438c49423528b3c8128cb3b5573ebb3842b8e2599f6f2c26d7340f43421ab230

Analysis

max time kernel
69s
max time network
151s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
09/10/2024, 22:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

438c49423528b3c8128cb3b5573ebb3842b8e2599f6f2c26d7340f43421ab230.apk
Size

4.6MB
MD5

c3f18c10cebf482af245b4742e27bab8
SHA1

d976b80a2c90a43bf30e839da4755e84617affeb
SHA256

438c49423528b3c8128cb3b5573ebb3842b8e2599f6f2c26d7340f43421ab230
SHA512

35f3e3083226825533e2245c083876ad5245e29f4a59a8ae0f106c6412964c34d5dcbfdf15307c3e694999c44b0adb5508687957ecd3258ec5eeb03d2bbcbbbb
SSDEEP

98304:4VoOoZkQB/nDy+64oft0+u0MU+Ch1lGl8VteFio/KrURye:0oOCkQBfDyAoft0+3Vh1s0eF5ye

Score

7^/10

collection credential_access discovery impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.rating.kmlfeedback

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.rating.kmlfeedback

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.rating.kmlfeedback

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.rating.kmlfeedback

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.rating.kmlfeedback

com.rating.kmlfeedback
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4988

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.rating.kmlfeedback/files/profileInstalled

Filesize
24B

MD5
b494029db3d4fddbf91b3469bc4acb02

SHA1
2daff30eb8c07e63933a93add114a96020a12b0b

SHA256
5cc0b74db360ffaf85611a43f50ecf273f0a1ead7b25b0c0a6585c49ed1319b1

SHA512
67060c2d0f6b3154d61a1e75368efe3c6077e761266602a3ada1bab67fa36202b89c26a08fab2ce0b1d56ab850e1ed332030d342251c2b41b1d5925b2d1510d3

Download Submit
/data/data/com.rating.kmlfeedback/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
b270c0920231e94ce95349de059597da

SHA1
934d32896f421f323eed0622587e4dfed0cd0e73

SHA256
84168ce6b242a524364fcb17beea6e2b392d5ebb991afe13f65b0d358a41f0c3

SHA512
43bca9ac55244e0980a144348fab819d0b46d942e366cdedcda5badf5e4cac1188c190d987c125b9044a8907b58857f7556e7708321e368b8109b6d5be68e152

Download Submit
/data/misc/profiles/cur/0/com.rating.kmlfeedback/primary.prof

Filesize
2KB

MD5
c13863934dc6b7244824b5b3de7b2ae2

SHA1
5d9a2f6afad75575c8d89300b38e82dafad89885

SHA256
0dae6df411777105b7aa99672297596cdfc10bc84f14c13e8408cca7f8a94812

SHA512
bf9fbdd540b9fab3c1db28c8ad43dcb5a8655060a30138ea448e7116b015596ae4e52187aab48f4cbe228159863b4330ca1b7d7ad6d04817bba724d63433486e

Download Submit
/data/misc/profiles/cur/0/com.rating.kmlfeedback/primary.prof

Filesize
4KB

MD5
22e07503e3b52f0c0eb6838e2530291a

SHA1
1c702aa934a539009e6605a0f08885c9d2263780

SHA256
d52e43ce82f2ab7070588a76978d73b56e9966470c66b6fc75ebf1b8d031dfee

SHA512
127e0e0a00a445bea24f0411cdb86c4a2ec8c801e3bbec7bc5ed567c39c6b092301933557d2f1079bc4efe68406015a3dc23976af12f3a91956a889879d095e1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads