089c11073ccb76cebfdc2aee871b36ebec00c48bdbd857c34bfb10b416d3fed8

Analysis

max time kernel
28s
max time network
167s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
22/08/2024, 22:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

089c11073ccb76cebfdc2aee871b36ebec00c48bdbd857c34bfb10b416d3fed8.apk
Size

1.6MB
MD5

55efeed680c1e4b1d155c2eb37d89203
SHA1

97443ade61c11e283c66bac191abf25ad9754571
SHA256

089c11073ccb76cebfdc2aee871b36ebec00c48bdbd857c34bfb10b416d3fed8
SHA512

e9d7fd9204e94bf8d1ea034684d54350868ba4193e02bc944850e0ec9d3e1d5e57cca9f2e919325f883ffb872455f3099fa9680427752edf7939c49a831785a9
SSDEEP

24576:SaGE0JbzdOgHkGFdrgNLW6KQSRQOjCpCbbloBvgyv793pgSw9b/72:fGEEzMYENLWGyD5bl0Ph3pgSwRz2

Score

7^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.anjonline.android

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.anjonline.android

Checks the presence of a debugger
evasion

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.anjonline.android

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.anjonline.android

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.anjonline.android

com.anjonline.android
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:5058

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.anjonline.android/files/profileInstalled

Filesize
24B

MD5
546a5066f3c665556f5a47897640dc8e

SHA1
d64bacddd99d217fbdea3eb043487691ff495e02

SHA256
fa67fac6b0c06a862fa395dd02c43f37a2a32fb167c4c4296616414d01a7fcd7

SHA512
31b39b03bd235d4c0bd73a234752813fd7906c2d74b92a3de9f2c106c461fcd49d6fdccc4436974566b5f3c10222fd4b3d3e63b361d6a596ef220f4ec1a6fcc5

Download Submit
/data/data/com.anjonline.android/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
9215a166e3d947b856805417ee4039d8

SHA1
a089bb7293d05edac504ef3caa9aeb3727c7d134

SHA256
bac2db8a521e8b10f4eac70c222d1a08e77ff7c06a8c0299302c0273d6cd36e1

SHA512
33ecef68ec79546db398a62605085e401ebaa0a786269bd7a15a3699fa4d396fd2273ed0f51b8a5b82b86e027bb9f94abadc07444d5a4c69c0277aafb1d0ab4d

Download Submit
/data/misc/profiles/cur/0/com.anjonline.android/primary.prof

Filesize
1KB

MD5
e8a279929a4880fe883ed4b5b7d30d7a

SHA1
f9e0aca36a1b0c6e6c1c238e28ebccdde1e6addc

SHA256
68d1f7d64b2b7a748b582e0ddba8186879d9f819c716155de1383df2c255fd53

SHA512
d9f95a7f8d240fbc332324fc522ced67d24f3051f89bbd384d2416de263edd7bc218083ac7dd5d5a259cbddbbb311c4a33be27459a6cf5253e877afb0969588a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads