f3ee8522c46e31269449c58c69369f93a525201559fda2a2eff1d2d205f4f778

Analysis

max time kernel
5s
max time network
148s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
22-10-2024 02:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f3ee8522c46e31269449c58c69369f93a525201559fda2a2eff1d2d205f4f778.apk
Size

7.0MB
MD5

d2e511a1e5836f0557c695eb23307711
SHA1

7e0c6781b9b560dc958d38786419f5a09dcf3cf6
SHA256

f3ee8522c46e31269449c58c69369f93a525201559fda2a2eff1d2d205f4f778
SHA512

56e6f6fa644e564533f0727dfddb3b22229ddffb550a8f72db58071bc48b936c3717f61a06071976b0dddef7c5381119e2e2f9f6f44c3490fbbe33bbe96c4527
SSDEEP

196608:debHCUOigkvgP45yCG8Ii8Z1v1oGKoBbq27:d8iUODHrG8jdo7ow0

Score

7^/10

collection credential_access discovery impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

bot.avesta.uno

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener bot.avesta.uno
Acquires the wake lock 1 IoCs

Processes:

bot.avesta.uno

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock bot.avesta.uno
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

bot.avesta.uno

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo bot.avesta.uno
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

bot.avesta.uno

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone bot.avesta.uno
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

bot.avesta.uno

description ioc process

Framework service call android.app.IActivityManager.registerReceiver bot.avesta.uno
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

bot.avesta.uno

description ioc process

File opened for read /proc/meminfo bot.avesta.uno

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	bot.avesta.uno

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	bot.avesta.uno

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	bot.avesta.uno

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	bot.avesta.uno

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	bot.avesta.uno

description	ioc	process
File opened for read	/proc/meminfo	bot.avesta.uno

bot.avesta.uno
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4979

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/bot.avesta.uno/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db

Filesize
16KB

MD5
fda8ac1548fde2e12f7817c72d95c49c

SHA1
573c99bc81de3996b65f368773fa3c824ed4af5e

SHA256
d678487de494d92bf9ed1f4674bb968d74a47a287d5f62b6a9e3766d13a07fc6

SHA512
8ad35d579997749da6ad728a71ccb99732bf91b0cfb3b4bf5afa868d7e08f94f8f258fde79af3ea6e6af3b0d567ea6ab14db6ba41c2d0d909a7229fac6c5519b

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db

Filesize
16KB

MD5
fdf902ebdeb76493ebfb82d017c30d2c

SHA1
ca667e3a88acd6bf1222143ed947765518dbd622

SHA256
41b2024450d873ec367c2c65e5374a7873890e63186aab80dd9da3acb59e7c90

SHA512
eed00ceed1e318557e9f9de0f4e2d0dab722423e205070489b3a3fcff2e6518fbb70e548cf55edf6e60868639182e979dd9fefbb15c6078cf69d99351193c886

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1bb3701691b44a368262786be5affac7

SHA1
5f72c9ae9d3fd77b1300795f4c04693942ee54c8

SHA256
7f2a2768b488be9789effdc8f660344fc7a9f37ac88d31e41a18eda72a427227

SHA512
1ec0d223fe4c98ede2505007675f58ae8699ccafd3e82551c4e7d85de38ff4056d60a51f9117f74a2115dca6eee384622653a10354120995aac2e2c8d5b0df64

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db

Filesize
16KB

MD5
5ecd1ef41ae9d40b007271ce484bbc12

SHA1
1b59cbc16c5d2959d784bd320d7a77a66c6d6a6f

SHA256
7002676d927bdd71839ff8a8cf480bf061d2498653a7157608d0799cf927f281

SHA512
79559c6a8c9123c9e0cf7426234e0bb2863de7db9f01ee7f2bf427ee4db5fa492504f6281afa24770c8fcef25ac2976cc382ad84f7b34e68df64f4b76541ed63

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db

Filesize
16KB

MD5
5ee5f269c7ec4a5c872228a1ebf74fbf

SHA1
44cef4febdc65b0e6bfa2ede0afd3b7f441ca548

SHA256
bc553cf2712c7b73bb53410b47b36b67358f193679ffd215f6648861f33cb75d

SHA512
b914402042bab3cfdda519fb00950551d5e87bbbab932a7f64315d89c818f886ea2baf554ba4059718e54691ddcf30696b72eef80c552dfb714b3a9a53182786

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
f449adc7a00b291c4d7ad5d772aec469

SHA1
9a32acfedff4edc9fdfeccdfbeb56f8278de5429

SHA256
8895cbd72673e94279eb4be5a2a805ac968820fff570c474f18344eaaa492938

SHA512
110241f00ae1f28ab95669a00ed3f2912209ea841f329f3f3adfec6d31467f5f2fa3744b72e00aa2b3bca2296e7cfc63e1aa7aca1b9f9633d3e508bf6c6137ff

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
c1625a026a3277d9c85eae4937e48825

SHA1
a0707306c3174968c170365fbd3538e32bec7dbe

SHA256
b4e65835c3bcc811312ec0868cc31d7aff08dadcc8c6558d1f3ccc443d0201ea

SHA512
b5d0509707ece36e117d2e8f4d5d08186c4337c091be227ba9fbd28099609734107bfa9c9adc1a6aebc25d54d873962fbcc5c900b6fc6373f4aaec255e695c93

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
db5cf544b3a37cd463ff10893f881877

SHA1
16ad48b292e50f9c6769fc4b3e108cbedb15d336

SHA256
e3f08961b87ac62e20e8b6e999083b9e7897a6684fdaee03635657e352491927

SHA512
050583d97ee6d7ba663fbd872570f68402a0d648e5a9aeae71907765902350e66e72e51a252a943b5b570d4f2e09cda8a0609cbe32e62a2c8161bb8c92099d66

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
70b5e07aeba15dad1b6f17397a823194

SHA1
335ed74d0f998bcc4676771ef92ebf1ab2e1d16c

SHA256
015840c3b41f8366a233ddd7f5413bd7d1d7ab9c089416d6b3dc4561fd2699bf

SHA512
7b6aec50aa0d312f6d4d9042e25557768b81b507a1dc5553d440a8aab5f20a07a1133c31a7219a982e9d6fc49c56c0d8a84bd1e67125d6c32953a9f9f6dc8b81

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
dd59fe0b0dfeb99f1360308bbac4ad9c

SHA1
711588d190a12e932616d6da0f2c1399dd5a52a4

SHA256
048c49a1a0f5f51835941a2c69bc6018d7d001b9e336776704c4608c2c88e229

SHA512
e35cbb2521658336cf5fe097782cbfc68d9a02cb868bf218db4954b81c404c289f1b37f70710fde58ead8ad5506a5bb2bbccf46e625cec053b09121672880a2a

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
0e8aafaa89ba5e134432439e3a7cbded

SHA1
4b4233fc21e3e35c50946bbfefab41649a6669e6

SHA256
f60a66f9ba17a0758803c6056cf2109e481284c835b7cf85cfa43e9624225e5b

SHA512
77a021a62fe10203b4a70a930757421b3da1512726bbb8c1b12d1c4c9e7fed21e13ce285c324161daee12ea8742dab5e9dc980206db88fa64f81c212285e4ecd

Download Submit
/data/data/bot.avesta.uno/files/PersistedInstallation7107313642103160865tmp

Filesize
90B

MD5
7119eb49226e1a74d0bfe24dd67ca292

SHA1
c91c275a545a62e36bc872dee0afc7427eedd909

SHA256
77e67860717f2d8e83fbba0bd92879685258a32c93a7d5d5fa3e7c48077b9a5b

SHA512
5dda9da60bce72f7a92228e47de42fbaedd7b780af6233ead33f447141928a29972fa16d5e01d653b90a263f5b6738b67f70d237ca7f616c0d07cf2f210b9c16

Download Submit
/data/data/bot.avesta.uno/files/PersistedInstallation7949632713782400119tmp

Filesize
567B

MD5
2eb3689f3d4b735714f6df42246bac17

SHA1
e8a3d0d2574a6c9cca1c3bcf66d49aa444a04d70

SHA256
bf2fa561f8a32e1e558cada8196a2212a151261fab38df5ad0745400e9ce3995

SHA512
fd70127bc0b360172043d40281cf9e6e2b89e2b5a2c681026a7dec1d780dc294c194061840d66203663d563de1c6ce3a7cbd5c28556f17373c83baf43733130c

Download Submit