.suthakar393.PAN_TO_AADHAAR_LINK/databases/com.amplitude.api

Filesize
28KB

MD5
f11afd34b89231881b134a1688fc0a22

SHA1
4c1b7575083f86ac89a888f03c965d173e5b266e

SHA256
56934e668817351244a78e603407e322e611fe8d107e50c563d4bde5b9f22259

SHA512
36ef1d8000590545567d782550ca92357747fe237e54908ebb286946e88246d3b1e2304badca0c1fd5c7f71cb505404cfaaeba4d27aad792e5437f39012e71ef

Download Submit
/data/user/0/com.suthakar393.PAN_TO_AADHAAR_LINK/databases/com.amplitude.api

Filesize
28KB

MD5
75bfd7ae10da6a6f1399dcb90c39ee3c

SHA1
a7ae889fa429b8630264ac6d52d4097ddeaa2d87

SHA256
fe77729e2da3cf7e686ecf576bdfc358e4dc8150549d4ec2e2131fc6965d6a5e

SHA512
8a9285c610cf3fb9233a70cf2581bbe1a24771507d45a19642670adca92de0d8bac8d573bbc67b2591651795103cc969ae58d525c277b36f90a86e59bcfb4465

Download Submit
/data/user/0/com.suthakar393.PAN_TO_AADHAAR_LINK/databases/com.amplitude.api

Filesize
28KB

MD5
8b024f526d0a28394b24716f10085e46

SHA1
f8db07dda898db76304b403f99826901cecd98d9

SHA256
fe4f329e4a861af94de2d9bbc8009e9c4dc25ad0d106de79548a8ff5a809878b

SHA512
06a4a9516882c9645eef5d17459ef39fd12ee7d4fd5a9b78fa3d94dae9d1baf680d49e789eb29857923483f2b9a470ddcbfb2947b227beb81fff4d63c099aca5

Download Submit
/data/user/0/com.suthakar393.PAN_TO_AADHAAR_LINK/databases/com.amplitude.api

Filesize
28KB

MD5
bee684223941f9f9acba2f5cef60b2a1

SHA1
a7b5276d262996af11990b238d8ea37c4d59caf8

SHA256
0e5e7a41f3c0255cb8e30e3aba4e110a7dee24a56bfbd536da328b87341c5571

SHA512
51dea727236d0e21656e47ab3709a5b685c8668f55e2842b7c1a087fc665f3e95c337dd9e1e588995159583fd9c1e3914896a7a2c742ea07fde5dc339bcc534e

Download Submit
/data/user/0/com.suthakar393.PAN_TO_AADHAAR_LINK/databases/com.amplitude.api-journal

Filesize
12KB

MD5
c03415970a4cda80c1ed4dbde3188228

SHA1
c5f8d719078271a53eac74e2bbbf04970432ec57

SHA256
7fc8f55e14a2088baa54f90e5fe6fb5020e2bce1c63062bd931ff5c2762b3b6b

SHA512
15668eeb81457a9b6875275ca3f3a4f350d74dc7944b59b2e57f34792313bd0896c6eb40fe19e8f29a8460dc12e5391dcc74c5b74dc8a88153ab7792c2589b4e

Download Submit
/data/user/0/com.suthakar393.PAN_TO_AADHAAR_LINK/databases/com.amplitude.api-journal

Filesize
12KB

MD5
1885d117af45c38df1ea53ad388a3c4f

SHA1
69d8f934a1d79a02c125ebd1a00770e5ba6a2cf0

SHA256
15bd108bd61f10a76b559b0e2707b5a0908a57d85ecbcbacc717c3f0eaf73274

SHA512
9ce98c4e08de429c9075554e7200ac8dbf8a6756638331dee0ee506ebe075d363c9d5e83d92ee43ea2d65ae69aeb122861650de695f6d651992123da2fdcadda

Download Submit
/data/user/0/com.suthakar393.PAN_TO_AADHAAR_LINK/databases/com.amplitude.api-journal

Filesize
12KB

MD5
3e79fe84a2842bbd55dd56c0fe9cb1e1

SHA1
f44b6e650d6b8951b0d2bd87ad17478902198600

SHA256
034d5b89b6d4d4265c2b1a215fcf443bcf55228e2fe141f2db42f296775354e2

SHA512
76138ac5b22f9547b818889b3d4c121773b9416e0dd68daf5e50b1ccc228bf4255076abe67cdf31323ec6be981214e7450f414fb61425fb474f0a6019323dc45

Download Submit
/data/user/0/com.suthakar393.PAN_TO_AADHAAR_LINK/databases/com.amplitude.api-journal

Filesize
512B

MD5
24992ddf4b9d7ab8a11b66f05333bf53

SHA1
5cff11e6e898b408f309cb0915a231edecdfb0b6

SHA256
d9e9bba87e9a332499d26ae5b66588594002456a13b9cf4ae62344778c2a08f7

SHA512
169bc2ff4ac7b89d3037a94589d8117414e2ab18278f1baab8a265fd3a3274630a39d7ad33e6743756010a0b19941f2dd957a31635427a2adb7a4228dd87687f

Download Submit
/data/user/0/com.suthakar393.PAN_TO_AADHAAR_LINK/databases/com.amplitude.api-journal

Filesize
8KB

MD5
3814217c614a6e41e767f347ced22ba4

SHA1
748ee1be32b26a9f98d524236cd1419bea758114

SHA256
ed3f58551e575696abaab7dd7087346fd3a622329a6eb1dcc15983b1117f431f

SHA512
24f4aa0bbf9d09a10959a4956b81e123770ee9e53d26ef73ce4b066334037960354e6fd8ba5ef56ce3ec51ae03889e5421911093034f77f9b89d42e3c22c6046

Download Submit
/data/user/0/com.suthakar393.PAN_TO_AADHAAR_LINK/databases/com.amplitude.api-journal

Filesize
8KB

MD5
39f97dfbaedf052ca8ac70a068c0e651

SHA1
484a8b13d97a2483122cac963092cbaa234007a0

SHA256
05efdda9d42012ee42b6d839a819baa08d0463b59900a4c3de19efb4128c8cfb

SHA512
23a893814626211e7e542c0c092df877188bf28f541f8184fcf988f05aa790a45d299dc595bceb81ec24aa3dff8d9cba3892da0b5e7ba7effc741c6b634c8814

Download Submit
/data/user/0/com.suthakar393.PAN_TO_AADHAAR_LINK/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/667D58BD0039-0001-1182-6B7B739F8CFFBeginSession.cls_temp

Filesize
79B

MD5
fbcdebad2ee8e685160734709a5a896a

SHA1
8a6aaaa619c0108b351f5b0b7d414a0c9cb7948f

SHA256
a93a858781fd9a328310a1e95793aef2ac4c13c65cdacfba3f94fc056e9106fe

SHA512
af38d299c16f1826e150c7e151e83f5a403c642d729d6f35ec75d4d9228b7dc90607d4329a4617d3aba87203951b5301b82fdad58a290304831f2fe3ddbbf37c

Download Submit
/data/user/0/com.suthakar393.PAN_TO_AADHAAR_LINK/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/667D58BD0039-0001-1182-6B7B739F8CFFSessionApp.cls_temp

Filesize
110B

MD5
359c273b75d6fb2389dddc65491b618b

SHA1
68ce1f854722446aeaa720082d4be547758e46f8

SHA256
6f0159e30736abdcbc5d23b35c6c3c410a9385c5c99432aa709f00e748b9d01a

SHA512
d5d26c487107d369024f8d5ada7ccf4f867d357e4026a73f786e2458e522a8a951f598a855b5f149cccc22cd8977eaf24f9423ed5ed50cb5b02040c1b29a7e42

Download Submit
/data/user/0/com.suthakar393.PAN_TO_AADHAAR_LINK/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/667D58BD0039-0001-1182-6B7B739F8CFFSessionDevice.cls_temp

Filesize
88B

MD5
14590b48ca34c933fe0401e854dc2d76

SHA1
68256372c4efae369645ff22e2883cca068fa403

SHA256
f327d213b79d4753b2d83960c1211aaadc4850054c19056633f51ab2b4c9a260

SHA512
0297b719a9d70817f491b5b53c647a789860064856057b6ba08f7e0cc5fa5af1d604dcd98879cdab8a14860cbe3ecb89354f9dceb35c9acb6f0ef82384b95811

Download Submit
/data/user/0/com.suthakar393.PAN_TO_AADHAAR_LINK/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/667D58BD0039-0001-1182-6B7B739F8CFFSessionOS.cls_temp

Filesize
15B

MD5
b3d9541cc92a9153d14e5160f8d8c008

SHA1
2e1ac80eb381dd82a03795b682f92020348c0113

SHA256
1ead5b213c87f182ffce484c34f7d9f140ad3425c0f303f460492efe8a26c56d

SHA512
78074409135a210ba4e1407ad9b3f784f5683e83aac4ce3482d4e8135425cf2b30db1ff5dd0041901c490a551a477237c6d255671c7b1fad74090980dcf3334f

Download Submit
/data/user/0/com.suthakar393.PAN_TO_AADHAAR_LINK/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
459B

MD5
55b667ae406169a16cad3eecd6011cea

SHA1
3d85e42e414a6e7bb49447c8852025ad991df76f

SHA256
2d4760555e4265ad0ef2d25f19daad570d02ea5469acdb225915a89974593db3

SHA512
0cca9d47cc959ede96f21d432db2fec76a76ab181f67eedf10f5af04a7c20f4f2f9ac13156ddf5569f725791aa23f986e6219ab873f49feae320e7605d2ecaeb

Download Submit
/data/user/0/com.suthakar393.PAN_TO_AADHAAR_LINK/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
7KB

MD5
8009f5ca0f7f24419a222a543eb22ce4

SHA1
306633751977530735331bdba5f77ed215a387cd

SHA256
60263da76535979ce876994ca30cb2074fc722b2403c7dea674825820a84e61f

SHA512
f7804abc76da57022aff3af93c02ce52dbc21648091af3be4b85e839c41066a725eb270588ba093e7aacf6bc9812a938548be913ad0cb899ab8bb6f446265a57

Download Submit
/data/user/0/com.suthakar393.PAN_TO_AADHAAR_LINK/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/user/0/com.suthakar393.PAN_TO_AADHAAR_LINK/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_0096bf2d-0b23-4a32-96e5-ba51f10a9fa0_1719490749546.tap

Filesize
362B

MD5
c766635ab290b811dab92b4ce1176316

SHA1
27981997ce4be8d1d6fed4df1024c8e0d262e086

SHA256
92bf2072af1f7c690e751de31ad853a66486338243440184edea9a0d5b2dd8cc

SHA512
8cd248441ddfdd18dd77e261d84bc31b228406a96410bc1d84a96a3836bf675e43abffc2430cf0b55d4b78a4188443b8a8281be2610acfc1780fe88d5d3c9a59

Download Submit
[anon:dalvik-classes.dex extracted in memory from /data/user_de/0/com.google.android.gms/app_chimera/m/00000000/AdsDynamite.apk]

Filesize
2.4MB

MD5
22f5f412be1e027b1b27130f2e5b150a

SHA1
77d3872dc8d055c0bd8513d5374f5cc5b70f57b0

SHA256
7e6ef684cac56dcd6ac78ac8b297af364d050bf2513e22c9cae71ce083a8bd5e

SHA512
6c82f6ecffd3cc5820bf30b71d5bb766f5d46ceb4bbfdce261e52c5480952653bd0b551627e5a434f6866f07b85b14ab3bfe4875532528433eca0b2dc56c42eb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads