0996ed9acb21ea6f0a88c337e5b85bcf64e74f972458a6615078710ae5e7529f

General

Target

PouUniverseSpyWare.apk
Size

24.1MB
MD5

df9fbe5add0819e5689c905ab5d56153
SHA1

fe7a0401d1221cb29b624e24e04f3f23c65dfd65
SHA256

0996ed9acb21ea6f0a88c337e5b85bcf64e74f972458a6615078710ae5e7529f
SHA512

bb531940a94b6f6e04f218eddd3d3fb985452bf11705072a324dfc3187a0bcba99f5717778b58a2af80df58948cd56fa2eb0f673935a176621687a8d7a28e5d2
SSDEEP

393216:P3On7OgumPypg+m9tak1e7b0x2TmEdlrsavEVyaKgZg:mn7bumP19takIox2S0gavEVyaKL

Score

7^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	me.pou.app

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	me.pou.app

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	me.pou.app

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	me.pou.app

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	me.pou.app

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	me.pou.app

me.pou.app
1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:5052

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1

T1624

Broadcast Receivers

1

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

1

T1516

Virtualization/Sandbox Evasion

2

T1633

System Checks

2

T1633.001

Credential Access

Clipboard Data

1

T1414

Input Capture

2

T1417

GUI Input Capture

1

T1417.002

Keylogging

1

T1417.001

Discovery

System Information Discovery

2

T1426

System Network Configuration Discovery

1

T1422

Lateral Movement

Collection

Clipboard Data

1

T1414

Input Capture

2

T1417

GUI Input Capture

1

T1417.002

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Data Manipulation

1

T1641

Transmitted Data Manipulation

Input Injection

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/me.pou.app/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/me.pou.app/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
e877a93c88841df535616ec78297dae6

SHA1
4a54435f9c877d6bd2a39609acf67b765071a7fe

SHA256
0ba9a6cc3866cfe4484550eddbe0a49ff00a43bbe35b796bc60feb61b5679dca

SHA512
eb8f56c31990c5d9866f67c6309ac46fa19840805ac411c087dccf3e449ce89a9a9471fb81d5c1c28b2920d09e337c57b8e922fc9a7c54c3dd47d45c862f1f00

Download Submit
/data/data/me.pou.app/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/me.pou.app/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
1f3240f9c7f7f5f5ea1d96665e1898c3

SHA1
e7dfe945c8fc13e05a3f79787ad037dc4cc49ca6

SHA256
a544219ffbcc6fa3c29b685beb4ee2088bc0a86d1bf8ebac4272c77fe2d9b240

SHA512
b6d7341a4d2ec32a91901d8b3a4855674d31c0ba954ac61c4e9de9e968fb451dd58fce34c04cb92884803fafe0d76137c70a4b1270023b32dc67174fbf450924

Download Submit
/data/data/me.pou.app/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
2c62e7dfef3222efffa4ee92f445297a

SHA1
612922a9448dcc5ca19017a5e8f17814bad4f605

SHA256
d48fa32f4d9066255ee888dd3986d88698a0e9229e870a7990b9a193bfaa50ac

SHA512
4e54f334e4d256918e31d365b2d0540eb7fff3cee5c005dc86dac575258eda850e90acd853db0832f62c50f14d3f453a3d84aad8e3edf4f7480dd5a2275b843d

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-09-28.txt

Filesize
20B

MD5
b8deadba038c6ac8e45d559fd84adacc

SHA1
3383285e0498b7643afd3b08ac482e17b820d973

SHA256
7681a78c2a61972a65f630a6abb23e40665214e87cea40c5749c99840e67a40f

SHA512
9af0872da8b07e9c79ac69d36da0842d2cbe7a2a4f4d7d2c798548a55c3c60e07de0127250a72150dbd22cff48132b098b337b9dfeeed212e81fb1eb5550333c

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-09-28.txt

Filesize
16B

MD5
b91ea17ab22fa4171a9dcff0821928e2

SHA1
1c0732926d019c4003c49ddc26fa6cfbafaee9ad

SHA256
77b4dc7e00340b8ec43533e78a407991be2b3b2acb88813abfc5fd34e53c9aac

SHA512
e442b9833b325426199d743753fb3c9430275301e4db6de8bfd78ee67ac71fcfc154ecbb4d1f7bd6c9c7d7dbaeb217dc63cd822f928b73d9e60d7236a75eaf09

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-09-28.txt

Filesize
16B

MD5
207fc2fa1cf7511e8903df1c9e411395

SHA1
7e3ab753c66771b726cd4fbc0e168d2451454190

SHA256
633a98f0dcd107779a8d37591b106db9df985597226ddfa859e31765db5d2bfd

SHA512
fb9b70b6956941e51b0fdc337dc65949042033ea058ea1c4c7327abeec949c93e8b77e5569ca60d2e1f36f89aefe57330febe854747d7f82169e9440a267b1a9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads