Overview

overview

8

Static

static

6

34d616fef2...41.apk

android-13-x64

8

Analysis

  • max time kernel
    32s
  • max time network
    60s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240624-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
  • submitted
    14-09-2024 18:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    34d616fef212916b9e2d1c1fd0eb98245bce860cde3e0137578c6e7ac9f16c41.apk

  • Size

    1.8MB

  • MD5

    f24d513024256ad483ccdfd98eb1f636

  • SHA1

    c6971207994f57ede3754b56e223a49e195e46a0

  • SHA256

    34d616fef212916b9e2d1c1fd0eb98245bce860cde3e0137578c6e7ac9f16c41

  • SHA512

    fe204ea7da9764207290af4966097f30a224d56bd64302e043f1117df73185ff7ce3e6780a0ee27293dd9f3c717ef8f7561b77c36c8736bbe5dfa0e906f1020b

  • SSDEEP

    49152:qcRmCg2AMJczLRsC8caQalp4ulqTEfCmz+EDAOjWvoq/F:RDyW5czal3QRBfLvH

Score
8/10
collectioncredential_accessevasionimpactpersistence

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 8 IoCs
    evasion
  • Checks known Qemu pipes. 1 TTPs 2 IoCs

    Checks for known pipes used by the Android emulator to communicate with the host.

    evasion
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
    collection
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.jadhalno.goplotu
    1⤵
    • Checks if the Android device is rooted.
    • Checks known Qemu pipes.
    • Obtains sensitive information copied to the device clipboard
    • Reads the contacts stored on the device.
    • Makes use of the framework's foreground persistence service
    • Checks CPU information
    • Checks memory information
    PID:4301

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.jadhalno.goplotu/files/shared_prefs_sdk_ad_prefs
    Filesize

    257B

    MD5

    0911ff3ef19f33d1de47be790ea0a844

    SHA1

    78117dbbbf2cf09bb67cabe267a77c89b375380d

    SHA256

    373d3cb362143fdc089165665daf432634946c439fdbd18606b0229aeda0e267

    SHA512

    f05a08604ff0e327714133e6b601cdfe01d5534365133b039e8f5f5926f3c2cf9c98d84256c8b2b86f9acd5c70766e2fcbe6fdf1fb843ec132311a937b39725f

    Download Submit