bbdd5aeb146a5b078cb3401cd00c7a31873034d349352b9b99d7adedaefaba1a

Resubmissions

25-08-2024 06:54

240825-hn9las1bpf 10

Analysis

max time kernel
7s
max time network
133s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
25-08-2024 06:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ecloudy.apk
Size

9.1MB
MD5

984855030f65a7039a613df2ed788988
SHA1

31910e6aeff36bfb90663efbe5d286ca6b3d9cc5
SHA256

77fb7b09edd9b6cecf00f7521c927d71ff7e21f433dca9a3c0bb56a191219c42
SHA512

317cd04a4fa83dedd5c1daeb5fe37b9e4596dbc1e85f4174a0beb0c30540ca7b79dccc2c725aa01032ce66dfb40f99d3cfc51c262652ac7693d2da3fba9ede50
SSDEEP

196608:/qPPYxvpie2SBsrebm1sCuQZotZxA8/FjmnKmo1rof8nPjDx6oPgZGx:/qPPYjietaibm+5QZotM8djOolP7t6oT

Score

7^/10

collection discovery evasion impact

Malware Config

Signatures

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ecloudy.mzt_plug

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.ecloudy.mzt_plug

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ecloudy.mzt_plug

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.ecloudy.mzt_plug

com.ecloudy.mzt_plug
1⤵
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
PID:4320

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.ecloudy.mzt_plug/files/__local_ap_info_cache.json

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
/data/user/0/com.ecloudy.mzt_plug/files/__local_stat_cache.json

Filesize
25B

MD5
2d805b13f2f28dc3ca9bbcc000f49bb5

SHA1
9eac165b4d81258fd3967cde5cc53b53b1dabcb1

SHA256
c8a6624f390568f0ddcb9841336aec6a564460fdaf6624e562b32935b8956f19

SHA512
5db8c57bab36bcf9db698c1dce70318cbffc156dd1d1c1e09e5b7ba60aff07b598ebbf26c4bd8a2b03bd6e59ef2dde2d944a22a8d8a19ecc8378e83afb7c83b0

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads