Resubmissions
09-09-2024 06:12
240909-gx9f8avdpp 1009-09-2024 06:11
240909-gxt2jaxekc 1003-09-2024 10:25
240903-mgf3matgml 1029-07-2024 19:19
240729-x1hexawamq 7Analysis
-
max time kernel
47s -
max time network
155s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
29-07-2024 19:19
Static task
static1
Behavioral task
behavioral1
Sample
Mellat.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
Mellat.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
Mellat.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
Mellat.apk
-
Size
6.4MB
-
MD5
9cca6bc6dcd20c4e2e61e21e72bec62c
-
SHA1
a157d6b9f2ba4bd8124f40a8b3e3d3006b21fa62
-
SHA256
0bbd59618f244b78e5ef449c183be032096ed408049cf8a130508ffb928f3382
-
SHA512
bd6310ccd78b474aff7eb317f811e9f326c196bd681bc8a2b697000deb8f44828a620f42b11d43c5e909911eafb38353d6fe4e4be21e2c1055c914e61be3480c
-
SSDEEP
196608:N9ZCIRe20kC4GwFzQ1bjbYjaF8N5jxyBBfLX:lCIRezkMwG1b/iwy5jxyBBfLX
Malware Config
Signatures
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.formelleetae.com -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 5 raw.githubusercontent.com 6 raw.githubusercontent.com -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.formelleetae.com -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.formelleetae.com -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.formelleetae.com -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.formelleetae.com
Processes
Network
MITRE ATT&CK Enterprise v15
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
24B
MD57b73c1dfb9d32052d22f0b001511438c
SHA1abbd0aacf4186f090dab83b5940e5e75d41337d4
SHA25696a34c1668697f955b761f2806010c1996af73a808c923cd32e274aafcfcba3c
SHA512dfd01ca39764c696741caff796cba1fed05076d8c444d83d64a4beca648ae702dedbaf837aa5c538506dfd9196449f78245d02ae6449301a42f8e952252bb89c
-
Filesize
8B
MD53a71b12abfb8ed1be1923547beca5e95
SHA13052b768896775c51e629d5990e4b699efa5a6a7
SHA25677502a08aea4f753a31d9fb2d7912048eb621c3ef2a16f4ba24ea1493a76a00d
SHA5124621676a27d36a944bc810a4be11f2c709e99b68261e04865ed44e7f1e59495e07355903f54985de0aa816b9dc6057736b9d434cafa05d073d0b1ee5663d5e9a
-
Filesize
2KB
MD57dcfa09da25f186d481da6501b55aadb
SHA1431dfef5d23c4d6fb0f2f5a2a90ec8d215475f33
SHA256d0332d7c3a791a2d01ee4ad2cb239c20778d358113cf7ed5447974ea192e1bd5
SHA51284ef089fbf1c51913ede84525641725eb1bead3dbca041924517fe516589e41eda61c1ff7046a3e13d541edffe9f26be789922f5a05ea2dca4a1a827be89b154
-
Filesize
25B
MD5b9d9e0f8902d129e1aeebff0ae7b725b
SHA1cb0d2b4c9dd60a5c1fc6261fb581bcd3416fe781
SHA25625a822139d06016af8be1296c0242b60e35074f94c713e03323636be1162ce91
SHA512f158a9dc753e0cb41f71a98714ff02198c576bacdd792a6153fdaf6f9a7b52d8cfb6d09099a269d0c1b0d31e2ea5a307ea1db85115bdc6797887a6de36d597f6