291736be5714ff97b5b73c142e76f4e9b39359fb051ceb766a0729809075d258

Analysis

max time kernel
47s
max time network
158s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
05/10/2024, 04:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Clone_App_Pro.apk
Size

24.6MB
MD5

4bcf0d6983fe4ed3cda5731f961228ef
SHA1

a243bf1ff339b6ea2476c495dcfffca38d1ac34f
SHA256

291736be5714ff97b5b73c142e76f4e9b39359fb051ceb766a0729809075d258
SHA512

cd59c24b5b5b4bda9c58e7c2667617683f82e01e4973dcd106ef7d2d36c5c8c62c5e4e426b9d6c764584e1247fb861e9b9fe161b1ecb851a791cc5256afb2632
SSDEEP

786432:JRLqls8FWa2NEx37S6kqdVc0NjbiBBzkIJr:JRaboa2NEXzdS0Ba

Score

7^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.py.cloneapp.huawei
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.py.cloneapp.huawei:hs

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.py.cloneapp.huawei:hs

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.py.cloneapp.huawei
Framework service call	android.app.IActivityManager.registerReceiver	com.py.cloneapp.huawei:hs

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.py.cloneapp.huawei
Framework API call	javax.crypto.Cipher.doFinal	com.py.cloneapp.huawei:hs

com.py.cloneapp.huawei
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4250

com.py.cloneapp.huawei:hs
1⤵
- Queries information about running processes on the device
- Makes use of the framework's foreground persistence service
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4313

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.py.cloneapp.huawei/databases/dkplat.db-journal

Filesize
512B

MD5
d2d9cf26100c584a4e285dd27d734b48

SHA1
e1df1b9259fede3d32bc0187e2b43b861c8eeabc

SHA256
dd27ef6d1dc8789395a5d5ec12b97132176768850ac7098a5fc50c35bc66fad0

SHA512
05632bf6f26ea80ce17bf35a9d86e9e986e6a0ed0d7a1b456b28da4782d2ffe0f28a2aa9f673c9cdf9975e492e3c94c243ab1cef83eda4125a285afad93d4117

Download Submit
/data/data/com.py.cloneapp.huawei/databases/dkplat.db-wal

Filesize
80KB

MD5
1bc7413c1a6ead1eb8488966f39320bb

SHA1
41ca2ef3260ab3e599561e4101b4b62ca259cacf

SHA256
0c40eeac28f1c7882a7c62efd3dca3a808f70600e9e9e320b005d73851af29dd

SHA512
0939617f8fd3840111c4d4088b41353ac7e6593dbf3edfaff15408f24c034b3a03f12362468ee171931753be47beb403cb1481cc24f1c55239f0de93da5f97df

Download Submit
/data/data/com.py.cloneapp.huawei/files/.fstreaming/fInProgress/currentFile

Filesize
3KB

MD5
f69596603a70af1d55b6c78edec4a0eb

SHA1
22f9ce2e33ddf19b379a6e64566f4993f05e29ed

SHA256
ce4cfa2f145fd04275532a912e4f7774be32248922c28333e0eec1be5260670c

SHA512
e22223550b7aad95f7443ab41ccf773a58052bfd1a9015476382459c4a8ddb0b2e2982180f7e8b27feb0407b37fa15d9092eff49fca1266b8ac412aab55f1384

Download Submit
/data/data/com.py.cloneapp.huawei/files/.fstreaming/fInProgress/currentFile

Filesize
5KB

MD5
38e01d16364dde9b9fefbd380f49118d

SHA1
b435ec18a5fb189e451f7ca9fc0ba9dfe1cce200

SHA256
80d90177eca47c27f404e9d3110ccf7d184c2560f5de262832cf1081006489df

SHA512
f628200c5352d250fe06ebebf49ec0a4b6fc26590ae93d7c606fe3b09602d1d4a66c6430694e0f164a2cf8b8b83d80b6cce1cfe0d0b3755e132deab77fc98a10

Download Submit
/data/data/com.py.cloneapp.huawei/files/AppEventsLogger.persistedevents

Filesize
372B

MD5
d48fa61fb6701c28d656aed3a8f59929

SHA1
9ee3f55b6c2df0d87ac317165a0ed4882393b7bb

SHA256
5920301b5faa6fde7aacfb0ceeb4142c094139e5d93381704f2104c8fff05e28

SHA512
0e3c9191291cb8bc133888c65839131d8c9a3fd129fa1f0b90ee68bed317061add8c350d720afacdc69960c267e25c98a92b42ae6d87be7f56da16531a7a3d21

Download Submit
/data/data/com.py.cloneapp.huawei/files/mmkv/UserCache

Filesize
4KB

MD5
620f0b67a91f7f74151bc5be745b7110

SHA1
1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

SHA256
ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

SHA512
2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

Download Submit
/data/data/com.py.cloneapp.huawei/no_backup/.flurryNoBackup/installationNum

Filesize
100B

MD5
f0a668b6ea2839c600c059246dc987d6

SHA1
44dd53c8de50c274310a8f0a49405046457aa9ef

SHA256
e6a5ca97c8bf29edf04fbabac56c17cb6542c86346a3e2a5333dc9d61c3c2635

SHA512
1372e2a5747d7d28236e76efaeb038de61930ac645f72e8df2e76bb3fe0ac27fcbfbf8669370f39d3d8b3219599f2173c58c52d81d8d89def495677639a52284

Download Submit
/data/data/com.py.cloneapp.huawei/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.py.cloneapp.huawei/no_backup/androidx.work.workdb-journal

Filesize
2KB

MD5
4fe18ef48f2d522c1d03ee807652baeb

SHA1
dc86ba9f0e8c25147790340b67895e42fce5173b

SHA256
bbcb15588c97cecb7f6e6f23803f2cc2e9e9feab7d0ce80d40f1ad295c86f238

SHA512
89d3f81b782bd6e5392fc610bfcb033e874417b577beece1a7a1d57a481ab4aaccd5f0817d26dd47c13018b75442965dc69940190b2830ae63a2c5f1c1423786

Download Submit
/data/data/com.py.cloneapp.huawei/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.py.cloneapp.huawei/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
ec6ef042b1cc4c0d96774277880d738f

SHA1
c47699d2a0d412222bf73c75c3673b65e91fe2ff

SHA256
a83127ae091f9947e7e0d2c544d140c24c8ae9bb9662c38424c45a839522e27b

SHA512
34353943e44f4a80e0d28c511f622b700e98bcdbf847e7a5e4d0dd3896b2f0327ee54b2d678849e5eb2da85cc3193e6b534083a2e7bf28ed2c5ea169a2cc5c50

Download Submit
/data/data/com.py.cloneapp.huawei/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
8255de870f2a725d0b3f2e51d41623e5

SHA1
9e3174740ff66e7e25a61ae55d93ef1081ee042e

SHA256
77d1643b9f42a27c4f2dfbc4a1cb4cdad04a4ddc3a6ab630c5109ac83e78e45e

SHA512
c0efb737df2cba6e9a1b4e459fd0b9a133114c87b9253d6dbee3bff7cbe822439c5433ed190f38a01218351ff15f181de43deb41389f7ea36ade8d519daa5004

Download Submit
/storage/emulated/0/cloneapp/.uuid

Filesize
32B

MD5
c100ad97f41ef71847238738260ecc4a

SHA1
5f8c114a5f7af0700af93667fe60dce46d2344de

SHA256
87e96ddc068cbea6a9e84492b4a9993ee89ddcd503336b0183339d5cab574b27

SHA512
70c81d371e2f4cc2ac07955460f3d98a38b9158693ce3a6ab273c2cb974271c31f320c03bc5cea023e4744bedbe13e30935ff62805d507c6cd5b8a6beb7769d3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads