Analysis
-
max time kernel
41s -
max time network
151s -
platform
android-10_x64 -
resource
android-x64-20240910-en -
resource tags
arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system -
submitted
28-09-2024 22:08
Static task
static1
Behavioral task
behavioral1
Sample
f6e613b68558315b0dee2fabec819a4a3aa2b9422931cf5a67c58bf26ad159bb.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
f6e613b68558315b0dee2fabec819a4a3aa2b9422931cf5a67c58bf26ad159bb.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral3
Sample
f6e613b68558315b0dee2fabec819a4a3aa2b9422931cf5a67c58bf26ad159bb.apk
Resource
android-x64-arm64-20240910-en
General
-
Target
f6e613b68558315b0dee2fabec819a4a3aa2b9422931cf5a67c58bf26ad159bb.apk
-
Size
1.1MB
-
MD5
93f7efa494e006bf72dc5011a9b4f20c
-
SHA1
6543824d42e3aa47d35087955d416bdc059d7911
-
SHA256
f6e613b68558315b0dee2fabec819a4a3aa2b9422931cf5a67c58bf26ad159bb
-
SHA512
a9b1d56e19df66671aa930942bf86b411d40ac891d5da496a2c78a39e1f4a5be17fdfc4915cd7d5aa51e8d6b2197d430887224e713ce28499f4a4b8e3060bcc3
-
SSDEEP
24576:kJF29oN1+Lxhc5vxlgwsPUk0exeAJ/f0esSh08r6G19u+s:XoN1Exhc5vXgwIUXe5/s0rb10v
Malware Config
Extracted
cerberus
http://37.27.8.83
Signatures
-
pid Process 5237 com.crunch.awesome -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.crunch.awesome/app_DynamicOptDex/SI.json 5237 com.crunch.awesome -
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.crunch.awesome Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.crunch.awesome -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.crunch.awesome -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs
Application may abuse the accessibility service to prevent their removal.
ioc Process android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.crunch.awesome android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.crunch.awesome android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.crunch.awesome android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.crunch.awesome -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.crunch.awesome -
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener com.crunch.awesome -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.crunch.awesome -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.crunch.awesome -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.crunch.awesome
Processes
-
com.crunch.awesome1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Performs UI accessibility actions on behalf of the user
- Queries the mobile country code (MCC)
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:5237
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
53KB
MD5ea07252690c3f24bcf18efabf5a6961d
SHA10017d3cd96bea3cf0dfc717e42c8bb5f1f502c25
SHA256786a374ebf8506b001414ebd410eecad7c28564da00c875b8a2326740ee0c6b2
SHA5129d834f4f87dd1c73c6660c429a6645150a9251dce91942d79089e30aef21a3bef4d321f867d4e060f6b6731a70e945ef4d422edb7c30f759a111e93195baae4b
-
Filesize
53KB
MD5fe79aa49e197cea1dc94d2cc568eeeab
SHA1f2c1b2014ce9ee3c7b2347173a6431839c5f3455
SHA256d15eca8b2e5d88c5b332d210878427af723803cb473990c151f4d7825fd3eebe
SHA5124c73b896396d1b401cb91eb849ee71b1231359d46dc2d9246762624bb11f69128e7b98f4aef504de49a9a1681c1a91fece6da4aac2a137372af53737dd0bcde0
-
Filesize
103KB
MD5ca7b298ead3e2f3914596ffc89f58283
SHA15693db2a01e6ee955ed3863047847879f60f29e0
SHA2568cffb693c69373ee9656b06740412e976ca9c0ff9d37a429092a41dc163fe925
SHA5123a4d03a6d6c84c26b29b43dfd677787be7ebabfc7e0363648da6f56b3c3fffc8dedce17a7c67e2cc7c33105d1c2aebc2f1b06630152dcdc0122737fd913aebec