c15cbcb496d42cefc7fca6929ff6740fceab9c28541a36113689df21008f126d

Analysis

max time kernel
46s
max time network
156s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
08-08-2024 03:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

com.companyname.x_9club-Signed.apk
Size

36.1MB
MD5

ac5e39e0a1f3dbb74feca518033ebd1d
SHA1

8d91c3936fda026a7675bd7619e7cebce27e691e
SHA256

c15cbcb496d42cefc7fca6929ff6740fceab9c28541a36113689df21008f126d
SHA512

effdca10d025fb9f129edb50d5390e9cf1c874bd7de5629e4e4eeed18a47f7550d74be79536682fd5b7c7b8435e51ace36e4e919bebfd281528ee9e4cd5cda85
SSDEEP

786432:5IT2YUBbxhAjJqW8QxJ8AF1yrQ9E2O4dmnogtbEE+Ox4XOueWbjaZAfgClgcOklU:JVdA641yOIGqMaRK3Fc3l3nDR

Score

7^/10

collection credential_access discovery impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

Processes:

com.companyname.x_9club

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.companyname.x_9club

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

Processes:

com.companyname.x_9club

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.companyname.x_9club

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

com.companyname.x_9club

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.companyname.x_9club

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

com.companyname.x_9club

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.companyname.x_9club

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

com.companyname.x_9club

description	ioc	Process
File opened for read	/proc/cpuinfo	com.companyname.x_9club

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

com.companyname.x_9club

description	ioc	Process
File opened for read	/proc/meminfo	com.companyname.x_9club

com.companyname.x_9club
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4964

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.companyname.x_9club/files/profileInstalled

Filesize
24B

MD5
537bc7565c2a61a2f096c2339dfee5ed

SHA1
20361015e2f98898e8909d57e3b25231f2b5072d

SHA256
5dc453137d3cec28f0e9150f436bb50e351cbcb8fbc9225430071207041ff358

SHA512
1fa5192d0f2b65191c3072a14f5eb428fb4bb214dd915a7cdf5ff499cc5b89977481b948a91484611ed1627c335651a4bd06f678a8726145b54d95644f73aeb1

Download Submit