f3ee8522c46e31269449c58c69369f93a525201559fda2a2eff1d2d205f4f778

Analysis

max time kernel
121s
max time network
151s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
21/10/2024, 16:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

app.apk
Size

7.0MB
MD5

d2e511a1e5836f0557c695eb23307711
SHA1

7e0c6781b9b560dc958d38786419f5a09dcf3cf6
SHA256

f3ee8522c46e31269449c58c69369f93a525201559fda2a2eff1d2d205f4f778
SHA512

56e6f6fa644e564533f0727dfddb3b22229ddffb550a8f72db58071bc48b936c3717f61a06071976b0dddef7c5381119e2e2f9f6f44c3490fbbe33bbe96c4527
SSDEEP

196608:debHCUOigkvgP45yCG8Ii8Z1v1oGKoBbq27:d8iUODHrG8jdo7ow0

Score

7^/10

collection credential_access discovery impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	bot.avesta.uno

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	bot.avesta.uno

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	bot.avesta.uno

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	bot.avesta.uno

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	bot.avesta.uno

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	bot.avesta.uno

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	bot.avesta.uno

bot.avesta.uno
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:5096

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/bot.avesta.uno/cache/2

Filesize
33B

MD5
6167a44fb840e5ce964d679d71380954

SHA1
a2de5201620d3618e11923dacce4e06c10f19043

SHA256
1858868c14858ddd3e4eae688c67c46d9cbea98049701987bfe3f02491009240

SHA512
f492fb8e88c3cb3d2ed1aeaa2a7f487c27e5254c6be7c9199dc101d29699505b9ae83c3963dccf469df585b429fd33e72f7e95cf0d046429d20bd09d2f949125

Download Submit
/data/data/bot.avesta.uno/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db

Filesize
16KB

MD5
adeefa191d84f303725ef93c49e600c2

SHA1
8ab7a10e01329a68cbee127e119dfbd88b54fc19

SHA256
461fe1c181de6c66071c31dcd8985cbe74d5e3d9728059bc7deb02fe0f94eca8

SHA512
cc59ed95f222e0aa4078675149249d90273119e382683e102be721f02a884c448c8e057db26ea6e3941fcf292e5a224cf013476787e555ada3e9d81b03d8954f

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db

Filesize
16KB

MD5
bda0fe89ab655997b0209a75f2113274

SHA1
32c272bae4731a7ced8c0880408bf0c2309dcd18

SHA256
65d9c13e615e2d7c1d6be7a87a021cdb34fd3c1f3df9d59971ccb28df4baab8f

SHA512
7c254b1721b5d7f2337dcd1cad65a2a96039a49962194b8d146ccc1fdd45f20b83fc9e3d567c6781202b21710b436c4a0c995bc8ab7da9c75e25fbe260c44a58

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db

Filesize
16KB

MD5
501c495976ca4ae0b580b063346df3fa

SHA1
99e211be42d2e8c84ff0d2e95a3fc1428d2c8d2b

SHA256
51993ec968818fb3fb0b5a44bc2ed6280a32b590e1486c9401745dc0ff20455c

SHA512
6c7b8fcabc4f46e266f811efce735cfaf13174f2b9237d59997f05715bbf620f98a17e4f202bca6c2531b3e3bb4c41abb99a70430f7c712f17add3a55a35f2a4

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2b119db8a0e1ff29ddf6724c7164a83d

SHA1
202d8cfe7df88501d75d1fa7abf6adc04f4338d3

SHA256
d65aa159ac772685ffc7f22857f15c568430a08fc3cbc5ff4bb0fe017ba43ba6

SHA512
749b2531ec1826a419524e2b254e9e15cc5a34a1bc04a03fbf59664054a5018555fe01bd7c7270463932994bd8760df94662b33fc0d2b378e06fe747a4042bd8

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db

Filesize
16KB

MD5
5ae063d728e40405c196a93d2d9baf5f

SHA1
8f430576ae7847fe193f24b4b3a9827169f29826

SHA256
486fc9e4090d64bd3aabe6203891d0a5ea52a29bbc36ca39e8fa3c70eaf7a280

SHA512
fe11e6068844afc96516040768455d2b95fac24b0a9f34a21ff9c89810d837ddcec38477d3ab2dd15105f849361e3b2cd3194e7cc21bfc03ebdefc2cbbcbff5c

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db

Filesize
16KB

MD5
a4b778cb2968505282df5085bc53663e

SHA1
d90024ba612169c8b14f0665494328e0508abda5

SHA256
eae2916e951412bb0767c89c797db6e3e026a282dfb003615dc2501f1250b4cb

SHA512
5ed305c54d41c3eeec41b51e5a67e3644679cec77f82b2a9780b68593b29dcb1bbfa02272a4606b44b1dcf08b822475fe274d44a673a60995640bdebf8dae50a

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
ae9178cad9c79355ba7596f843622b5c

SHA1
6cb7a5797b5c084c4290e88c8b7cb831197253a5

SHA256
d4a5718b95a3faf4974ba7aa4a957a2b9a8a582182120b5f89912932a799e991

SHA512
225ca520ee51d902c7bed416fc173647b2761e9f435f9df2b6fdfc57aa552c35b20daea833ed201b04a0dad2152caf0ba43eede911b5fd985766a94d0aef7d99

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
e76ce193ee74f8817250c9b5b03f8d73

SHA1
cd1d9cd238c72f7083d66aea7b7f0b91829f7930

SHA256
f91dc787ffa0c5ee94a30c3d1a1b6232bcd15fb8e29ca679e198c3d07fee6f6d

SHA512
ae1910d5aae49f3702b0af819c9d5c2a88a7367eff9b600003695bf7ca8dc670b0945b051a38f44dbfd6b2bc817214da1ae676933487b6fcff15c496a478d8e0

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
b7b3d18e31ec1302e2f70c5e19b384bb

SHA1
7dafbf971248a5359113ca30e31744e8880d2a6a

SHA256
05791ce935cb90bd8edb395b7ca91e18dc20fb4d258d24296129790a14b5674b

SHA512
5a9fe4ade1ebe544f68e7799e9783b9b048e265d7426844e583a73595eddd0f41e3aee4e1b2d6081237204f8344e69b3f9cafa7ee1dd0a6c1ceafbde188b2ba7

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
51fb2a066642cce5f90fc6a41cbc6d81

SHA1
255a5b78221217e3156712f668f98159f2413fb8

SHA256
27e98f0fa888e5237173973a28891fd72c4fc1efe1582030e412e1af58108af3

SHA512
fc5383c7300f41455871c93308d31a558dbd62e4938fdff22d3bf719e53a64e43ba134b60a654998437ff3eaea96a237fc49a77a3fb51aca193f32c852a0b682

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
bf37f290f7014a766ca0f0c452f5023d

SHA1
c07fd3693afaa2b8bb09e09fc45e5338990dc201

SHA256
435492c851bc9ae70fc6bff8572906caf7b4d0ae9910d4c72854f4e4ad56f2d7

SHA512
d58aac7e560bae80136611ae05eea35351880f76c2b792bacf699ee4bc5653b3ecf7aa50b4b0145de48c01d5cd58ad009e03dd531c33d739e1bd53bbe5c35e66

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
61b3d344185a99c8db2ca34d7c93525d

SHA1
c91aa65228c9763d58210d4dea5bd00e1b6807f8

SHA256
e7dbcd972b74e1c9af31d71132e523f813915cad6403299f1281cccf7833f271

SHA512
4b7d004e14725b08f4e0bcd865ab08d5dbeb8139b20d46c382fd588336e8e969214684e6c61252269dc890bae4349cf19f9ade1a1310a77ffb88f42530cb5f78

Download Submit
/data/data/bot.avesta.uno/files/PersistedInstallation2322581967341227257tmp

Filesize
568B

MD5
582c22b878f4fe92657723464cc96c94

SHA1
b0228fbb8d6edb2ec3057b16239228de44e452a5

SHA256
ab9bf72e522bec358b424b45235ae7c85976b1680ef22bc0e2451aa276242f00

SHA512
94f14a6f9db7a8b16662eae7d91b66379bb9ae803e7745d7e5a5f2ee024728b8d648afe257a749962d45ed53e3581561227ee453cb017e0e161da08dcca37d62

Download Submit
/data/data/bot.avesta.uno/files/PersistedInstallation7571011572165424274tmp

Filesize
90B

MD5
d7dae3ca9847dc11388e0d98948374e1

SHA1
ee36e998876cc8163f73117b1f9b8bbab6078d4f

SHA256
9d39c7fb34dde58ca17b29fa5de5688aa4550eefad9d8f36c1d364700c66d75b

SHA512
420c0af2610f959fa9157bab8caaa2e6238ff2ad167edddcf2330049d8f58f12ec39d7be00f996dd8bd74e06d5333db0c86bebb761b4794417619a64722ec11e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads