5175de8c62639156f351a42d563492440884885d38f895475f4f060597e5f6c6

Analysis

max time kernel
159s
max time network
156s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
01-08-2024 17:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

app.apk
Size

2.9MB
MD5

2f9e86a38a6fffb11558d6574f0c34d6
SHA1

3a8dee7c2126324d207495d11088030a887fffde
SHA256

5175de8c62639156f351a42d563492440884885d38f895475f4f060597e5f6c6
SHA512

3646f04d461512d51db50b1cd81e67f34c6c5e21b1d3f8354be5efffb8c32e050f5427ce7305c031d1c2cffdfd95ce47c7079d981ddd746f4e27544fb951f616
SSDEEP

49152:EgWFAXE+483B4UYjZsj51LUg4+/UUwXVF6G8hL8P790ewYJWIzLDhMOJfjMtM9xq:EgXEW3B45ZsjzD/UUcVPO6J0eHsIzLDi

Score

8^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	Com.ukjent.app
/system/xbin/su	Com.ukjent.app

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	Com.ukjent.app

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	Com.ukjent.app

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	Com.ukjent.app

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	Com.ukjent.app

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	Com.ukjent.app

Checks the presence of a debugger
evasion

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	Com.ukjent.app

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	Com.ukjent.app

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	Com.ukjent.app

Com.ukjent.app
1⤵
- Checks if the Android device is rooted.
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4968

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/Com.ukjent.app/cache/1

Filesize
34B

MD5
01290b3cfac490465ea41d2b7820efed

SHA1
e12711d0dd685c86722e7f64c73e846b8530086f

SHA256
c45433e4920c26e10c3f08f58bacce94eb1c407ae0e4b764c942932d69a68f61

SHA512
127e493576d666b159a4c3bb27807e42deea58d9ef1e25c24011ff022b1a0344dff5626281fb942d7fb53785e5816f23a58577c90526bcae10a49439d39a8182

Download Submit
/data/data/Com.ukjent.app/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/Com.ukjent.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
91be3c102af22e119accba811017687d

SHA1
ab027a39eadd349d03c0b8d52d2f657e930af14a

SHA256
9907a3dcaf1c3ab2feb31635a10c52666b215d570a0188b0a2d3a50e50fbca28

SHA512
c3ec1ee0b2a8c2e88502e1c5ba2b9e93fe372ae35aa80425ae30f1eae732d05cb9b45de61202c850a477829c4749745777c75721eb974c914e3187e7339a353d

Download Submit
/data/data/Com.ukjent.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
db161afe6871823b4d5e71f9ee033bae

SHA1
d7de7d23558abad3696588ee59f3a089515d5c05

SHA256
bd53e3a2de71d0fe01fe71a918ce6f3b886977e492d2e4c8286b3578b644f8ac

SHA512
cb15a98a3bf520833f4b91d589a7acd7f7aa009f38609db18ff602bfe11d29e2ff2d087a4f82f3cda9cccd69d81ceb6513cdeeb3f90a19063f1be9e24a50888b

Download Submit
/data/data/Com.ukjent.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
001fe6c5afee33e90018486551634aef

SHA1
d472a79f814837ba231205abbfd79a56f2918428

SHA256
a2c3dfbe110edbfec6370863569b2ecce133cf0ff8328892e451b4884e5a3caf

SHA512
68399570c52c56394c05454f3b41faf32e59617da35f9dde80a0d4b2277049136fc7a6e9f5ea1affdf192e609f34197a82ccb7755d72924892f765e84b48dec0

Download Submit
/data/data/Com.ukjent.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3dad08cc22d66851afa2dfa46534f88d

SHA1
e4c4b62e59710797c67c2de207928a9718973f10

SHA256
8959a0d2b9a04d8dab042515a2afa38f387e3693792c5464b4d3f68dbbecae01

SHA512
3b59fdf65a09fe8f31d9077d617893d6bf38b1f38a473a6d28b2f9dc216206f6103e4be9632622c6cfd099d5c48c624ce60d3a68f6a489d5da59505f0207372e

Download Submit
/data/data/Com.ukjent.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
adf6082723784327d7d1b34adf974e7d

SHA1
b1502f70eb881a1dfe41139cb719fefb877ee37c

SHA256
252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9

SHA512
762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b

Download Submit
/data/data/Com.ukjent.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/Com.ukjent.app/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
3e76c1c5e67cb4d690f211f94acafd6a

SHA1
cfa2938aa0f41d5a80b562df2f4240a6900b3176

SHA256
50269eda5aacb32e00e58225465bea4043bb8074d63284ce979e202a3ff39cad

SHA512
57f29d382b71495569a7ce6c68895fb28e41bfa2ecd5fa0bfdd23932f9999b5f4cf40a191393c27f7bcd5c8ed8be9ffbca7284c4d02611e08977a818549a60b3

Download Submit
/data/data/Com.ukjent.app/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
6342f8da25bd33f29f88dab010b8f657

SHA1
5abe93afa461ef58112ea693882a792d77529a3a

SHA256
790f675b80c1d7fc36a45a2bbe208e773372c73a30003bbe882f633d954adb46

SHA512
b74a85d955f4210c5ce0d5c488507edfe284d58d006c0a948d096cae50c17036e38281b41045c6d59effaa11acdddf7ce9bc190591c34e59c1526c6f15f6df6d

Download Submit
/data/data/Com.ukjent.app/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
b780b89eec55d955992ad2290c984ecb

SHA1
cfa43beec71a6dc2d43d6ca0d50c10caaf4d8991

SHA256
a3d45dc851af6f9bad559011165f250f6dbf516d05ddeadf5a767439f7193704

SHA512
f54637b193b350ad437c3da40a2ba5ac8ecb902a43bd93db62db84db68fa645627879d4ade012e6342325985dbd0990e8f86721eae2d73a957bb99274ce799f1

Download Submit
/data/data/Com.ukjent.app/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
affd368512169048bd7a91c8e8ae0e0b

SHA1
3340f1e22db92dc01ed0b50e34465f8f026073c9

SHA256
5503cf0eb89549ca29fee08d818aa92ae2b77c62a096d93354fccb1ef2598c8f

SHA512
c37c95fe25df5dbce583ab3e851599cf31cdb707e98bfc4464dfaa5c10ba83c30c12d49c20d708ec74166082be24962470d8ef0b19c0e10771b1455bcf5ebaa8

Download Submit
/data/data/Com.ukjent.app/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
e8cd8ee026b7c8987d0e3c469d40c6b1

SHA1
5794bda9874c092431cbd8c35349b4434aaed676

SHA256
d320cb12fb1b69d71bb87049ccaec2cb4ae2be04231762984c1da55b9b074b29

SHA512
a33e67a85a0ca8a375ef387b4ddee9d9e96962a9355dd9abe733959b1d03f6617bd1bf8debe3c36f14dc694015e64adfe978a08ba3def8e93d35098a3091614c

Download Submit
/data/data/Com.ukjent.app/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
02b45d8978f329c6619a6104ab259f9d

SHA1
1253c476a3adc8fd8372e5268f9afedac8762793

SHA256
a07afb2bb678f92338a0d28e9d4302425b58ca0be6d382d527d17f1691a1eb57

SHA512
7a99a69e2fc4b9a94e0e947c93cc1557bb3b9723cbea204bb14ef7354211498d208f4dc8e8144b05c5da922a42317dbf859e813a59ed33c3038d334e8ac18c22

Download Submit
/data/data/Com.ukjent.app/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66ABBF920079-0001-1368-3B9B76A25536BeginSession.cls_temp

Filesize
77B

MD5
ab1607ca57a11b08a9a9461d20208b33

SHA1
432936ae1723ddfc8dc996d3a28c6648e6eea20f

SHA256
d0e1aa3cbd12215d712850bda67c635d666516044355f29df3e4486bc14bce64

SHA512
4021bd01a9999397da14208f39afb7940d1a0aa091fbc83ebb1dfe6a4f9014b4b25268186f3f8fb30e9f47bc389e9bfd8913803ed6fe274690c4b2a3255becb1

Download Submit
/data/data/Com.ukjent.app/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66ABBF920079-0001-1368-3B9B76A25536BeginSession.json

Filesize
132B

MD5
caef68f8b68469346c1b3e05409b21b4

SHA1
202e977ca4890d68d15141eded8b58155bbfa2ed

SHA256
4eff015473c53d962a7a2f27031c44f5b6e7f4e0616c558bf85740df5c777e33

SHA512
3c7576639b5e1be5435828276f33d13e59a3d178f516d4468b016c9c0c9d9d16986b3f601981333743eb9ff10e65fd6ada796d912587ade77484b9126f9fd99f

Download Submit
/data/data/Com.ukjent.app/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66ABBF920079-0001-1368-3B9B76A25536SessionApp.cls_temp

Filesize
106B

MD5
e4f16a8c505350b794055c5d7f2301fe

SHA1
736b0d15fd29080b926d365fdf6a3faaa4737c38

SHA256
9d7c7e723bb4e2c078cb4b626d0271f57522a53fb1f6578e271248ee9d3d0fed

SHA512
552f7d67ef31a475cafc54286d0490cab632d092d181c3491b44e6a617c4d8c80ed55715e02cb4cd4425c61f6ccbc2d68260d22cb6dd2fbaac0bac42e189d074

Download Submit
/data/data/Com.ukjent.app/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66ABBF920079-0001-1368-3B9B76A25536SessionApp.json

Filesize
220B

MD5
b52b9defeaeea1ec2853a125850455a9

SHA1
93bc994cfcc802b9ad424f2ca94cb4f0d3d61846

SHA256
c611b0cdadbec80d21bd6f87477f3c264e3753ccc618f6a98e0010f502400ed0

SHA512
33a53b1765df32f44882af288e49411552ac371fdc8e2687ce4fb2d857b0bcbaaa88a8d6b4b6f369309c45239bb121e02ef3ba595a96d6e4b11ead7dab1941df

Download Submit
/data/data/Com.ukjent.app/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66ABBF920079-0001-1368-3B9B76A25536SessionDevice.cls_temp

Filesize
48B

MD5
2390c1f21db00b20c07107e3ec7275fe

SHA1
e663a646460acc071aebee942cc1776c23d77655

SHA256
d348072a01496839cfcde3a18866423aee74aefd613fa3bf1ff4a203ef46a699

SHA512
43ff60754eb60795ca1c318f44dcfe49194add26cc3d92c2eac7bef538fd65b6290f2e5953b8f1693b9425ebbcdd022ab16a18280146ee0b0c2eefe27bc0bd63

Download Submit
/data/data/Com.ukjent.app/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66ABBF920079-0001-1368-3B9B76A25536SessionDevice.json

Filesize
202B

MD5
afa07370d07ed0a8ac9554ee7001bb72

SHA1
d1e9de22fda1295087525ff3a377f7d7dd410ac7

SHA256
8d4b99fc4968c9cdff4626ff6c1467cdb427f7a597b153f03b4bfb62dde6c07d

SHA512
a7a974b1c4ca3d7ca92e1449dc9718d5ea2af7f8e4c605d25c731fb4bbe891fdf340835e2a4e3a363558744e5ee30aec22542f377eb5bffc0097c70d24f241d1

Download Submit
/data/data/Com.ukjent.app/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66ABBF920079-0001-1368-3B9B76A25536SessionOS.cls_temp

Filesize
15B

MD5
2566d27ce8c28d8961f082c375d7535e

SHA1
92fe585b1a2c9c523d2fa1f65ab5c1b6a1a6edaf

SHA256
5acdb54ddba2e264f6822fbdbc4e9b5158f57d43785c2f01d981956b18f7a90a

SHA512
1c70679bbd25a57f9ac02083d5af0fe72b1417cf3070a195497f03d6f492e87b1ed3f570de7ea7c814c995a1530e32610d9570f31a480648f4062e8d3287be8f

Download Submit
/data/data/Com.ukjent.app/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66ABBF920079-0001-1368-3B9B76A25536SessionOS.json

Filesize
55B

MD5
5caea4b68c57072f7f52a5a41720566c

SHA1
4d9712f1702c7238949da43f7d8ae6efb233a666

SHA256
3223857b618b924c2b0fbc7bfb373a1aacf300a7b5ab585e18fffcf19039f363

SHA512
fe1455d21c521aeae3292bdcc386f6d2005dc253930c03e44dbcb972f96b849670d2aba039ea59e1a5ebc0350e6315151d17bcda55c161a62987d4bb01e91f9f

Download Submit
/data/data/Com.ukjent.app/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
396B

MD5
0cdc48a34593dc5b56859b3ce714beda

SHA1
d78766a8216454be380ba83018f512d83b45fd74

SHA256
c4b30a823f9321b3b9707c3dd3d9c8ec79a544e83ade6327d2be2b0f999498db

SHA512
7d3b16d2f94de1ae0fed87ce7a514896dc8a8af38f2e8f32092ca175683285674ccbdd9927370c3e1c1694fb6a05dc973427a1dba7fb55209b141031c8ad3f81

Download Submit
/data/data/Com.ukjent.app/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
779B

MD5
fa59efbbeee30eed0f8ef921cf4ba7b5

SHA1
a519b61202d8a14c7c1ec8622373dbedf0ea65f6

SHA256
99fff1f402a511b13f34352e1a36d6b4142b57ad87595470fedd1306606f7e6e

SHA512
81ee5f7eaca1476bab1648619f01c1c9f98d00ee0d356d7a81f81f32773f11331fe51509595444b38bbe4c8ea595ab6b90b58e1e3fd7959711f4971e7de991d1

Download Submit
/data/data/Com.ukjent.app/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/Com.ukjent.app/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_9623a529-f2dd-4902-8a01-6110c0cc12d5_1722531732632.tap

Filesize
331B

MD5
6140c895e119b3e115c8f50babb2243b

SHA1
b0cbae81a1324f72a79a200e0bc0aebf2333117c

SHA256
01d4a63ec3c93f67c6375a6ee64da82e63bb96bc9b954e5d22a163f42161fd08

SHA512
3dac991be3c7e417d49758a6ce7188cfda8cd5ffc6554541dd2c359d8c9cc3b6f8bef57b2063972a7f88a7ec643c3418d3eda7b506b8623d24a8bc215c5e2205

Download Submit
/data/data/Com.ukjent.app/files/PersistedInstallation3812151521812869475tmp

Filesize
570B

MD5
c04283b4262fc00fd8df05ed8d6ea455

SHA1
efc945db411367f484588733a1d668f4df44c10c

SHA256
415bb6ff0c125f64e91c2b86a66899e7c7bf9c64bd2e83f12b5d4d2b2ca08f0a

SHA512
fd1994a5d0568ad746e3b6b525a0beebb2f3aa5cd70d99c079f446bb522553b3cfb7becc8ecb53edd191909ea2e0fa9bdba0478264d827b4ac02edcc3ab3519b

Download Submit
/data/data/Com.ukjent.app/files/PersistedInstallation452683181318530566tmp

Filesize
90B

MD5
03019af1f6f954d06095a52271515e93

SHA1
4e965acce109de23950df09f2953cb8d00142449

SHA256
aee37de514604dc695135d335ad5d26033a97c9c65956d1a33c32cf07b4a4ef7

SHA512
207d21e5434083c6fe0d9e5180a69631887698b99bcf97693d523d673189b01d139aabfa2f3b33e31d902e2d1901e99896126ce10902c56e882c477d8e982817

Download Submit
/data/data/Com.ukjent.app/files/starter.txt

Filesize
4B

MD5
b326b5062b2f0e69046810717534cb09

SHA1
5ffe533b830f08a0326348a9160afafc8ada44db

SHA256
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

SHA512
9120cd5faef07a08e971ff024a3fcbea1e3a6b44142a6d82ca28c6c42e4f852595bcf53d81d776f10541045abdb7c37950629415d0dc66c8d86c64a5606d32de

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads