f3ee8522c46e31269449c58c69369f93a525201559fda2a2eff1d2d205f4f778

Analysis

max time kernel
6s
max time network
137s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
22-10-2024 02:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f3ee8522c46e31269449c58c69369f93a525201559fda2a2eff1d2d205f4f778.apk
Size

7.0MB
MD5

d2e511a1e5836f0557c695eb23307711
SHA1

7e0c6781b9b560dc958d38786419f5a09dcf3cf6
SHA256

f3ee8522c46e31269449c58c69369f93a525201559fda2a2eff1d2d205f4f778
SHA512

56e6f6fa644e564533f0727dfddb3b22229ddffb550a8f72db58071bc48b936c3717f61a06071976b0dddef7c5381119e2e2f9f6f44c3490fbbe33bbe96c4527
SSDEEP

196608:debHCUOigkvgP45yCG8Ii8Z1v1oGKoBbq27:d8iUODHrG8jdo7ow0

Score

7^/10

collection credential_access discovery impact

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

Processes:

bot.avesta.uno

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	bot.avesta.uno

Acquires the wake lock 1 IoCs

Processes:

bot.avesta.uno

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	bot.avesta.uno

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

bot.avesta.uno

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	bot.avesta.uno

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

bot.avesta.uno

description	ioc	Process
File opened for read	/proc/meminfo	bot.avesta.uno

bot.avesta.uno
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Checks memory information
PID:4520

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/bot.avesta.uno/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db

Filesize
16KB

MD5
60e7f1c08e562d90cfdfa249c7a4b2ac

SHA1
81f2a0ca7bb2eda52da9524e93ccf4ed7b90da9e

SHA256
6116f52e6210ee0022d2c7dfc2e51530e29a53c10e9fc06d86d0c54e98301259

SHA512
134d20c5c936e052324ffbedc21eeb05a91b32eaf76ced8a1fa3ede48815276463d070f667e98e2da1d7fe2e1deee03f507f46cd3cb3897f820d776166f4e9b9

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d046a55c58150c925fee021069d70cb7

SHA1
b0327ec2570cd965f828066ea77c3b9002d73a1f

SHA256
119d7d7c1de8bca6bd34f3e442c7ecf98b34235f370e3cddd647b9f495f30c9f

SHA512
b78458fd01476319dcd3d654e9829eaba3902314bca92064a9c5887968f80e6d6316b2f10a16d2f4491aa40538d3b9587512d33c896d0eebdad0ec2e303617dc

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1c38ce5daae416b856ad4b5bbddf2141

SHA1
59341357ab6f0b5402dbedd3b2e267a49157b560

SHA256
a4399d86797cbede38f75648d7589c630a5b05df5a556429ec16f90e6afef104

SHA512
089f5973b5c537355179c00d34f3bb8ac0462f6a70476b9828daac41d24cfa1fc59c986afd23d5109315ba37ff7b0f901ab75bb5b0dd71717f6b1bfcb64a57c8

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b11028434a7a87f54542532bf53ab010

SHA1
cb35e36f62ddab5358a2c1c4d07d5c4ffb6b2f20

SHA256
df7a574490205e768479d59bb6bf7df2d59964370d46d5a5880f5f3ba48850a8

SHA512
91999c97670914cc2682cc1f77dae9245033943fea0c82c177c3f18f245a6010377d7c42f25d2459f0be29536371273ebdf080a1a8b3df10a4e3f832f67eafb0

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db

Filesize
16KB

MD5
709b96323c4ba767dc0ead328e8ac908

SHA1
c5f3c83f01c9dc5905c96b5172304ee2385b2511

SHA256
1e75060a555397b3f777932058af25022f3cee2dbb53ba28ed7a6c77bac7fc33

SHA512
945ff7e686e2434da8441fb53355ec78c510669d9b0db56817ad7b1ae61c79cb51665c14d044faaced5e3921b09d243fda85357e1d9882c27e16a3345427e80c

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e8ac9f452991c280c647c799fb04ce19

SHA1
3e3124bbb8eecb2086ec38b79e714bda0e82ebb3

SHA256
1963ae79c939670016eabe91eea30dfc6fe26e855046eee615a3533af6bf0369

SHA512
45b18d63d73a0d16af70d0760d7017edd58e4e1bd7f44c62130b2d25970bd1e61ca0c3d19c69515566a951ae3f63a637ba9a4d25e4fa1ce01388e29a5a5b101a

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
f95ff040763a9f51dcf3b90fe3da09a8

SHA1
99f7ea1db096dfd4c49b73f15c89b8628a3837b6

SHA256
6f33137f729bbacbecb54c6e3e60e6c6271382ef956df44fb622736867240229

SHA512
d7f7f4daea8d6a7a17e7738c9ab2be9fc2c75ec40d614088c42aba322abebca0cd56c2bf74eb1932422ec606b778bbcf4403beba7fcce080a47e919537a20366

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
7adb82cafcdbd55c1034eb68553816bb

SHA1
3ee77aa91b05af52c338f80cd409a7c0dbec752c

SHA256
5d503cece459f80477ffd169c71e40cb71f9812d4ac157d333fcefdf757f75c7

SHA512
036d72bbb06530dd4cdb54821cc0f46bc7e503ca96d6e4ab3967bb317fc70a60e9a10cd9df9382bc8d144aa902a3d75d4a2eb0a9d27e5d2cce84fc4d2d38e94a

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
999247d67c7231dd3fe421e2cc025c31

SHA1
3536eda890d7d6e28da4f5b50bec69cdc3c505dc

SHA256
78549dd42c96c3f90e11b9ed3baa349013a6e599e21cc2bfd649ff8c0fd9521b

SHA512
d30a661eaefcb9fb1d7cf4182945bbce3d61a8f20365a4e4badcbb89882dc0f8b34ed080361aaf988b526832d3a0870e64b8f375985848beaeed8a1e8a147cc6

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
19f504cc86e860cdcb94873d50d8a1df

SHA1
d0edada3dd9ff8644c02f41749c8e89d7ef0ce4b

SHA256
2eca6b50cc6aea21b27006ae4de2ac2bc1ba9b0e81e14013cc9b4fb1d1eba07a

SHA512
0eb98a35c1da7ae18a22732296b141a7309bc2ad75d22520c17f33eb60d7c9c043c2ef325c0fea3ad4260df416e35f56e111c8e61df0f200ebd3c934d71e0ad7

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
51e6d061e9c855d283436d46854fed5e

SHA1
6966f3f91427e6ccd4a515567643749e076050db

SHA256
0dc11c5de39dc6c1de7db8cb765f255ea3a05d35ac1c5c34b032cedc8afb5406

SHA512
53c5916707b7004ff67392b695e612ff42fd183ed5276430a6bed9973a7204616868b7fe13ebf6bfec036c82dd12dbcefa55d0c69f49855390a40061e4029e95

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
722e185697e8f670f09c945ba5e391f4

SHA1
5754de22c3c738bf2571eb16e84671e249c864f3

SHA256
3a556816f57ac1d1160d15b0d1088d17b86286d9bd9ff6935caa9f92de6d9eb3

SHA512
46d79aae9dcf622cd692b041c363e7e2425f684d486217f406e4894ed21bc795aad26b15889d81f30e07e373b8196ba9e5143897cfdeb57e9e24751527201479

Download Submit
/data/data/bot.avesta.uno/files/PersistedInstallation362383376897922454tmp

Filesize
567B

MD5
693ec882adbbb1d01bd0138f57e135ac

SHA1
5651960c29e3faf728c57732cf75ca5c3b6f784c

SHA256
0b3014b9c3a5fe4a321bf7133ad80160286038f25b197e2ecf21d449d862af6f

SHA512
2c2612de64dadfa6764d32b406e01566794ef33cccd214c7bcdc670dabcbf0e65968cadb31f730d3b13add74e7539cdb3362e0751347a3e9467cde1dc15561d8

Download Submit
/data/data/bot.avesta.uno/files/PersistedInstallation7327094004411430407tmp

Filesize
90B

MD5
6b0a5aaca9af5a70ea1ce475cfaa1990

SHA1
549b644a9fd323d3ed16d6f13fe47b3ec0ce4667

SHA256
3579ff23a903807f0a2004f5b76310a92c579356285ebe45a56197b7c4b85451

SHA512
5a9d89c48014b565b6b433604edb5f771cb7204ef9d91428eb3ded95426af4e3e398e1678563807ddf71efa7294f6a15b7203eaa7caa7e17ff6218b7b3a3b897

Download Submit