a95cb4e94461b1bd6ed3a285371eea580fde3fa90aeaab436266583cc7402202

Analysis

max time kernel
31s
max time network
50s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
10/10/2024, 09:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Customer Support.s84.apk
Size

5.3MB
MD5

d5aeab1fecfdbff3e19f7bd253cc26a3
SHA1

364b6ed46baa9bae8166955b16cfda983a24dcbc
SHA256

a95cb4e94461b1bd6ed3a285371eea580fde3fa90aeaab436266583cc7402202
SHA512

b127135042a94bf2ac08cbc1bae86a8470a49c1a479051e4df93b6c8b64ebb31e8bd48420a55b667e4ea58b919a4fb5b66f8f6d64efb9ef0c9cbea728c0a0be7
SSDEEP

98304:wpe8CSTVINQIbAfiV3lt1svB7fMRW/wt8HNmut7O5tiH:wk8CQV40blYiwSNmbg

Score

7^/10

collection credential_access discovery evasion impact

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.facebook.smsrecevies/app_mph_dex/classes.dex	4330	com.facebook.smsrecevies
/data/user/0/com.facebook.smsrecevies/cache/natives_sec_blob2255712729963131377.dex	4330	com.facebook.smsrecevies

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.facebook.smsrecevies

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.facebook.smsrecevies

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.facebook.smsrecevies

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.facebook.smsrecevies

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.facebook.smsrecevies

com.facebook.smsrecevies
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4330

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.facebook.smsrecevies/app_mph_dex/classes.dex

Filesize
8.8MB

MD5
64238c8fd9b4e8beeb5a1e3e9010a082

SHA1
c2d34d3f48675a436e8f8f4c1064f2b0bba9b74e

SHA256
4a63eef44623ed285d802e0d3d9794cebc0655854b1feac4bcbf29f1ee4dfdf9

SHA512
93f32ab0b0db1402b8f0fd8603b2f66a3c34a5bc4b5d046db41e8a52d1d3cbaace0598638c936f68df6d8467fcd7d8a1c3abab0432994ca93bad720cfad6ab97

Download Submit
/data/user/0/com.facebook.smsrecevies/cache/natives_sec_blob2255712729963131377.dex

Filesize
409KB

MD5
839a4aa06849bce97531a8b623016c02

SHA1
f214d05ec394ad63cc75efc00a4219a5c895b10c

SHA256
5cdeb68b4946db40e1674f0aa14d62b11f3f24eb7790d884bd696103037a3c20

SHA512
3fbd20d68af8338e90da3fb9e441e8e9839722d57fbc83185b0c15c19c990b80d75b906477038299adee3ebe6b2724251aaeb8faf46e6a08b2868a32749de5f0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads