Analysis
-
max time kernel
123s -
max time network
157s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
10-09-2024 20:50
Behavioral task
behavioral1
Sample
B8U76_.ver.1.0.build.1.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
B8U76_.ver.1.0.build.1.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
B8U76_.ver.1.0.build.1.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
B8U76_.ver.1.0.build.1.apk
-
Size
2.6MB
-
MD5
55b1be60416ac9bce81425afe1e235a6
-
SHA1
38c6d769f098f056d425b7b4bf4b5f722049a976
-
SHA256
585a58a92e4cd71abbb7aedd297f263c934439f903759b00d546a9cc2d460ce1
-
SHA512
dbca326eb90a340da6c6436b0ce60bc8aad25aa82cbf954e9e8fdc03d7745cd2cdc3a174b53152a6d3ef71697bfc615583d719ef8035addf003962d972c775c5
-
SSDEEP
49152:b3NJLWUfhWPB6NMAKQKNiJhLbNRdZ3jZ9V8jaffHTY0r:jNJLWsoPB6EH8JXhV8+XTn
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /system/app/Superuser.apk com.nabat /system/xbin/su com.nabat -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.nabat -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.nabat -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.nabat -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.nabat -
Reads information about phone network operator. 1 TTPs
-
Checks the presence of a debugger
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.nabat -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.nabat
Processes
-
com.nabat1⤵
- Checks if the Android device is rooted.
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:5057
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16KB
MD59d372875dbfe5c6e51f26da37f980d54
SHA1b5804772bc5003362f9359e4ba081adf7042420f
SHA2564464cfe7de976ce52c0297d3071f4e6b9e1c395ed94cca155ae062bec2bd8688
SHA5121179942a42c4b44fedcd56069b7481e43749772e78bd1be71d161078b99f663d687b721d1a1b85efd5bbfe6b725fe0cb75d232872dded80bffaffa421f2df19e
-
Filesize
16KB
MD5796c7e6c4583e5a2336f725c0a31e5cd
SHA118e43820956e4ad54bbb4f9575347e0a557841d9
SHA2564998d09efa4cafc34e6ec1d11b41fe3286a880bd6ae4e1b2598622b63d7431a3
SHA5126562117e37a22840ddb58d78e36a317dd9433337442818f7f1273a53c1638cc3e421783e9c69328962047fb807808b24f769d7cd552780ad6f43866e570ea4cb
-
Filesize
16KB
MD5dc9f283aa9e983ecc5feb4b64bc3a604
SHA1ac7168cdc0cad00dbaaf1970f488369743009c60
SHA2565845837f50efce04434b1ea26f93a15c63cc4abeac6cace059575af027c6fac3
SHA5122f4990f9ac955a690fb52f4444d639b47e614b067eda3729b13ba86aa94003542bea0d394c5190c7c8bb53fbf09f9244e3ed745d31a3021a8c3c6f6db2538f78
-
Filesize
16KB
MD5c820a8fe5792a3b41f8c7d4bfcffb121
SHA186e160b6e4f2ab5483ffa97b5aeb8076511fa423
SHA25694f9ef3acf3b8b5e4d271ad870d05a19b45282f4698e30f9e81d956eadc71bdb
SHA512e35d3d37fa5c14dab9bd6123062a4b1831bd8a62eb5fa92a01c64b59023f739c967a1f962f11896d473704fe894437b8c0fa2b60534fb5191c11f68778658471
-
Filesize
16KB
MD5adf6082723784327d7d1b34adf974e7d
SHA1b1502f70eb881a1dfe41139cb719fefb877ee37c
SHA256252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9
SHA512762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b
-
Filesize
16KB
MD5eb52a90bb70b76e946b62f50b6f7fb85
SHA142d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA25648472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c
-
Filesize
8KB
MD52043888e4a45bd744fefb9cc27ab6180
SHA1bb203c52ee700e43d47e3001b1d15a392f1b7a4f
SHA256f08eea32a87aa57a5b5713261288c686ca047bb45bcf334748b96718a0e4f3f1
SHA5125566a52eff05de2797cf13e12467eec054c4f98e30e82798154024830040579efac3769857b4c9796184c0164cb602382925376d58804471b60d594d9757ee04
-
Filesize
8KB
MD5f29bdf64cca1d76d42812d1a190da5c9
SHA11b8f14dbd1b00922b7d1112f07452445716d5c15
SHA256f4eb90944e86073e6e0b7c2874dfaf6fb3f1f2435a5f9b9f539548b18d9eecb5
SHA5122a29e28fb5cf7d18be35b7c62ffb85c89e270f84236c2fa0ccfb5c1255126885f80be83180f669ce788684526ca4f777244f147cc1e4cd26bfa0be5f16895acd
-
Filesize
8KB
MD588c0aafeecbc4c771ef9d02b37e133a3
SHA1d4abf0a02212d3d0ae5fcd840064710e1b809277
SHA2562bc892dc199a5aa49cb187a52e4b2b5fee3dcbbdf9c601b253c66adae632ec1a
SHA5121bd2a5ae02a30c44f9ef05fff53303211607323da19e7a32a0d7a09b3198902aa54e3b23188b619a4ecea64a1ea1be56f5dbaf4c6f159655c0a3134444034133
-
Filesize
512B
MD5238f991a486bd5d2f9abbaca60e104c6
SHA1f712f5fc33d4f76c4b1a860331ab309cef177b90
SHA256a19ee3eb6789c0aaf4c0a6eb32cedd1779a7627bcf4d1ff6a33abc12697d7467
SHA5122b063e00e28717744b4747d09dca5e7cb2ff9a670724c43dfa3268ab72adfcdba2c2c035c6b85cc528b95db09ee99bf05403bdcc14af2131d3959e1df353eeb3
-
Filesize
8KB
MD5aaf735f0cfe57e94745ccbf1986d114f
SHA14a3e218db06e2a089f5cdbc85ac8e9adb77f6e4b
SHA256de3d6da48b14ea250bf8166b823f0899f504f85e5693abf1a01e7d2adfb4370e
SHA512b91639f624e02c6bb18a7de39b03e9c9eea4ff5600b0d4083418485839ec8e8c31fb6ce60086a87150adf391b85019de5742ee4ac9f8e91965224a629d6d52ae
-
Filesize
4KB
MD571e800c5d54b9afc848de43525ba8330
SHA100d7f30f94add82f77006130cc989b739a5c33fb
SHA25635ba46633de6aaa5ffe7cc4752538a04e174081ef8fd50907532f95918b41947
SHA5123b758a0d108b5a5f32c1f713242e6f04a51718558b286cf0b7e7d2af1d3b6d07bac4ea6f12d0af7c6a835714ed6caf05f95f833412d4a87371668993f73531f8
-
/data/data/com.nabat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66E0B12300A6-0001-13C1-F7FD7841771FBeginSession.cls_temp
Filesize77B
MD583776bd17c356d3664e75970eb1b0ad4
SHA15590302427cfc18100d5fb1844ca6640a091a01d
SHA2564e3e1e5e8250c737c325302ee7b58f9a7732e2a8823677f6f2c60f1ab2e8287e
SHA512f7aab9b0add6add56d9d763561dba862d12c1e74c362771e091962f7fc51e63f9a235171d4376b1cc7484dacb8ce2a0f6fd507b3385a3dcd291a3341c30f42c4
-
/data/data/com.nabat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66E0B12300A6-0001-13C1-F7FD7841771FBeginSession.json
Filesize132B
MD5093dd5aceff079bb1ad30631c8f885bd
SHA1939ffffee3afc5958238277b256d7244ed2389f6
SHA256cc38a7b4db8ffe314486ef1f9049e98e1aa882230de1c106aa7965064ca23cb5
SHA512201bcb27f3f49af6338bca5e651a3b14ef063dd310af8ff60532ed3ec08dbb989c3229cd0901a041624846db7ff07c12f0d54cca1c3dfead5de7b5a577c3bd96
-
/data/data/com.nabat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66E0B12300A6-0001-13C1-F7FD7841771FSessionApp.cls_temp
Filesize101B
MD51a040c8a5290af4550cdcd8e2ca77a20
SHA1932d25aeb2428e04768b896f662498a828d22e8e
SHA2565f2a4c5c380ed7cc736d14a49f69968583e824332ca7f7054de54ad32b900815
SHA51256af44b942775da2f3d2b54eed4aeb34d965e46e477d3a8f6256a9cf8bd55caadf4333324f6a39d29e08bdbd5c09b821aadeadfa935ab1ab99d08ec7867767e6
-
/data/data/com.nabat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66E0B12300A6-0001-13C1-F7FD7841771FSessionApp.json
Filesize215B
MD5d3fde85a4b303260a55d95f1a798e45e
SHA1b746461438e51c25130eddc2eac84a1aec032409
SHA256f7fa873ce4b15ff2bd9e8b491400c17b14ff85beded3d86e82cd7b9d8a067e27
SHA51210f0a1430cf4f4440bb01a0f30b67b59686c42be0bfd9ed8a9509634ad38bf8732454236cba8407011a9e8dd2456707cc0b2acb2bc97212c2ef17318f1b05f75
-
/data/data/com.nabat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66E0B12300A6-0001-13C1-F7FD7841771FSessionDevice.cls_temp
Filesize48B
MD52390c1f21db00b20c07107e3ec7275fe
SHA1e663a646460acc071aebee942cc1776c23d77655
SHA256d348072a01496839cfcde3a18866423aee74aefd613fa3bf1ff4a203ef46a699
SHA51243ff60754eb60795ca1c318f44dcfe49194add26cc3d92c2eac7bef538fd65b6290f2e5953b8f1693b9425ebbcdd022ab16a18280146ee0b0c2eefe27bc0bd63
-
/data/data/com.nabat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66E0B12300A6-0001-13C1-F7FD7841771FSessionDevice.json
Filesize202B
MD5afa07370d07ed0a8ac9554ee7001bb72
SHA1d1e9de22fda1295087525ff3a377f7d7dd410ac7
SHA2568d4b99fc4968c9cdff4626ff6c1467cdb427f7a597b153f03b4bfb62dde6c07d
SHA512a7a974b1c4ca3d7ca92e1449dc9718d5ea2af7f8e4c605d25c731fb4bbe891fdf340835e2a4e3a363558744e5ee30aec22542f377eb5bffc0097c70d24f241d1
-
/data/data/com.nabat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66E0B12300A6-0001-13C1-F7FD7841771FSessionOS.cls_temp
Filesize15B
MD52566d27ce8c28d8961f082c375d7535e
SHA192fe585b1a2c9c523d2fa1f65ab5c1b6a1a6edaf
SHA2565acdb54ddba2e264f6822fbdbc4e9b5158f57d43785c2f01d981956b18f7a90a
SHA5121c70679bbd25a57f9ac02083d5af0fe72b1417cf3070a195497f03d6f492e87b1ed3f570de7ea7c814c995a1530e32610d9570f31a480648f4062e8d3287be8f
-
/data/data/com.nabat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66E0B12300A6-0001-13C1-F7FD7841771FSessionOS.json
Filesize55B
MD55caea4b68c57072f7f52a5a41720566c
SHA14d9712f1702c7238949da43f7d8ae6efb233a666
SHA2563223857b618b924c2b0fbc7bfb373a1aacf300a7b5ab585e18fffcf19039f363
SHA512fe1455d21c521aeae3292bdcc386f6d2005dc253930c03e44dbcb972f96b849670d2aba039ea59e1a5ebc0350e6315151d17bcda55c161a62987d4bb01e91f9f
-
Filesize
391B
MD5df88daebb82487d3ea1312473df05f3e
SHA13a680cc58e78b1361ae005bb8ddfb1139fc80b0b
SHA256d5ca2debf3917d68182265bd7a451017c40c43421951ca074c5dfadedb6800f6
SHA512f2b1b57946a15724e5a9fcdcac3cca5d669277bd6bdb9b17e78f82fb17cff7a0673cadb62b09d2ca5e853cee6b13de045fa952f84e84366e54285bf2545b2317
-
Filesize
759B
MD563c581767958279fae98764f0712e3f2
SHA1e7597eeb2b73618ceb39b2fa790054cc080bacc2
SHA256ac2d137d54c4501f09f2a4fad27405e6a137d24c4275eb1f5d38473a758f05f6
SHA512aa61fb7b8476ba3d0a7c0e0ffc28fe8ae9758b18d734753618c1f9a45d8844a68792a4439e2793446f091a46bca712aae1f5720681222c1f233ec3f9c6916487
-
Filesize
16B
MD5c33583fae4e0b61cde1c5b9227963237
SHA1fe2ebe4d27469af1460f7e852031a04208ef629b
SHA25635c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e
-
/data/data/com.nabat/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_96178232-e454-4b16-a2a6-af2dc4338d6f_1726001445248.tap
Filesize325B
MD5ac3f7ac5dfd441e3dbf102bd6cb33be4
SHA11269b6b421a75c50149f0fdb6528835cb15d9ddc
SHA2567c2e9120ebed8061e3712f82063aeb2fbfa8a053d3399e0a23b66afdef34bd38
SHA512c5d9436917253357a78561af6978afc9a461660329d0884ba37050716a9baec1271f5d430de2aa0b1ee82dffe17bf1edb2f99b8cb3dfb44bba3f761dfac6ebca
-
Filesize
558B
MD5ff06e01dc2507dafbe23d28691a7534a
SHA1897369e8977b32d9e745b6f88c2bf8749c485eea
SHA2561d0a7315f47a53f26ec0ad782ab53c8d3a5c6089890829275858ceff83257467
SHA512797cc5b885450ac854cb02ddca3152ff31deff0369a74afc55ee80bc88309d4f5e4b9afdcf4ba69e65dd07ed4460895852a27fa5eb287c27746014d7f71238c4
-
Filesize
90B
MD5900aae416b7b7f38e6908b1babebd8d3
SHA1cc06ec1c4b227def194f58160733298c47b195a7
SHA2569e1048d6fae01046b53f1556f6ad366b424ec201a2023701f251b23ed4204af2
SHA5124517444fad1186d1ef16be3cdfe60e8606bad971effb5002e510a5533129f3b210b1abc02f80d108251ddcd4dacfa9703935940774dc36b1c3d2b73c2db629da
-
Filesize
163B
MD512771a020ddeb909d134fbca44dfc147
SHA19314cf2f0266584af782658969646999c2a74af7
SHA2569b0aca45c56dea6bdd174b6e545455e3ed23954881721c6cb364a3bc22f7660e
SHA512fcad8001d42d564a1d46cc59303176b12fcad3e2aab5f09afa337e2462b3004c53601e5668c19f6e9ff2e7db2e4af5656eab9cc40abbd4f4f7dd41cc08c00b02
-
Filesize
4B
MD5b326b5062b2f0e69046810717534cb09
SHA15ffe533b830f08a0326348a9160afafc8ada44db
SHA256b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b
SHA5129120cd5faef07a08e971ff024a3fcbea1e3a6b44142a6d82ca28c6c42e4f852595bcf53d81d776f10541045abdb7c37950629415d0dc66c8d86c64a5606d32de