f027108114302d5f7997ba69cf3a3f2cbf02207aba6a7db93d9599453315e3a2

Analysis

max time kernel
87s
max time network
134s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
11/09/2024, 15:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

jpmfutures (1).apk
Size

6.3MB
MD5

ae22fade50dcc3409c68f830e1f2953e
SHA1

721e0297e26fa482c86e6df92a7c04b280f8f2e4
SHA256

f027108114302d5f7997ba69cf3a3f2cbf02207aba6a7db93d9599453315e3a2
SHA512

eb1f503ccca07df88c67c36b6cbf8efa4dd65d693229dcb43a443cdd5efc6b94f88a862bb5be938c9c737c12af6b8e7461f5f4fedb99b18876fa3b7f59aabb6c
SSDEEP

196608:802YX10dU1s3BgRvlZndEKOzAWD8TkXXSU+nxTCYIMA:802Bqixq9EakXx+nxGP

Score

7^/10

collection credential_access discovery impact

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.olubj.nctl

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.olubj.nctl

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.olubj.nctl

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.olubj.nctl

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.olubj.nctl

com.olubj.nctl
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4471

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.olubj.nctl/files/config_file_name

Filesize
129B

MD5
f4cfb6dfd6e51b4137c13e46b939b1c1

SHA1
7d6804b044c85f1f3078cb4c78962d6040c0dfea

SHA256
feb7c383660f0c688e47c74419cbaa669b788e31331c4803476a4b424f20f9bd

SHA512
2b6db6d064159aa08bf6b9af5632d2e02b7f840763bcc26435d473aef17e287e8d7b071c7eb69c22736724fb692ca0657bcc3326efd45664cc38d348a4772abe

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads