1790b8ab36fab5e91d13e2837178315a00fbc96858c3513e41cf957c0f6abb16

Analysis

max time kernel
53s
max time network
137s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
22/08/2024, 02:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

com-mod-remote-fingerprint-unlock-mod-apk-v-v1-6-3-42.apk
Size

4.0MB
MD5

08d65939f3cf421e4859061d42c17895
SHA1

b78e5f467299d065cc1a78c11b09fa0260ba8d66
SHA256

1790b8ab36fab5e91d13e2837178315a00fbc96858c3513e41cf957c0f6abb16
SHA512

46ac764b003be35fc007ca96cc0ed9d1578176d89d44a6ac292f804c8b9c5e172d0beb2e066d1f44d4b4899787390e39b909a81bfb609775a43f16f0e60a2ace
SSDEEP

98304:7ubAGfg8tsCbbKnSnrc4c3oaGNANFK08wVPxanmOSJ3mSbv:79gPbK34WhGNAS082xanmxpv

Score

8^/10

collection credential_access evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	ro.andreimircius.remotefingerauth
/system/xbin/su	ro.andreimircius.remotefingerauth

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/system_ext/framework/androidx.window.extensions.jar	4331	ro.andreimircius.remotefingerauth
/system_ext/framework/androidx.window.extensions.jar	4331	ro.andreimircius.remotefingerauth
/system_ext/framework/androidx.window.sidecar.jar	4331	ro.andreimircius.remotefingerauth
/system_ext/framework/androidx.window.sidecar.jar	4331	ro.andreimircius.remotefingerauth

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	ro.andreimircius.remotefingerauth

Checks the presence of a debugger
evasion

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	ro.andreimircius.remotefingerauth

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	ro.andreimircius.remotefingerauth

ro.andreimircius.remotefingerauth
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Checks CPU information
- Checks memory information
PID:4331

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ro.andreimircius.remotefingerauth/databases/androidx.work.workdb

Filesize
4KB

MD5
0eb157e1a86d4d00aa601dd2f6ff3ee3

SHA1
fee434f784e73cc7916322e949f727caf8363102

SHA256
b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4

SHA512
b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8

Download Submit
/data/data/ro.andreimircius.remotefingerauth/databases/androidx.work.workdb-journal

Filesize
512B

MD5
329318967ccf7ac2c3813090778e2fb9

SHA1
830638fda0303477b47c1c7282e24bfd853fc604

SHA256
93f8f049af332dab03cd1d25ac601edf5cd3bfdfce37bd3e1ac184db9d7ac89c

SHA512
9021c5ef8e50fe6e20592add5e2727e39a6cf463abf0e77d69b220896ae786f968d618dd5ea94958728361b62e5b0a453ac6e21808e160db9f8653dae49fa602

Download Submit
/data/data/ro.andreimircius.remotefingerauth/databases/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/ro.andreimircius.remotefingerauth/databases/androidx.work.workdb-wal

Filesize
88KB

MD5
a796a2e2bf4f3223d98870bb59a0222b

SHA1
8d567a90e2ad20260a9bb34f717e1c0027c43301

SHA256
4ba7ebf2c60aa35b070647004e0b84a30ad256cc3666424deae33f1003a92912

SHA512
3f43bc9b1c2bf7117dd8b3ce5eb6f9b8ed3cfc3f46c93f33c67e39738b4a511756f350696287b03bca1bff53d23553a1671eb8e86488922919b0d299eed3e6cf

Download Submit
/data/data/ro.andreimircius.remotefingerauth/databases/androidx.work.workdb-wal

Filesize
16KB

MD5
108a1cd683510f55cc903735e1284740

SHA1
7626b34c956de9852db01093294310127b195af4

SHA256
036b0ed2b1130ade79e63eb8d72c7533879c7019a2af5ae98da27fbe36812c59

SHA512
469cb2c5bd72668e704df540daac59434704658c85df825d6fb9dc69337784b3aedca200c776b0c7bce53931613643da2d96d93ce01078d9a17eed1c463ed0b9

Download Submit
/data/data/ro.andreimircius.remotefingerauth/databases/com.google.android.datatransport.events

Filesize
40KB

MD5
571112758fefc013ca64f73bc959a009

SHA1
64b3e995d49a74c647cb467f54fc72c28c5af3bf

SHA256
632907b2357e6d3e99c86012795c6a2eebd1e8c1ee0a64c64878c5c1201413a2

SHA512
ce75b2bf73c4fd98b5391cf39610260fc90a91a7e85388c6074fe7b21f8b54eb88a0d0ce83a3403b496bcaf885deceab36daaae18976dc1f18fa4dd0605e2e34

Download Submit
/data/data/ro.andreimircius.remotefingerauth/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
c45b58509694ded83dbb56cf577c469c

SHA1
51632d51772d69db358528eb7210533bd7b1fdb0

SHA256
53f6b29e3624aab7846c6866df4fb65d7bb82d66f4985c938127ebd8ba9f13a6

SHA512
3f54ad39eccbaf5267437f40f447eef95b8b542dff3393a7a334ea40227855f1c1f80e50c797c49c71f3518237f8e000d1de8a64b9fa47866dc913040989f91e

Download Submit
/data/data/ro.andreimircius.remotefingerauth/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
015ec3c38d25d8c81af3f9b0611aec8f

SHA1
da1177aa702fde5de8892534222d400f1c6a11b3

SHA256
3bfbcda6e0cc2fdfd2b0a653ff1914f82a4c741539b61e181973277e79fc8d16

SHA512
8a8d86efdff567bad3875c8b9266c928d74c4d98131fd18fbfa3d9d9316748f3d8ef1a0408aefbf5b4f7a9ed2f7823ac335d47ac7229e0610d123b8d1f453b80

Download Submit
/data/data/ro.andreimircius.remotefingerauth/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
7a215cc8dc9b265937e789f26aa56564

SHA1
086584c1f1a51e88cd3b951199279c3968c75021

SHA256
7799746ffcea3b7e6a1a53f2ffcd1cd218d0410bd6f5d1e1b51696e83ae5f016

SHA512
6758cf1b607a4ad41155f127c9f64b1ec8cec7e69980f7286dc95608262f02dc117aab36cc0f394877445a12134693d07c068440c57f3f8f90dd0a1dd90c7934

Download Submit
/data/data/ro.andreimircius.remotefingerauth/databases/google_app_measurement_local.db

Filesize
16KB

MD5
62ad4a05cbdca7f47b3206b7dbda487f

SHA1
4f4044cef7b7b1e5c6184ed9025267fc92bf0cd3

SHA256
18b909096c7c61d51ab076ae8e562effb0d4ada28e2a4ecd0e6b88ef58f6b2a6

SHA512
0936531ed1b2b356a247123200739a43cfc765469ab47a424dcd6e3d1176092a212b0a28591d07f8c2d0cc9d2e0eeddfcea8dde314c2f9343783c61075b071a6

Download Submit
/data/data/ro.andreimircius.remotefingerauth/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ae6210364160390e8b19802b19a6fe20

SHA1
c501af27bd66a2f6f8884c2fd1e315a9c96111d7

SHA256
8d2d01d104daf03295330ed63ab8f8f0c261427b649cee27d02ba30087f687a8

SHA512
137fc10f7fb59352214959480db82f633a87f325897e51a67329dedb047f9ebd522412f66390e1bc0141d8b731100b7faf5df8124a2f63b7829f14533eb19a3f

Download Submit
/data/data/ro.andreimircius.remotefingerauth/databases/google_app_measurement_local.db

Filesize
16KB

MD5
8d9f55074cc2d68b79781ff82824d51b

SHA1
383ce8cd64f6c72b8e8cae82614a3731ed3dad12

SHA256
8a1c96f7bf83e6e43a3a0b5a8c38cd6c7151889c605935e88ec4db2c20687edb

SHA512
7cb73265ceff8f1f8ec568f077198a70a7a477fd42874bee4ebe50ea28d8d189007f1fd3be97b1bf61aae299bc14639bfed23f583378357357b6ad9898e8b1a7

Download Submit
/data/data/ro.andreimircius.remotefingerauth/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b35021a4594c3d1e33e6c08e16625836

SHA1
0ab499d321626b00499ac1cbbeae5f782c1dc5a2

SHA256
1331113780b36f42797690bae3e3ecff8d2da17cbf54dff83c65de3318551de2

SHA512
5fd217809469088b126987cf5d1543c621de08748f0eb24ffa5d4f198b8b06d0c55892c21875c5f30544a9c3868c85fa9958b793c2e4b5d40e385d1efe61a8f0

Download Submit
/data/data/ro.andreimircius.remotefingerauth/databases/google_app_measurement_local.db

Filesize
16KB

MD5
31ee65ee5dc11463fdb38900239157b3

SHA1
3b36ab75aae8cd17425ac0061720816eb9887bf6

SHA256
3af18dfc5941373b4cfadecce1ba7a9a9849fd12d21dcb271f479b6533c2f24e

SHA512
dc2f78b95e269d8d4950060011f5ad1ec638e15abba216e643f1f9d88d04a12bb344714c6f6d7b287e199f56b6576c35896f4f0807edc70d9520a4cf0c425789

Download Submit
/data/data/ro.andreimircius.remotefingerauth/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ce71a07a332efc42fc32ce12c1b6a890

SHA1
299b42c6bb53ccdbdaec6f4c64c810c5cab900c7

SHA256
631d5764db57da7a1c6cc727964d59b7887da86622463d6998459a8a91e25465

SHA512
2887b262d72b314bbf70567760ebe33596fa9600306bddebc7e1c19f9ce6b422eaf6c03e73595e54f1b310ff961331d2d66419e82326b1707eab890650d1b418

Download Submit
/data/data/ro.andreimircius.remotefingerauth/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
edc3441f93490ae9c437793b46fddf1c

SHA1
b48eb96451a50fdfed0f5bf60ee30541734a117f

SHA256
b48fd742a1fa7c48bf8a7525416073de3bfb63c66f17a9ab5e198ed9b857fdce

SHA512
e6fa534d69512c2aea8b30ee4fac01a87f0195c6216d142056b9390aa32bd22dd1cbc75feb1610bb6d8a5f00e956cc4827e557bf8d83229e5eb299a0a4646e3d

Download Submit
/data/data/ro.andreimircius.remotefingerauth/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
9f5ea786db43baa2e24a446162276205

SHA1
39ce3644cad643070318e01526fe77841214d65b

SHA256
23f433488d31d1709b50017b8b63d788a56953e13483ed1f3e50ceaced56d9db

SHA512
f592e76fb55d32f27bcdb83c89afc621d71959def4924cd21b911af17c7395c0ab2d14638a86686b319478d0292f6406e58d888148e167ff100eb0c6e2e16b46

Download Submit
/data/data/ro.andreimircius.remotefingerauth/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
23695147ddb4a8f2a1a69fd05cd4aa94

SHA1
16a552bceff5e1224d102e2b63f7c454f33fb965

SHA256
c3bdf5e86796f334c9505c554b1aca5bc6b5fe0bef4c4c4f990f47b7bbe59315

SHA512
fb439965af248e8689aeec8c63b0f971242725b089e9398ba3d42b8743f1e9194daa4086a27378a65170216748601a9651ca1695f580f44abf430373ee1045e9

Download Submit
/data/data/ro.andreimircius.remotefingerauth/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
bed5529fcf42eec3f33f6b0b02d9dc08

SHA1
e5f3de2eecdfa9ca92836c1631be8470e59833fa

SHA256
962b5c02cb213f49797c6d4453b3f513ff5bf8f955a396e4a0b8e33ef241e791

SHA512
31a7b062c156e44158a3e7428a55c8ec046a569f071fbd4e74dc4db839316c63d76647f9ab98bde9183f32829825ac21f80da214c175879f94d23add32809a26

Download Submit
/data/data/ro.andreimircius.remotefingerauth/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
5811f7814d1d42cc59b4833121917f0f

SHA1
55b55a27539aa0fe9bc36d3dcc2bc3e5aa432356

SHA256
8b9f0d61d94126e5b9f83b697b091e31cf3c45d8e9f2ff8bf53136ce04d118cd

SHA512
b1f74bbf233a537a7469179bac3ab854c7c398dc3cf768322b7200723c9858f4a4c76e9e8fef3b81d64ce82ed5e857f3d281816b9f4620b24ab4d06166db6012

Download Submit
/data/data/ro.andreimircius.remotefingerauth/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
0ba57d260bc03d25853ec94a515b2267

SHA1
80f96683b24c96e1975f9d3566137d8a6c7dbb89

SHA256
816addd2a317de9fa241c9ff2663fdfb5c67a2a97271115ba7d43cf16b85230f

SHA512
7017f7806b1ea1e004258df2ed1077cc2d2a547be183112384bcf87e65a593568a8d2fa538f58ac2d1d6ac8ea405eb93d7bc645b6f41edba71a9d2e8d30e4743

Download Submit
/data/data/ro.andreimircius.remotefingerauth/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-66C6A9010042000110EBCD1B55889A9D.temp

Filesize
362B

MD5
dcd6f931aa65a94e187f6d4d9fa50b82

SHA1
03db9ccc1f2b8f9ec4b81ff11b13575f9807d525

SHA256
6d143add9b0483273829ccd07dbddd017cce7c33a6b25f7b92a9bb77af4eae72

SHA512
74ebad02158a5927d707db1c2b67f1ed068abb67593803556ee40a2d2777d77002f1b7cc8711b4bff67757196f9fd429d1a37e6570f13973534a71117a8081bf

Download Submit
/data/data/ro.andreimircius.remotefingerauth/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-66C6A9010042000110EBCD1B55889A9D.temp.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/ro.andreimircius.remotefingerauth/files/.com.google.firebase.crashlytics/report-persistence/sessions/66C6A9010042000110EBCD1B55889A9D/report

Filesize
752B

MD5
683b957c17c97e77c086fc7aceede7e4

SHA1
7f2bef1188cc616bd7b1220ab3ca19bda857e4e4

SHA256
dfcb127de63011b127848010bf00bc8dc4428563ad4ea691cad6a613c6c8a9a2

SHA512
cb730b53467ab2424987e1311ec7cf88c797859ae944b64ed92deb24c3a2735596ad4b64e4088eb7d58802689d5836df4b66d54ef5e22a8373858868c1f7df4a

Download Submit
/data/data/ro.andreimircius.remotefingerauth/files/PersistedInstallation6910520717969606884tmp

Filesize
562B

MD5
6f0050886cb46d281fe05ad421a4321c

SHA1
b6adbe3544b288f272ac676f3860403e3f237f3b

SHA256
3f2508b93aec58cf72e878bee772e866853103cbf30fcf5728604856cc68a39a

SHA512
22a1bae92402b6887728dc052e96ca1d2017ee4147d118a680820c2bb02eee93ac2c72ca84563ea91d6584e4a0c7bcad1d6c6b5b3ebce495500c7e05dbf59bdf

Download Submit
/data/data/ro.andreimircius.remotefingerauth/files/PersistedInstallation713496069138629381tmp

Filesize
90B

MD5
0e0d8bdc3664d2b3409d15c802d9aa69

SHA1
34d106aa4791bad4e5808624bf7236814c2989b1

SHA256
3f5f42101050c921ab57689dfa6ab3ab6df67a760c9987ad646813c22088ed5d

SHA512
da5bf7c1991ac2b2bc2df4495388e4c05b07eea881168c2d5044a5347b8c98ba7aeb5adf01e1e174269c1ae1d1225880e51a239cc77de7ddcef6fb46de517b8c

Download Submit
/system_ext/framework/androidx.window.extensions.jar

Filesize
123KB

MD5
3056e1bdb7d4e19789d0319eff484bd0

SHA1
6791ae47aa9466fe0bca27ad6643f846853bbee4

SHA256
8e6331a07c9f2ac139214c527dcaff2c82d126bbe7bd3420cdc36d6a8c9204b0

SHA512
c790980fd68d9f89e32743bc28846807d5e5947c555f494de47714dec5cbd0c08d81c3260fa463759d1b17a953af3c44ec30b14fb08bf6b29db3837346c9f658

Download Submit
/system_ext/framework/androidx.window.sidecar.jar

Filesize
25KB

MD5
29469324e59dfcc052f24b5af4e7b2c4

SHA1
10c1e17ac6f598037bb51baa07945663645de4eb

SHA256
9195dc6a1c75a841384050240dfc972e48178964993fba6619788625f4b40d1a

SHA512
5e27c2b1431369a248298f2f749136a575005584f9999f2a4c204a0c47adce2e33c8df9f058bdafa1bde1c99e46d175560cedfcddcd8581718ed1d9973c37cc2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads