Analysis
-
max time kernel
123s -
max time network
157s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
10-09-2024 20:50
Behavioral task
behavioral1
Sample
B8U76_.ver.1.0.build.1.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
B8U76_.ver.1.0.build.1.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
B8U76_.ver.1.0.build.1.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
B8U76_.ver.1.0.build.1.apk
-
Size
2.6MB
-
MD5
55b1be60416ac9bce81425afe1e235a6
-
SHA1
38c6d769f098f056d425b7b4bf4b5f722049a976
-
SHA256
585a58a92e4cd71abbb7aedd297f263c934439f903759b00d546a9cc2d460ce1
-
SHA512
dbca326eb90a340da6c6436b0ce60bc8aad25aa82cbf954e9e8fdc03d7745cd2cdc3a174b53152a6d3ef71697bfc615583d719ef8035addf003962d972c775c5
-
SSDEEP
49152:b3NJLWUfhWPB6NMAKQKNiJhLbNRdZ3jZ9V8jaffHTY0r:jNJLWsoPB6EH8JXhV8+XTn
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /system/app/Superuser.apk com.nabat /system/xbin/su com.nabat -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.nabat -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.nabat -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.nabat -
Reads information about phone network operator. 1 TTPs
-
Checks the presence of a debugger
-
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.nabat
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16KB
MD5838462e010f327e0bbb3c74129f75a06
SHA1d3101c14d00e5d3ff5a162cc0c388b63e6f13e57
SHA256cfb3d8a9dc22d8c18e7092ac52bbf5d6ec3a36ef0faf8a5622b8c09e59da4562
SHA512a18e62a8a80fd02b286c8a7f625bc8eeb35d571fa4fa1e459230380f1d02910343bf4b36630d12ca57113486f598035e919067e340b59f576f95ece56fd27fdb
-
Filesize
16KB
MD5146c921ce487e9bf2e12edb80ee1958e
SHA118820c5439a41661b2b56ab7df718e7100815236
SHA25671e5641d3ed18318da2aa413381684cb58418b2aa6f7c201c508216d124dc822
SHA5126dca5f3c53371b53e70ff3feaa5ed6c58ba8e390aef2630debae6e7de54f7d42690d53e091916c8cbbed1ec2b9237f4c076f700038533d5f09e3497bf2cb3673
-
Filesize
16KB
MD51490152778e97c533fdc28fcc2f746b1
SHA195288d7a3168f3c726d7cdbf59ce14fce9525836
SHA2561ee903c77e4c10ebd196ab5b00036049ce0bc6426f3b5c70743cdfb9d3641d33
SHA512735668ca1969803d99f904ef60130a4f5a9c707616cc7f41a82a37efec7ac5bfa3630d0e42405d4586d1d13bd760d771011dbd8d840dee8adc7164ae9f0c6f8a
-
Filesize
16KB
MD55659ab4d39f649d52ae090e6f8ae7f6c
SHA1d9f7d9bcd4c8aaa8915956a80efa8fe02662e740
SHA256cda95febf67a19b725bef7950758bf1a71dc760c73a3987f8ee575f07e6c227d
SHA5128fdd0497d0d87374afa260408a79d05d2aa7a58f1b400d8b4b0c90db698f1294341c35c3494b2b20d00ea0a749e31ba566589a764833d770836a85f1d7e12a15
-
Filesize
16KB
MD5de82e2c94d2718988804b035a46d17b1
SHA1705f5ff19093ad209f2a666085d6ccaed3bf58a4
SHA25629110e626f8f49171d14a819b34492d094120f21ed7a963007fe95439d771d39
SHA51268f5f88e638e76cb5036dad6b320896f1735f64067ace152e0baea81e9ea0d153559f53bd5c608b397281369dafd14c5f5965f92f567dc89db157414a699023e
-
Filesize
16KB
MD5d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA107ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA2562d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb
-
Filesize
8KB
MD57867211506a16530e4d0e4704d3fefeb
SHA1741aef5ba9ad92b26efd95a00a40c084f2f1caa4
SHA25613fec50d29d36508c14e1e01eda285718d59ab8cd5407c3d068cd0210754c57e
SHA512d37e70c74f78504b6bee436459ff0d18ff80394d5745b16ddd88e5ae7ea8003669c1fa19487db5c6610418e5a49ed14b86e876602a04f62c67f1a33be7c7cf67
-
Filesize
8KB
MD5139f21bc78d272ba5eb6b8de619f51c9
SHA1d745f683db992afdf006f546fb05be43b6b670b2
SHA2563a23d4c49a4890cbb6c76bfde9ee12b2b775b8d3e4b00485715b3366264a39c2
SHA51249e33e9ae54ab9e9abe35f157cd71067c5cf147ada41c63a3b63781adbf91c5f2fb5bbabc86290e07276256d6291141d064932a665d07bc636d274027727d6ce
-
Filesize
8KB
MD5297eccd596626a65bb8cd50455fe683c
SHA1edea217d8fdc3dc475ea7c65dc7877ebae165c3d
SHA256bba08ceb7fdb356eeae49506d6cfec53810b0e508736928db6f1c0751a4e6260
SHA512afe02654adf37743af94591e5c8d51f80d3cef637b295cf4a9f42120a09444bb9dc6fe3b793f161112d17fc2ccbcc580149fbd88b99743d011c4e6dbd70c3f23
-
Filesize
512B
MD57e9e1980f0d9efd77e7874687a43d989
SHA1bf66eaa74f45401354bacdf9cb57bfafe48e06c1
SHA256569f8cfc4d2960e247f58ed26094c40def68a80fdb7449eb090d487d6f500211
SHA5120c1c11e36561ef9668479267ad3cdc1d7cc17cd2739e1993d0ccfbd8ae6fb2ca8ae9815c255aa66bc4b135b769dd99836e2a1e95a3e2489d845a51286e81ab84
-
Filesize
8KB
MD5651d2923852e8e7013fa36984895f5cb
SHA13a6000a19925b7957efc23c90397f38a92c85f02
SHA2565159ed26f80327fdde89a82a6f6be6b1c870c8a4576a1cabb58fb13468c02ed7
SHA5120ae72f0676961cdef8d27a3549efa02dc0678adc6406c80141ee0ab418c173dd431a12c73ee22b5db08fb3a1f3328da35ad9cf2856c9b8e5e9af2b34159193f6
-
Filesize
4KB
MD5b2013a814048a6036ea731873ef96f5f
SHA16708e578eb4ee83809a08a3b312d932b58f3f1d5
SHA2560d6de1cc080a8848a17507c0f490fc218a6b05d18bbb971217b4a2968c8bca94
SHA512d457486ac858164ad9e231b8c36d6d391561b069caf4e81d2ca1dcad3c904a652ed8ca692567f23c341176f63579506cd3aa08f239cbf76c947ef5867de85bb7
-
/data/data/com.nabat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66E0B12501D6-0001-1162-3A3841866131BeginSession.cls_temp
Filesize77B
MD5bc8ba9578bb99ffc9f63ab64382e0b2d
SHA122b4b28899d9c8527d0b2aa8df3965364255e55b
SHA2565f8f6b5b9cb7f66b61d1f8df2b240dbe2a18b752ea85bc9117f4944326b2bdd6
SHA51298692bae3812106b9f556abfdce2902311588fbb2cf8e09f52f6398382d81c11d9c7627b8114a7966b5c5cb24ae5faae49b0b6fb938f15ac5106f78bd425223d
-
/data/data/com.nabat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66E0B12501D6-0001-1162-3A3841866131BeginSession.json
Filesize132B
MD5097a8b16992e850f59961f80eb293a12
SHA17870ffdb7f3d38525a057b9eb9ea6bb785012778
SHA256f0c3accdefb244d2805d659ee9af4e3a0c5e85bf5b3544a8f089d2e7c6000f10
SHA5120fa69096c08d6597c274f1e8b3a8cddf40b2858485b42288363d98ea058409cee621c175af99f3dda92e325206c5a26e0ce850021dd2a819faeb314e119fdf81
-
/data/data/com.nabat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66E0B12501D6-0001-1162-3A3841866131SessionApp.cls_temp
Filesize101B
MD5128e1e7979b38407f5929bb40d68714e
SHA16414579f7d5f755785618974e8e037c05311096a
SHA256aa25955e883a03b803d1ed0626f7c96ac0b5076fece2680d77583afcfb09141e
SHA512c957b118461bfd742d551239a71f90431c5f81b5833be7bb782730ac2c3406c85ec8a77356383fb46a051e26bf6eb216d0c0557d5d090f1dcccdffc3e6f3c5cb
-
/data/data/com.nabat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66E0B12501D6-0001-1162-3A3841866131SessionApp.json
Filesize215B
MD57ba25f5410326512d45413b3acc52b6e
SHA1db79d870f78229e6cbb553052f0c819784a36b59
SHA256b66100a8475ef5c4844f320a544a32d6de9e1b6a262ad246efe85b184de1fce0
SHA512ee8a978582c6b178e8a7818ba2e6c9cb0a7ac92b8bba03243c015f089f57fc835ec7514936c1a7656b4d24911c4f8c8da69e6e2ab906af7f0b0d66a4b50f612d
-
/data/data/com.nabat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66E0B12501D6-0001-1162-3A3841866131SessionDevice.cls_temp
Filesize48B
MD5fd6372364a5c5c9cf8945ac3ea7a5d94
SHA13c798cab71f6ae7a81e71e58712368231230588a
SHA2567400bf714ca32b64dd89440c9d5ace4e0115ddce44d169839e465df0e1638641
SHA512a18b18d061dfd979bce1e0b769009668c322300e7174f51d2532e86dc6018769194507a106dd30b97317f8c1a7539d13a7baeab2900c1e00da7c74e899dab276
-
/data/data/com.nabat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66E0B12501D6-0001-1162-3A3841866131SessionDevice.json
Filesize202B
MD5eeeb942571fa704cf8ae49731fbe9789
SHA1b5989c4cb932ffc779ee25bb3f7bfb79cf720427
SHA25678809f7ae96de01e3922b6d3a134c3f7e9a0cbdacef313f70e8d9345bf5fbd71
SHA51271e55c16f9f8fc936f8607448916bbfa1ba233b7120b8676fe11552916ac4dd3e3a7b0f9c31e14048933c8bb9c9d6d630ab7d28389f31749640cc965b2636565
-
/data/data/com.nabat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66E0B12501D6-0001-1162-3A3841866131SessionOS.cls_temp
Filesize15B
MD5b3d9541cc92a9153d14e5160f8d8c008
SHA12e1ac80eb381dd82a03795b682f92020348c0113
SHA2561ead5b213c87f182ffce484c34f7d9f140ad3425c0f303f460492efe8a26c56d
SHA51278074409135a210ba4e1407ad9b3f784f5683e83aac4ce3482d4e8135425cf2b30db1ff5dd0041901c490a551a477237c6d255671c7b1fad74090980dcf3334f
-
/data/data/com.nabat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66E0B12501D6-0001-1162-3A3841866131SessionOS.json
Filesize55B
MD5fc1dcee4e422d77e7fab7c08c8a41344
SHA1d5340127e9d5f735b9d33b9dc61c772fb0e2dc15
SHA256b843f05ed78cd137c272ba7f0ce8ede3aa853098a856863e51d5c223b58f21c7
SHA5123ec07617e3e1008572f6f2528de9d4b827050cc5a7cf19a1604c961f9ec370ede6f5fd83bfcc252c0ee286fe244ee6734046ef1aa638dcfc689cd4407a6a8f61
-
Filesize
391B
MD5a9ba5be4cee30e5bf7fbd647625ad5a1
SHA13ec0cd092494752b8142cee0c50fbc5337bf902f
SHA256765c9bc361043f8ebeabb8d82337e2f2f9ea6980a7a48009f705ae6306b4e015
SHA512102113dc324c1ff3ecdc8af3342fae6cccd665af190e9b572d77a5cf5dc969f6efa3e10a6d52e81455067dd1c0fe7d6b5811fd061e53ad29f0ef9fd3551e56e4
-
Filesize
759B
MD5c4655096af9888bd626e29abe1346737
SHA1e54f79bde6cd5bb304be2ec3c0e95ab11dc26bb2
SHA256f1e2676502188b434a641c7485027679849143c2c2d4ebb18765c15344aefa72
SHA5129c79d6561dd15611765ee39d5a004d2805ce6132ea80aa2b3cd9367d907a73056a178f77cbe1e42c165d7e29c977a707be7d609867964599ebb26050f7942171
-
Filesize
16B
MD5c33583fae4e0b61cde1c5b9227963237
SHA1fe2ebe4d27469af1460f7e852031a04208ef629b
SHA25635c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e
-
/data/data/com.nabat/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_ab6481ef-49f3-4349-b23d-0944e531bc75_1726001447914.tap
Filesize321B
MD58a408614ec3841b6127b11bf506ba0af
SHA10981c36c902d9c37d6fa7ab1a85d2026ddbfa7e3
SHA25690ef30dd854a57ee069a01944049422500f6bf358fa426f8de1977caee9f2696
SHA5127e3199da5e61b57ade196109c585d0c50cecaed66c93072f09ca5925a9f0a1a7fc9d0cfd5af8e7612e93702044db68f624c967066041ec50186fa7cf4ab023e0
-
Filesize
562B
MD5be1b0dc5206e2d9c4c45dd510e88cb12
SHA1500d33d6c9f421212b4d76eefe8bab4fda575c19
SHA2564dacc1f1cf29071d0a89bce0f959f3a9bd4ac6d59a84bb1873a8973e7b3bef3b
SHA5122b9fcd18946b0025b174b4e3d02ea49e0252ba2b843c829059d45e363f78f6c1ccd7089637ffec98e6204f7bbcc23ff56f8c1f5221fa02d3582a7a05e028f13f
-
Filesize
90B
MD574586316e8213d91f383acecbe42d73b
SHA1a20c55ed6c0715feb6a9c8d5f7f315455243ff03
SHA256839ba61dfa0c4d77b69af66112ce42b4cd8097411163616bce3f2d66f725fe7d
SHA512e2c7ee666da576f7d04c5620471a92d909b7167a42fdd5998fd375f415e06d9c25b8557656b2abdafe019d22f53e985ce93e4be754a91ebcf633360ad4b91b95
-
Filesize
163B
MD5c59834367949f1ab96579070da0487c7
SHA143a95e45ea751d62ca30f80ca0b21fdf8668854a
SHA25632161e01366b8e90ebac63f979b28de754d85095f20f7a519cba3cb4f574a614
SHA512ed6761935c0bf927bafbc05ed7a52489d347fa2f44829400c03ad8d225041c648c9e951ac8199855cc42d7a852d6379899c13a3402608a6616073de6502fac51
-
Filesize
4B
MD5b326b5062b2f0e69046810717534cb09
SHA15ffe533b830f08a0326348a9160afafc8ada44db
SHA256b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b
SHA5129120cd5faef07a08e971ff024a3fcbea1e3a6b44142a6d82ca28c6c42e4f852595bcf53d81d776f10541045abdb7c37950629415d0dc66c8d86c64a5606d32de