0e51613c7e0956d96cdc76ae1f44f45d1e72b94115ed60d6b0a9eb1620e2b84a

Analysis

max time kernel
19s
max time network
159s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
12/09/2024, 06:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

base.apk
Size

2.8MB
MD5

109a6d4475e2a75f80dd1d4cefae7200
SHA1

36915de350398161cf825265b9fec0c702263f55
SHA256

0e51613c7e0956d96cdc76ae1f44f45d1e72b94115ed60d6b0a9eb1620e2b84a
SHA512

a163e82a57ab9631c2d50651fd9ed1cee3d4b342bd4f24c0adc7a253e18f9af04e89baf25a289796a420d0bf77971c5f1df9a2442ba309024310c58f1e338d93
SSDEEP

49152:WKu2GSlhq+gpveu9LJOwtQMCY9Guk/Bkoa3lNf0viCsjRCOQEbTMozt:jGSl0veuDCMk/GoajySjRCynt

Score

7^/10

collection credential_access discovery impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	x.akuma.x

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	x.akuma.x

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	x.akuma.x

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	x.akuma.x

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	x.akuma.x

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	x.akuma.x

x.akuma.x
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4937

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/x.akuma.x/databases/google_app_measurement_local.db

Filesize
16KB

MD5
35ea84b7ef998e037dfb0fe5830602c9

SHA1
19a97b2a8a39edca01240544f6102f20e285e2ca

SHA256
162598f0a63dd67d2763f9207cc98ca4dffe827f1c01666da7d3af4acdf096cd

SHA512
a55e509996c581108d8268c9ec3ff9b430d4fddd32dc8cffc2318754ea8840d0d086d38039277037b8342bc770daacd6062c848f34b6ec136700c746f37d6288

Download Submit
/data/data/x.akuma.x/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e511472978f1884e135e3bc71baa3a7f

SHA1
4f084097d80f30993c051335a0102e6cd75b9133

SHA256
c619eb471df7f32fbc63f8b5370d0909ba542d8c952b4b34681d386e26beac28

SHA512
1144a5e9dbb1a9bb81d56b6be1d0ba0512e4b9b3147587e4253728f478de99e15286fa07763bf3fd564b2ee6e272c53956360ba2eaa07da03598e720a9bb7c57

Download Submit
/data/data/x.akuma.x/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f6575ed9add889a5b3e26aed80ef82c9

SHA1
d1d7784b5656974d6a2687c1d50f393cb8e5495c

SHA256
709248cf0852ba63be8c6b05f20d186cb80f7663c6e8729bf71dfc8b938bec47

SHA512
aa7e82e70ade79b506e78e6b57e41b44419c9e1a3231a81c3633b7c6521b2e7dce901e6c575f6b0cc8c8d5f9d9d16661aa4d4260e60109ae61533a58a8106de3

Download Submit
/data/data/x.akuma.x/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7aef152ade0648a2d599bafa4b5a3b9b

SHA1
6bad40f723e4adfdc0856185f7370e0e4a9e3145

SHA256
74efddf9ddb21eee4e08ab26e35f5102dd6f7ed2bcf395de6ed154291ff33cf7

SHA512
a14761bbc9ec61f2bf8f920fe9e5301bace87fd4f4f6d8e5ee782544d50967e5b519d25f5620f4e88dbcfcbd50fd90df16f4fcb2ed12a2dd17efef2e052ae990

Download Submit
/data/data/x.akuma.x/databases/google_app_measurement_local.db

Filesize
16KB

MD5
adf6082723784327d7d1b34adf974e7d

SHA1
b1502f70eb881a1dfe41139cb719fefb877ee37c

SHA256
252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9

SHA512
762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b

Download Submit
/data/data/x.akuma.x/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/x.akuma.x/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
7625d33b9f054e9a19746c88ba69a7cf

SHA1
0ed6852a66328a122a03c26a15088d0d20b83afb

SHA256
04765101003c449c9fa286adbea142a1f0dbb8989df3038d2ae04b711e845bba

SHA512
7e8d6caee10a706639058f7880c19aa6cf96af25dae8a94c4673234c59f63e46dd89a1fecea6a968bae65f75bf851001fd34cd64182e0855a8c9522cfeae94f6

Download Submit
/data/data/x.akuma.x/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
f4f316d2ed4fcdc87a15750df008fbc2

SHA1
761048eb5089e1c2b4050d0d1816d5eeb2d16339

SHA256
62f7bd8ee1e19114ba2f4b035e5658f7a22120551aa7cd79d45c9eddd9e8b3db

SHA512
c65f6d6841ac8351287f9bc5dacaf848121a3920e3a9d6e9e8035f024d1b34cdb199cf9059a898c6109ae8111aac865b05ae72670828b620bed63d97a3758a70

Download Submit
/data/data/x.akuma.x/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
30ee7575adc30edd6f4f070f3e31390f

SHA1
313bd551fceac1037453ebe0be1856d6a5a836f5

SHA256
b67218a56e89cd6f580b77672d565b15340e395c87a251d55a06e1d98c9b652b

SHA512
49b64617842d6211435a3a8fc34c945d7da10e6768b69108b605f61373afec13b739ffe034447c0ae8404a53e4c50649971d7161cf232c0439b1356e76582f94

Download Submit
/data/data/x.akuma.x/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
c1db5367499335f0e404518b367bf815

SHA1
11cad156232b839a882710c96102725da8a4c66d

SHA256
cdc2ec3480c98452695792f137997a65f5151162cd6df6cd95c3dea69711d9fa

SHA512
618ad7642cfa86916254ed2ad0331319959830413256044c84736209e6a0606bfbe7b16b445713727c50f413f42537b0e1f596f5f60fb06bc33bca3f14bffef0

Download Submit
/data/data/x.akuma.x/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
65598661d350af076023842195345916

SHA1
95f1d37d4cd3b008a6c1d3d4f9ecdb4f404fbb78

SHA256
e88fe8e7ad0291b293d73347a1fa7ad2df20575dc215b4b5806bc4478f995fc0

SHA512
8c45491081526f1699ba5aecdba40e5db3f56993a573476fb0de52de2316bb3c3aca6714b6367453145eaa25ec7c3f6aa30edfe9995134a95d9f497cebfaf2dd

Download Submit
/data/data/x.akuma.x/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
bb5633ad4dff7d11615ed1bf3eb8f0b9

SHA1
8c7741ca97c9406fba8a1f099893da3a50b28110

SHA256
4b490049d52cac7226ee156e3bb64e176e2d74a921ee034ea37bc36843caf3fa

SHA512
01d044f1f5f849814c1c8f66a3d6cba29d89a71a7aab47ad5981ca83d8ca1bb75db958abe716e34e8d9b943d0dd169975ca5b3a9a9fbb097bb5b54fca8165518

Download Submit
/data/data/x.akuma.x/files/PersistedInstallation2940419301391410058tmp

Filesize
90B

MD5
651d60cde663efc45f2da49ef1f9b635

SHA1
8761066bcb6f90c191b922a96022270c6f1ea2c8

SHA256
dcd0c9ceb8c4a3433671c25a5c4d08cf20d54ff0e516ae30ada44ae55e3d8160

SHA512
83e5c1c55d2e32693e791ba9510215e9d6ad9585be662e575fcdf436356ea1af75411e297931c7f33887fa8f69ca68924ab2b6ef24ff321cfcb7c3309285399c

Download Submit
/data/data/x.akuma.x/files/PersistedInstallation7275783826894644742tmp

Filesize
567B

MD5
732ea80e2bf7a602bbac8ae98b7c4a25

SHA1
1c27d349e75aea14e33d3e5719d40f85711b8109

SHA256
9d98b8ef125de26fd3b79a8db6eecc3dcfc480a4ca38cc805beb41be9a80245e

SHA512
7e31fdca7201075240e6975368bd19e376d03b6b02fec04ddd650d96f453eec3f81bce01dca901ff1643310bbb475f133e3196a3f2dc2901dee6697904dd347a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads