a6f42c4bda81840c8e196a1f84ebccca406aac668c7f81355469e8f4b08b6d2a

Analysis

max time kernel
299s
max time network
297s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
25/09/2024, 10:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Pm health card apply.apk
Size

6.3MB
MD5

5d5b2d1b4c69c4d2a6262b0831e5b33c
SHA1

6c512e6bd74d3dc34e2c93f64989864fa505c3c3
SHA256

a6f42c4bda81840c8e196a1f84ebccca406aac668c7f81355469e8f4b08b6d2a
SHA512

538eb7ae7fb26eb0e0f623ed0e9ed589fa2982ba318ec3d943d00ae3c285132906e254b2a88683b51417512fed6740d4faf47e06ccbacead4314214d0965a002
SSDEEP

196608:RRAzavA4kgoFI53poDXh22jzcbSmdk5DWn:IE9xDEXg8zJL5yn

Score

7^/10

collection credential_access evasion impact

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.jio.messageslitg

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.jio.messageslitg

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.jio.messageslitg

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.jio.messageslitg

com.jio.messageslitg
1⤵
- Obtains sensitive information copied to the device clipboard
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Checks CPU information
- Checks memory information
PID:4342

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.jio.messageslitg/files/profileInstalled

Filesize
24B

MD5
da898f3205bb5157446e0bdd08a73db1

SHA1
9d27b728f81f11c5f939790ecdadb697f5bd5052

SHA256
10a59fb1ddc80ea57f419b8a4c1f4e6ae17c2b1e185b95e69802def88d63c63a

SHA512
a1e685e0ac1269bfc1965e8182f60158631edd93ad957c1cdd217c1bc726e9b43092b0065558dc32a68a66960e4fea1783a4ab87c064f69a8e89c0ce247fe2d2

Download Submit
/data/data/com.jio.messageslitg/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
6aa39e40033201b83edfbf7f0353e0e5

SHA1
d7e8e5626598dea9e00059c4a5ac0d2a4c8b55d6

SHA256
e4283d8919463f562cf8b0b562a70607b23db2370f3e1c77f2a66015246ca1db

SHA512
293e369a5002b5590fab3e8e58dbc49342a6f724805586905d2a4ebd66d8914ce64dc13eee117b42751b9970ab7945b663467e2e97a9804bee912b30f564ffae

Download Submit
/data/misc/profiles/cur/0/com.jio.messageslitg/primary.prof

Filesize
1KB

MD5
06d11382a29604500fb1d3fc8ba48bd8

SHA1
787333265035cd565feb1b681ea44e25da9c3012

SHA256
f0688839d0095bc93ec9cace4db3bb352ac134eb31ddd3a66ee9fedc439d1b11

SHA512
a98242a2739386d97bf4d918b318df059f3750fe9f59c649a3c2ca8fed6fb1e5ede8bfd363c0972a43ba145f0fcc77bc4cd1d424b9f32b3505ffb7826db4961b

Download Submit
/data/misc/profiles/cur/0/com.jio.messageslitg/primary.prof

Filesize
19KB

MD5
d68017464474c6390244840eb50aca47

SHA1
02a150c4377171fe9924e167d92e15369a628a7a

SHA256
78c896e4853134ab4fd5584f9fa2e228d810f0323e5723ae385fea23c30f577d

SHA512
833f4e2c4b3e7ca1274326d9713cd26dae679cf74a19391434dc3518db84f320b56c2a9b199dcac24a9045b21f973b785be341fb96cba439dc8851164f506dba

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads