9175baf1c90188b01b3e35b90ef72c9dd2a88a66aa95022f58103016b7524744

Analysis

max time kernel
63s
max time network
75s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
13/07/2024, 17:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

LocationEye.apk
Size

6.2MB
MD5

f9c0a3c6293cafcbde9b121142fb0efc
SHA1

0b8be92bfe23c9c42950fe1c50152d6e1e3a966d
SHA256

9175baf1c90188b01b3e35b90ef72c9dd2a88a66aa95022f58103016b7524744
SHA512

c38d489042ba41df7ab6632b26b8ab3ab719427c66663c02f090a77c8697c8b924549781eec50773dc0b4a0cc4d6cec821e87317173818e072871df6c7de9d50
SSDEEP

196608:rj5iXh2vtPQq1bo/tZXck2jLH5CtXfJ6p8j:uetYuboDMlH528pg

Score

7^/10

collection credential_access evasion impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	abyssalarmy.locationeye

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	abyssalarmy.locationeye

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	abyssalarmy.locationeye

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	abyssalarmy.locationeye

abyssalarmy.locationeye
1⤵
- Obtains sensitive information copied to the device clipboard
- Makes use of the framework's foreground persistence service
- Checks CPU information
- Checks memory information
PID:4353

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/abyssalarmy.locationeye/files/profileInstalled

Filesize
24B

MD5
b12349cb59879a9f185eb46ee21ab86b

SHA1
da4046575bd9cf7b2ce83a292712d6881de0b3d1

SHA256
98a444a1371dc32118bd3f3ac3b98589943dc7184247f7ca171cd6f9df51221c

SHA512
7fe9fba8b265a36a2da098804b541df77c32bb2e68dbec183e1687ae1eb9f0015f936abb3b155e594859f7d610881708b6cd46ba5c8c92b414cbaead7baae6ae

Download Submit
/data/data/abyssalarmy.locationeye/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
66f5b69a60d15d853ef5516aba720d2f

SHA1
b1b844a2290587934c0a9f44619560d1e793f600

SHA256
68bed8299fd004d93504f623b9ebd3e1bfe9ae8dda3867b2fdc9ffff9bad2737

SHA512
c9fc8c9d811e3c87bd0fce9a8c9c55de5a3f19eacb234d50a7dc6a7709f29a4db50f489ed0b697c7fc15aa63a5cd56039a19fd630aac6f4a0beda9b2b03523b6

Download Submit
/data/misc/profiles/cur/0/abyssalarmy.locationeye/primary.prof

Filesize
6KB

MD5
8a73490d6bebb43a1e55216f9f0c5f42

SHA1
51fc4580fc81ba6fbb1930dcfd54d78bd0894281

SHA256
11703667b50786b8d87e650320a480d7c99fbe37f459be143ad86ea5e0d38359

SHA512
a7fbddbe11644de527b4d6869b5fe6f705b766f023abc4a23910040e3d07ccb4feaa0fd046fd0fb9b34e13a8e3f1b14ff63bc5d1c3312ac307b46323959bcad1

Download Submit
/data/misc/profiles/cur/0/abyssalarmy.locationeye/primary.prof

Filesize
13KB

MD5
29c9fd1859863a644601d09f3be82a9d

SHA1
7ff72491411c31651bc49f7faa7010fa27df5c8c

SHA256
ed065aa6e29d9695da38dbe3244f405a1354f526a96b96e0c609a43187419893

SHA512
5422dff10591cc4b0b28ef608adaaeed3e9557cf50378d128e7f1f0e27813e8fe99166011c63aa7d89b144033c223be68c936a52d7f03ed018d4c82bd572b1ef

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads