fbd62f0273f0f4f7f9937bdc8a2d9d3cb0ce0687ede74a4a8c34e9c601688db1

Analysis

max time kernel
80s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
13-07-2024 01:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fbd62f0273f0f4f7f9937bdc8a2d9d3cb0ce0687ede74a4a8c34e9c601688db1.apk
Size

8.5MB
MD5

3fb2c2368484295cc33db07dda7be124
SHA1

23eb40d927ed79e225e78354c4af7d47f0f93e82
SHA256

fbd62f0273f0f4f7f9937bdc8a2d9d3cb0ce0687ede74a4a8c34e9c601688db1
SHA512

66a3def5c70398bbef54db97f6a8f567e8fdef1a9dc76c2f7a73656e8cae709b7fd05588f67a1b983c59e04ebf527f0faa99de9fb8cccf20b9bc2dfabb89f1dd
SSDEEP

98304:CcGgiTW5I9PDSn7wyngcfjDZLjBRTso56FSm8mvaThSDlD:Cc3+W5I9bccMg+ZHTso5038mvaTh8D

Score

8^/10

collection credential_access evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/xbin/su	net.dinglisch.android.taskerm
/system/app/Superuser.apk	net.dinglisch.android.taskerm

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	net.dinglisch.android.taskerm

Checks the presence of a debugger
evasion

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	net.dinglisch.android.taskerm

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	net.dinglisch.android.taskerm

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	net.dinglisch.android.taskerm

net.dinglisch.android.taskerm
1⤵
- Checks if the Android device is rooted.
- Obtains sensitive information copied to the device clipboard
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4518

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DD3E0219-0001-11A6-30416402C8DFBeginSession.cls_temp

Filesize
77B

MD5
f9aa145d241de615fc6730d96c27b82e

SHA1
b879e1c4c2bc37e2631ff1c4811566cf1dd66445

SHA256
e5be9aa3dc01f6e13108aa6de444178c4bba6d610e502c3abb4200446f0d72b5

SHA512
133dca994f2314d55293bb8e0ed503cde43c7bc46211b826f2d70e96534e43a8105a7e7f65310006e682231379add89ad3ca238dd1b2ffd741ef7ea690619fb1

Download Submit
/data/user/0/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DD3E0219-0001-11A6-30416402C8DFBeginSession.json

Filesize
132B

MD5
42adcf54700508300a8f4bd9edfb839d

SHA1
094e12de3e05c9b644afa8fb0fdde2766d0de347

SHA256
6f400eddc23d51d51111217845bec6f795e93ce7bb08d0dfe02c29e44381cceb

SHA512
a39ea2a23d088606eefc8b169799be83eb49d905224b3dc31f799252d10f65e3e69bff4f031cb2177b2e712848a5f4049a7c4b4a8c87acaed10e13ee1eff1281

Download Submit
/data/user/0/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DD3E0219-0001-11A6-30416402C8DFSessionApp.cls_temp

Filesize
132B

MD5
20601278941ab380fab0d05b25937c0e

SHA1
5546542faf429abaf2b498b5215b7660faea1d8f

SHA256
08da99f08339c8ea3df5a23c519a2eac2c9dcb08640b3c3b7a733378921757a5

SHA512
44abdd01576c2a26e2566e63b837218c979aa36ba0f2b72e4f0f54175f44faa2d1b63d820feac7714b8375d2b2adb32e56f81f76317f1e26ee1998bdff16e2de

Download Submit
/data/user/0/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DD3E0219-0001-11A6-30416402C8DFSessionApp.json

Filesize
245B

MD5
bae3ade8a206236fb69fc7666ee06010

SHA1
b48b2b603c023c7f5068e010f443b340b8908155

SHA256
e6ed24c993f9c423d57f67b693e131a31a354a790dcdf3fcf2ae8e0931d62dc6

SHA512
eba9b08b67781007d4f103fcacced2b75396bf34d6048e38239c31de55252318ae2f362b2dd3e3bdf36b891d35491230676e8e84cb9c335131df817807c3510f

Download Submit
/data/user/0/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DD3E0219-0001-11A6-30416402C8DFSessionDevice.cls_temp

Filesize
48B

MD5
fd6372364a5c5c9cf8945ac3ea7a5d94

SHA1
3c798cab71f6ae7a81e71e58712368231230588a

SHA256
7400bf714ca32b64dd89440c9d5ace4e0115ddce44d169839e465df0e1638641

SHA512
a18b18d061dfd979bce1e0b769009668c322300e7174f51d2532e86dc6018769194507a106dd30b97317f8c1a7539d13a7baeab2900c1e00da7c74e899dab276

Download Submit
/data/user/0/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DD3E0219-0001-11A6-30416402C8DFSessionDevice.json

Filesize
202B

MD5
eeeb942571fa704cf8ae49731fbe9789

SHA1
b5989c4cb932ffc779ee25bb3f7bfb79cf720427

SHA256
78809f7ae96de01e3922b6d3a134c3f7e9a0cbdacef313f70e8d9345bf5fbd71

SHA512
71e55c16f9f8fc936f8607448916bbfa1ba233b7120b8676fe11552916ac4dd3e3a7b0f9c31e14048933c8bb9c9d6d630ab7d28389f31749640cc965b2636565

Download Submit
/data/user/0/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DD3E0219-0001-11A6-30416402C8DFSessionOS.cls_temp

Filesize
15B

MD5
b3d9541cc92a9153d14e5160f8d8c008

SHA1
2e1ac80eb381dd82a03795b682f92020348c0113

SHA256
1ead5b213c87f182ffce484c34f7d9f140ad3425c0f303f460492efe8a26c56d

SHA512
78074409135a210ba4e1407ad9b3f784f5683e83aac4ce3482d4e8135425cf2b30db1ff5dd0041901c490a551a477237c6d255671c7b1fad74090980dcf3334f

Download Submit
/data/user/0/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DD3E0219-0001-11A6-30416402C8DFSessionOS.json

Filesize
55B

MD5
fc1dcee4e422d77e7fab7c08c8a41344

SHA1
d5340127e9d5f735b9d33b9dc61c772fb0e2dc15

SHA256
b843f05ed78cd137c272ba7f0ce8ede3aa853098a856863e51d5c223b58f21c7

SHA512
3ec07617e3e1008572f6f2528de9d4b827050cc5a7cf19a1604c961f9ec370ede6f5fd83bfcc252c0ee286fe244ee6734046ef1aa638dcfc689cd4407a6a8f61

Download Submit
/data/user/0/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
4KB

MD5
e2ae0b74a2920cb262189a27a6a330a5

SHA1
fd110d6dcadf606d4e756cbe613e23c260d15217

SHA256
feb39ef40c353ad51671c763fdc0420a8860d17ed0f3d4166fe37900ff36f9fb

SHA512
d821fdd16060b0dd40734a4e57a5b6377ad0fb84b7d806352ed1e7137ba5812ac161252616b4f3b568c6f1af541c1b07fbcdc961406ca2befaa3bd2582b5b8b7

Download Submit
/data/user/0/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
449B

MD5
88be981acb50a2b2ea6143546b4ccfff

SHA1
0ca01d29dc7229740d139f15a1f97d298feef5e1

SHA256
aab1c4ce99d14c70c80c5d75a02fae9d1ea1c4ba199e957bd2eab0ce00c019b9

SHA512
cd8abed3001048a693c2343bd3eb997ff3a73fba68e49964796afb231a0da11ee5916848bf3bd91a8ef6afc1b5199528ffcfb73d651f363845273adb99b5ea4f

Download Submit
/data/user/0/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/user/0/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_269cefc1-d803-49b6-8b9a-85a1ee9c19e5_1720835390949.tap

Filesize
358B

MD5
a4e2c8ca03a8a8c40171e2b7a28acaac

SHA1
46829e124a8fef4f5e1715aa682a215d0a962308

SHA256
76dca5301f2806e2ca4e89879fc6975f76028f1aaf6af8793065e2395e0e7701

SHA512
963ff975b907a606ab3c9e25ce6d22d88774e9fecb91f14d55f043f1e768fded3bdc6b8cbc96d65138a8d900fce59d8f7f639485e0f7d964042a6f94b2779c31

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads