e4d7484b888deceefeb17ee346821a0c9d3112dffd5ad57c71f4df7d304580b8

Analysis

max time kernel
18s
max time network
154s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
20-08-2024 02:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e4d7484b888deceefeb17ee346821a0c9d3112dffd5ad57c71f4df7d304580b8.apk
Size

2.0MB
MD5

71f6cdb3d8eebe1c8e7e26896238e571
SHA1

019134386a6d900d61285e5e986249928a9504b6
SHA256

e4d7484b888deceefeb17ee346821a0c9d3112dffd5ad57c71f4df7d304580b8
SHA512

740e8bcde7462b99972ea472ee0cae53f4f61fcdc6d9ca1c8c44d0661323178c891f7fe82052cd7bae7239d7a953a6dcdb5e6fc42b28cd4acc9e1634e284228b
SSDEEP

49152:I8FjWz5Kzip37zl3fg1S1RvyzHth1mFI1/3Go1eiUMG1VummJwga8TGi3U/kX1l5:IIhup37zlviS1GHoFW3aiUM6ummJwgaE

Score

7^/10

collection credential_access discovery impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	pl.spyone.agent2

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	pl.spyone.agent2

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	pl.spyone.agent2

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	pl.spyone.agent2

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	pl.spyone.agent2

pl.spyone.agent2
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4966

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/pl.spyone.agent2/databases/database.db

Filesize
76KB

MD5
dd46d6cae176055d8617ceb3d40f1d96

SHA1
b7a971b5f755f7fd5f9041bb1a0ffb1a74d9dd57

SHA256
c4d2fc19a3c54c2d2cadde804546ce6f62f960865b829ea240026e1ea2706e96

SHA512
54d353f7e746aa3935848cc2f694cd6cfbd1c59b6f56e276b76fad0f0a4c8ea09cd4835be8a8ccd615a7714d3e212a091d93a2b3b835f4ea767c8ba5950a5516

Download Submit
/data/data/pl.spyone.agent2/databases/database.db-journal

Filesize
512B

MD5
f9acf141cff86540eb1d95deb1442f98

SHA1
df105bd206b5b2bcdbf9dcf51b8a318efedf03c9

SHA256
d11622d68f2766f5c8a51bdde56010816686700d36ca031416737c572387b7b0

SHA512
d9cf7875e1df80138e695c0dfc6f4d9d3e46d7d2637ffcf1e830dc6f835f3cfcf6e58b226b4a1e215b3ee800973ff3daeb4ed6e7673d8e4e566be2a318ddbef2

Download Submit
/data/data/pl.spyone.agent2/databases/database.db-journal

Filesize
8KB

MD5
4669c84aac8adb4a9c5d73f7c7dca99d

SHA1
6a8c524957719ac07306d803c948c31559d6c3f4

SHA256
0a8ae46005dd93563d96544469b76013ba7dfc8958e7d852c3fd672aaf6f9c5c

SHA512
934ab658b3c505bf39e8ba5a454c4d5a39ecc212816a504bc03ef5a5cb290f65e360b1bb9be89f5796571f34b63f489ca21e69a87291eb5e6be99852a3838d8e

Download Submit
/data/data/pl.spyone.agent2/databases/database.db-journal

Filesize
8KB

MD5
fc2405eefaaa5389250d05dacf3681c5

SHA1
d69b7866b4a096c28cd92dc7a477d6ee8eb56eb9

SHA256
541decd26ba1bf77156709f4c3892e68ef8229806e14a60801fe328160976239

SHA512
3ee2c55ad602462024a25f6a13f11435e84fba55729bb4203ee6d8e94aee252959dfdc1190b58ae4da6c37be1a2f4ff91ef4ab1503432c92bab6807100076583

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads