4bcb6951c5f78c646c19771ff58c2ea749e734ae3fa916f130aeee8e083ca2e4

Resubmissions

29/08/2024, 15:33

240829-szp15syflh 10

29/08/2024, 02:14

240829-cnzs7szhqm 10

Analysis

max time kernel
79s
max time network
131s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
29/08/2024, 15:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

k.apk
Size

3.5MB
MD5

fc91f5ec788858dd0bf446840404b54f
SHA1

bc137d65ca80518a8142dc13e6aebfcccc52170f
SHA256

4bcb6951c5f78c646c19771ff58c2ea749e734ae3fa916f130aeee8e083ca2e4
SHA512

3edcf82701d7efd9000403c30f4511a485e979a81d96175a3e63a40886c6d5f6541e70b8de0ee10ca21399c1f1c872562c8bc9b7d335608395ffada3006ffd0c
SSDEEP

49152:tmqmsPEvtj1o2POM73aZkSPzBpKjGCZdDV19CLVtr2ps8aA9wq+ID9+G1WV7d6lz:tmqmLlj/PH3PcDOB3Cnaq859RIIR

Score

8^/10

collection credential_access discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	com.juzyuwqt.thxxnjvf
/system/bin/su	com.juzyuwqt.thxxnjvf

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.juzyuwqt.thxxnjvf/files/dex/95adbfe2f455c0ae.zip	4321	com.juzyuwqt.thxxnjvf
/data/user/0/com.juzyuwqt.thxxnjvf/files/dex/UTIwzInMxrMbXrXkJ.zip	4321	com.juzyuwqt.thxxnjvf
/data/user/0/com.juzyuwqt.thxxnjvf/files/dex/95adbfe2f455c0ae.zip	4321	com.juzyuwqt.thxxnjvf
/data/user/0/com.juzyuwqt.thxxnjvf/files/dex/UTIwzInMxrMbXrXkJ.zip	4321	com.juzyuwqt.thxxnjvf

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.juzyuwqt.thxxnjvf

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.juzyuwqt.thxxnjvf

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.juzyuwqt.thxxnjvf

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.juzyuwqt.thxxnjvf

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.juzyuwqt.thxxnjvf

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.juzyuwqt.thxxnjvf

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.juzyuwqt.thxxnjvf

com.juzyuwqt.thxxnjvf
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Requests cell location
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Checks CPU information
- Checks memory information
PID:4321

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Location Tracking

T1430

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.juzyuwqt.thxxnjvf/databases/privatesms.db

Filesize
16KB

MD5
8a10f85bcb419b77dcf49fbcf348e67d

SHA1
de45210ab1cae4be6ff7485386a0be8abed04faf

SHA256
a0ff1b8c48b78918fb218515f955a788620ea0b61002f73febba862b47092dda

SHA512
8662fc33368068066dfa7bf3543e6b1f68c857699991761afca16c5142995efc4074bac500044591b3af1c221b466bbf4a3e562610494b42cc2019e1f69b1226

Download Submit
/data/user/0/com.juzyuwqt.thxxnjvf/databases/privatesms.db-journal

Filesize
512B

MD5
e6c1b4d8841b3fd6238aa77b95559f7a

SHA1
91e8f59de9cc697cde867edd4233e79ab091d483

SHA256
c4bf309830589f87ef5e7bcdf8866b548fdd29804194b5c4c49fbd5ed5475f47

SHA512
1e47a245d16bee88c648f6149105a9866bbd22e7c83f4b6b229d5cfab5dd4ac6b2bc04c48ca0ca3c3832a890c927b9d454e43f8cf92f32d00e51478fd2d61d0a

Download Submit
/data/user/0/com.juzyuwqt.thxxnjvf/databases/privatesms.db-journal

Filesize
8KB

MD5
a5d6647f2f0a8199282fad1cba602781

SHA1
dc3aab0cf04d7ddf68f926a8728429a60e737697

SHA256
500c50de2b55d36411ffaf22e8bcf8d31896542f276a1b32972587caf717c5fd

SHA512
8d25ef8dda46fffc03efed670de81fa92732a04c36ed926311f00dac0605b88ef7ffb0866ab8be3a2353046cc7061b8d1a4272157fb816a4ebf4ade29fcf2068

Download Submit
/data/user/0/com.juzyuwqt.thxxnjvf/databases/privatesms.db-journal

Filesize
8KB

MD5
006e4c8ba1c41dd56e9c37656a6468b5

SHA1
895201141e120c3f682c4a8aacd65e321632139c

SHA256
327934c46505273cda186a2ce0e3cdb0151ef6e5f2a0dbca76469a8ece23bb67

SHA512
33d24fecc85bfd220f131109d3ca65af4feef196948a6c7a33ddf055f993bf2445b12ef242b6a5e9f62c6ce72cdd90e0ae22a13c317b60545af84c8ba9eff219

Download Submit
/data/user/0/com.juzyuwqt.thxxnjvf/files/479114.so

Filesize
145KB

MD5
9f7955db7f30191ce65c0dfc8c0ce4fb

SHA1
1174c22e03275dc289b6827222aa41e66650a295

SHA256
85fbadaa8a7e3fcb05a161cc44f8a99e6b52c1106e11ec898ebd1f5c86afb58c

SHA512
5a8ee4fc42933b725082d96fe09dc5f8ae1484eeac27c2e2adb8dde4e6eb3a559cf7edb199617b6455bc44f7c4d18beebce6c3ee3c22a59840655457cf2f4380

Download Submit
/data/user/0/com.juzyuwqt.thxxnjvf/files/479115.so

Filesize
270KB

MD5
50f9ec90c3673e659dc94343566dc4ec

SHA1
23c44eb8dca80f5b83ccb1c19dc6821ce834bc72

SHA256
ff9b12bdf3c193c6908a149f363ade859fb1471ecc509c0163607e4a4d2a9285

SHA512
73f5b22878799424bd34016013d3c9026a6379d60503d3ec9befcfe1437c9f28db3546ef4e7d240fc2f725e3ae59bda2d6d166d4d62e5f5d6da1c34bbfe07102

Download Submit
/data/user/0/com.juzyuwqt.thxxnjvf/files/dex/95adbfe2f455c0ae.zip

Filesize
548KB

MD5
8a56d10123d8fb7f7672261c609c7343

SHA1
0f9046d02f050ef0949fc4c12346b4b64c04a36c

SHA256
5c67a00a92b3aadc52e21b20bc2a337412253850487056b965fff478c0be7869

SHA512
876c101e5de4c61b7233b580a151b0845e688a563b7deab28076cb2420c50a93c28b2eeb11ddb13e3396df45aaa926d97692e34fa4ab785bfef252806ed0ca78

Download Submit
/data/user/0/com.juzyuwqt.thxxnjvf/files/dex/95adbfe2f455c0ae.zip

Filesize
1.3MB

MD5
7ab2793451a957186ac073041c1ea72f

SHA1
2584cdb12c209f9a7f9c024e702d49a30fe11d62

SHA256
964f248542766ddba915f7ebafa9972117d46e4f28f654513ed69d7d7a1b5ff4

SHA512
3228bc50db8bb04ae5a05d210548e4020c567c8d394a5f9f8ed38718635f1535111e9ec068b2398ada172ce65e740f6ce0f8c9235c7131d953540dd894dae44e

Download Submit
/data/user/0/com.juzyuwqt.thxxnjvf/files/dex/UTIwzInMxrMbXrXkJ.zip

Filesize
649KB

MD5
660e9ccebedb399da7b3d9fedc6ab638

SHA1
12e4da8b1b09746b52053265c69a8964d291408c

SHA256
81f5d456f86af0289e35e217798e370fd94f903cfb6673d6ee49ac3ab7c7512f

SHA512
ad59915b41b3419274b841dcdf58352271ea077dd73e729528f4ba440fe55b1a2cbd6969ba42472ee7ea1aaa6de3c87beb503c4c95d9b8a5d9602ba79daa5b69

Download Submit
/data/user/0/com.juzyuwqt.thxxnjvf/files/dex/UTIwzInMxrMbXrXkJ.zip

Filesize
1.7MB

MD5
861388812b3e120b91cb99a8954dfe03

SHA1
d41a729936d8dc5cb35be39b2c37a7613ef7054d

SHA256
775a809d640cefc0aa7e8fd1d5c3e1ebe969d3da6668739a443a6baac9e6bf0a

SHA512
fdea32dda24cb6d540cab89049db697c3f79a57e2b3bc477995f78f1276c9a2de4d767722c4592da93e9a55aa73554f089420d7ba69d7ddf455b40085c05a906

Download Submit
/data/user/0/com.juzyuwqt.thxxnjvf/files/dex/pro_btn_bg_animation_img_0.jpg.zip

Filesize
8KB

MD5
7c20a2b01bf3f9df1f0abb72ebbe82be

SHA1
e601b2e41434623edbeece32867517a3cdec5449

SHA256
1a10cc3cd2dc21a9be2d2eb758fd19288082619d331245b927d0a9299462ea2e

SHA512
3faa6efbd3ebf6e1aff7ebe9958c5f94bbfe9c5ff9e11e9092b1b7301bbe6504c01b922d709303147e213b3cadce8e96462220a1d1bf4d6cdaec95b3f84bb1b4

Download Submit
/data/user/0/com.juzyuwqt.thxxnjvf/logs/Sistema1724945876972.log

Filesize
51KB

MD5
a09ac76ef2c19ccca3db72bc73f331a1

SHA1
87d493999cced1085771b499927a8d381b11fbed

SHA256
0e891fe400f1fa18dee1947ee797592426199174a174b34f21c010abd02dba50

SHA512
8e999a4440c97c87de846198515b1dfd8012c731f5cd452d6406dba41e1467b7553412d77f30918ae7f6372ea1618e663d82a328493a63460321e0f290c0fdc8

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads