Analysis
-
max time kernel
47s -
max time network
134s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
10-08-2024 11:20
Behavioral task
behavioral1
Sample
Application.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
Application.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
Application.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
Application.apk
-
Size
6.2MB
-
MD5
d61568a1d7d387b947d82a52c0aa3dd8
-
SHA1
1a14fea48bae04f4670f14e8259a58d7a7ef4032
-
SHA256
4332c47f1f127b151349ebac341f9d9d479b57576016fe8607edf1516858e695
-
SHA512
cd1d8578495042fd3cff37000b26a42482f3a8d4d1eec6cd2203a80f34928759deb3b0356922794e08fe0db7c29e1eb07f18d45847907e902ca479647fa6ca8a
-
SSDEEP
196608:H5I3DTeTyIuGp83WXC/YGJYSvkgdQ+31T4obkajQaqnbK6:H63/euGW+CwGvrlTl2aMbf
Malware Config
Signatures
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.spy.ir -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.spy.ir -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.spy.ir -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.spy.ir -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.spy.ir -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.spy.ir -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.spy.ir
Processes
-
com.spy.ir1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:5003
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4B
MD5098f6bcd4621d373cade4e832627b4f6
SHA1a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA2569f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff
-
Filesize
16KB
MD560d2dec52efafe00774a6d605b3058e9
SHA1cd8dd69b70e93051b6a1690af688eb332b6acf0f
SHA256146aea9943c6b7eceddadac6c0b04022aed798b37c9ba3d1dfb5281f465403e2
SHA512d0550065fb205587359c665d5408f94be09009f286bbd543af14b0fbbd3f27da0ba32bdf985a75e78f5bb75f85256e4a13fca64f5f44c1e50db7bf13e3d90f73
-
Filesize
16KB
MD510336be88080de13308435ca7e746b18
SHA1715a9973d15f75fe7a2ab26df9c9ce48a45b788c
SHA256aa28c96c2dad757ba5201767f239f828778ba6da276bd0fdcff6df098ca7e4c2
SHA512c31b2f024c8abbe9a48ad052cca62f565e3b08605225130667b9c0559b913ab4c342da063a802f4ca114338798368f91302d936479cea78eddeeca2e48cad86a
-
Filesize
16KB
MD5c30cf27c46b5295854a22f8d10ffee4f
SHA10d4b1f55e06c112a8bd5435e3220c7bcac79008f
SHA2565d3502ee8320f4f80dcf92586c8b743f0b3075ad403dca8950b69ad529e6976c
SHA512b1504f71791a089a7938ee77a3d3266d3942c13fdc43163793bfd8b7ca823e74b08bb9d3e3ac1e6ff1f1fac04e5bebda16e726c2dbf52ac578a116d8ca9f268e
-
Filesize
16KB
MD5671e0361527933f01cf6d3e82f5f1f6a
SHA1261ff8d980b900caa463323888b504ce1f924adc
SHA256506db02bb65551a528e528f0c7609e4b2b40f355c46bff2876069c8aa903d3a2
SHA512da1264e02cceb1933222e62606a743534b8bf81cedf863a972ded729e8480e4bc7a99686062ecf98c86611927c30be40968a8a0c37f50cb763911cce08698b28
-
Filesize
16KB
MD5adf6082723784327d7d1b34adf974e7d
SHA1b1502f70eb881a1dfe41139cb719fefb877ee37c
SHA256252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9
SHA512762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b
-
Filesize
16KB
MD5eb52a90bb70b76e946b62f50b6f7fb85
SHA142d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA25648472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c
-
Filesize
8KB
MD547d80e60402789757d36668283835604
SHA1fbc759165b8fdc7c7c8cee5773f7e2d00e2d9308
SHA2569b00df38f825991622c4b82d6c34f6024309856f74eebf357262d32bada500e7
SHA5125dc21b1361c4e68468bf9097bb2203fbe45ba91c4741c5f61c59ced0c2213a6d5449bfc196cef97b1057be46a7b052429b0bd1656a76deeb293548d022656069
-
Filesize
4KB
MD5877a9b3d2d27dceb0fdebfbf69d6d3bc
SHA13712df0e84ce7110deb2241fbee1260a6ea2e875
SHA25645e40b9b2d8afd88e7082714ef3e62fdcd4dfd0578178b96563da32bc35efb4a
SHA5128fe4211b80b5ea95e1a8dff3f0fa3dfea94cb15450ad1fa872a5bbafd1e48b9afc89b1de2a1b2a55bb614ea70ad8da77e445ed9511226da47eadbd804303dd11
-
Filesize
8KB
MD5f6fbc7da7d8267578efa7bf759363358
SHA143b7299e6c02664dec7e1adcc7be996daeaf7cc5
SHA256c29c774584d224026270eccae1185cd6e466817aed18d080b5259a604efbf22d
SHA5129b04a5ec8da3f40dda9e52b839a8140723e79d7a6f7c6da8d1d46671e1f30b8098940e2c48bf18cbf09f5a99d0cd08899f48b86d48d106bf849a3fc4662750f0
-
Filesize
8KB
MD5770b6c222d2bf7146936aa932e138291
SHA1572675c326764e349e8fdf1323936da320a1af21
SHA256a8978c60cc88bfdb2ce4031554bbb45dd4e4cc26f107da35123f079d13f89b7c
SHA512f45e7f6d461d43843a3b479a7b0be0e6478fe6219b50c4a9794741fe791367528c77ae61e1f70ec1e86605916655a31ae69a25a1947b6989cd53bb53b4c331a8
-
Filesize
8KB
MD5537357d14d91f4160273ba6d495dbd5c
SHA12d26604da0b643fa865900be2b6b95ca2ef436b1
SHA256c8410167e7e982d72288c0aa89f9d0458ad7664b74bd6063f06c1c1b1dfd7f09
SHA5129f6e80e0e55e73b8ae8e9566c804665627d9aeae347e4bd5b920f2cafeb8ca2f13285a341b81a76e965303beb2361a4b329fa410b1577e795057e872f97818bb
-
Filesize
512B
MD5a19474850010e31d324a8415ed3be049
SHA1fa979686ae91f978bcea2f052b74fb85ba7d5aad
SHA256dd0f75aafc923fc9211e65504e4112ab297fb72f701ec41e6f9f93f6e44ccdb7
SHA512618fdf71532ebfe044a4eefe16cd2c6303f8cbab141a22737286c19b93173533a4877ec681b2accf833fec6018bbab9c64e9a547dfa9d19b1f893d1da98d100b
-
Filesize
569B
MD5325353e4421855f9cfd13289b9a62758
SHA10450a1555b9d24c3d6473123b107fd3702805c5e
SHA2566ae6b956674d423f0f786d91e51b12990c735a0bc5cf1ceb1ab3a7a73a20315b
SHA512a3ef95af652bcf8e3768f61b2e1bbd2276e678ed10ce8dedd8bd5e63b2d25843315d2eba16079bb77e136716dce379abcad9735440be522edc5f5ab01a30d404
-
Filesize
90B
MD55a70b86ff473d64cf6931dec3350475e
SHA195dc389408713e3c91666fa1878770a944203307
SHA256b70f69ef5d7c989eb8d4d38054ff39813f13eae2612c1469ce62f16bcf848504
SHA512014dba383ab31b2f45394d1d5313f6d5e021a6f94e6c7e7a11eb41fce1629e2a95beaf1d914a709fb5632dad744c58f6bf16d9478a99a4d17214e83dff0541d6