5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb

Analysis

max time kernel
17s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
02-10-2024 02:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb.apk
Size

3.6MB
MD5

d836feab9d4bf3c6cf086bdc14724c8b
SHA1

c837cf7b181679a0081165e5fe4aa0eb94f748f8
SHA256

5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb
SHA512

8c7801c5f1d8dfda39e0c65bdbea83feb8f217b41b69a245d01dd9e983a6a357c8b0b2be79123bed07e638655fc66ef3a093cc01be68c696ecfea5ab6c692dad
SSDEEP

98304:5s13ZL3Vf6JqeomaMDmQZ75ub8GoRJ6Odp/9hBbW+te6lXhAyHzwI:eTLVf6JumaMiQVWovl9jS+oS4I

Score

7^/10

banker collection credential_access discovery impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

com.systemservice

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.systemservice
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Acquires the wake lock 1 IoCs

Processes:

com.systemservice

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.systemservice
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.systemservice

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.systemservice
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.systemservice

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.systemservice
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.systemservice

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.systemservice

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.systemservice

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4313

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Clipboard Data

T1414

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
4fb6a930181104c3da8780accfc51213

SHA1
4b3c8a982122b539a3d9f8911b27eaaf02d6296e

SHA256
de02c934df5b66b8c3c67756f2596ecf22e03c4c1a2b5254f93a3590b087c80f

SHA512
4f73674ff22fa615fbf906c9d97b58bd0253d514f72f2a675b7fb89485fb50ca598cf2b80b1b4e77e15104a9a224df5e8b52f7b74caecb09cbd2f60dbc10e469

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
2a40b6174f3d6758736c8b3da858f37b

SHA1
3b43497e4d0c125e81d7a2dcee241d5d4cdf4a4e

SHA256
8cff4cbb13c7b30fac49469d620de09dd200e6add62aa35938b56ebed861c8a7

SHA512
7d06e6c4b35919be72c8ed8eaf3d7d8bbd12cc801caee605b45a001bd4052fbb9c6f26a2d154a8f28bbcf508bc19643c68531a568feb79a8a87195591b0ec319

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
5d8146c42cf047a9178c88968f5a6589

SHA1
18e56713bacb38712e4afce2c58a002fefdd6eb0

SHA256
4b8686b9d42a6be588b7898f6ca51c0d3188110048b85f31cbf61ecbe4b8c60c

SHA512
82338513c0002c65531af534ef94c1f51fc80bcc6b4620fbd816ca150b0b870bb08eabd9ebd6805923c7cc40d0dddaef422f7b03193f7a1b6c572411c7fc4d86

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
06454b5e3e876407a1a3db83c3c3f1ec

SHA1
97947afad0e7140ca49d18ff0c0122b28f438f1c

SHA256
e35c31821c394583a7254505a9b931dbbdadcad6c5716acfbd50271b0735609c

SHA512
99e5c5cdfb94872d57fe0b906b3949de3cde403d5d4b6c6d55d441e7a3c473dfb78070cbbccb289340240a830ffce816f8b6ff440f0a2b6823d98b71970f6abe

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
42b3204415585f865b72f95119e3c61f

SHA1
e0d620fb26c94e5afb47f399f63d6f09c5587e5f

SHA256
6c7060eebf0736b211e3365876a39ea6d6d5965ba7f0f5e1d01d2bf567e5a0cf

SHA512
9010e0e2504b282a8a61b631c780d45c808de0afe79f4ca39bb19e20ae82f86d6268a08a5a8b73582564c3eb96364b04ba7095b71b3367d60f75f75a532d10c4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
81b134cf4792a28a6f650664678118a0

SHA1
46bd5c715a38bd63534cfe5d47514b0af33a07a3

SHA256
0533fe4063dda84771823a19ada8e3dd5b09775b52d04b8dbf89667b182e1484

SHA512
561115ed5852412382484a9f34878ac4a4e7aa1a0febd516264b35a86d7f6bdabdd0efd3e6e58e908ffb9c2fd2b8f26f95e82004ac66a15ecb3d6d7eed7c1141

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
835cfc7decf507cdc5e54f602e3f9699

SHA1
4a55d424cb32e766554672cb2d0b3804fc47552f

SHA256
29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852

SHA512
2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
07207825c9536ab6bf59879b38044c5c

SHA1
869f0b27c2dcc8bd7687f049daf96ed88fe97c40

SHA256
3b984ada081b88305762764583ebc794e0a83284044632f92cf6025476ee101c

SHA512
d2b732aae1c1b713a823f6b68eeb749a598a2d3206abf48dbd2a10f59d29e7e1eab09a3c488df4c2456d86dbf5b7751b810220eb9697b69c8a44de5569adb056

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
fc4066e2b347807d4058ea68e0b2fdbe

SHA1
2586a9ae35e957c2667f617c259c96d1590e9ffe

SHA256
5fa039f0c7505a8b5bde42e146159c162afa79e9ab5aba9f95ed6e78517641d0

SHA512
4e2d0c54fce2ac393a752696017cdf29b1243dbe52eb12dec80c76b41c625c3645ef5b64e3446884e259e6ca5b2edb571ee16be797df33f535d878921efeb3ee

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
4b5b36a6c9f5327b80222bffd4e351d2

SHA1
11e645b62645686f8bb3ed869514bf0c86d1c680

SHA256
9b95e371a6dd3e4243190f1799a28f25adb26a29c339207173f817477ae93af5

SHA512
f42f0ed2cd9382e9f0073951188095dfe3aacc83c3f52303febe9274ba344f20a7634070ecd5357825b98d23bebe5c78e05aa3cd535de6f0c4bce8afa1bcccb0

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
13c2528efcede6ec9b04af5368688ccc

SHA1
3bc6f1e908542a76f885f6cfaedd40a68a9844e4

SHA256
7d44cc22709cece05c4fae4cc685efa574ce72f9e1f498be71b0eddbd44a1da5

SHA512
df8b76936e023710a383e021d914ea1dfe1cf11f6436222abf39e2dcce02792c5274de61b0c35c33c6a57a6c450e93b3db82dd8bd6e300e7fbf49e6ba9916ca1

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
ae73b14c40b213f34e3c00ef9816a15e

SHA1
a89fc023ed4c24d8da96953d4dcbe7c591cda11d

SHA256
f8f12aaa434e2f26cc8d509ca6c4c9e025953477ff618a209d879f5a1ef0ed4a

SHA512
c2996eb99d81082818ec1b28f6f1a91247d909e8a776ac42938a0610a1e1519e6d58e4ba7095917993c294025222eacb69c25b643b90d3fe440bcc925061dd00

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
c7e47d222772b64360d79af722907738

SHA1
169b433a6986e891e386824448032b2e1f7f6e09

SHA256
71dbc3a65ea26c67175ba4ffb708758c7c0639fd45935c3ed60e607eec57a871

SHA512
d5ae8337efe88b315f76a75dca27a5f08a54349f5018046d8a5490e963573dda1d6286f60883386d2cfab418ba9e29f2917ad1e5b5bd88041fc5255400deb70d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
889eba8a9588ce8fa93413e023ecc6ba

SHA1
d1ca41e22cf9f0ae8303f22da689f42ed6bd8f0e

SHA256
7d200242feda2702b20bff7028522f323c839bb1abfda5f05156c4250cc77592

SHA512
7bd8f4ce594d3e1495d11e2bb610b1b47c006e867f186675dfced1063ed4091bea1543c01ce3a93eebda8e766d67ee633eea646b4f6cf9bebae5c2a58a92abf5

Download Submit
/data/data/com.systemservice/files/PersistedInstallation3565868545642606652tmp

Filesize
90B

MD5
76a310bc5e10551f7f24d5750082b272

SHA1
170edf157b16ddf6ba35f1fc9190dec6b42b9c4e

SHA256
abce9f11fd7db1166f9cf9c2f2dcc9eb47703942981c0ba8c98e4cd27ddc9ad9

SHA512
fa4c599417525fef0a82385eb46feb9278a2569455bb25fceba5ab74443fb299f17b71c1a64493235509ba1d21c0efaaaf8a62ab32c7db70c02a71c671ac0556

Download Submit
/data/data/com.systemservice/files/PersistedInstallation7815280932156815335tmp

Filesize
553B

MD5
5855a2fe7b755f760bfeeaa82e607041

SHA1
198241566bf8c0aaa1dece765c7e22bf2b1dfa0f

SHA256
a99ee44004ec29022f126629fb178f0e3025469133b002b78780d8e0b8f384ec

SHA512
de03b5674836b397df53dbe5a0be9d4aaae7efc502a469d1f83604ba9808696bf693214d5550cb36fa4e1473efac0840f055aeb92754bd9de4f0b7be130d681d

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
4KB

MD5
a59b955f3a811fadefa12820edc467c4

SHA1
d037556361c336427bf37a8f19dea3e954f64d4b

SHA256
75a4db72fb1b0bf897fe417ed08ac09592c16728ea3d3f73a14c2c390e0c2fe6

SHA512
3fbd58880dbc3381e491bb111f2f4759d503ceabeda18496606db90e929c016cbcd30aa54572c5689a46eb0017aff5e3fe768b1d2bd0c886f9da4cadb3766a98

Download Submit