0aa1d9f0dcec3c232c31bb5ca534a7ecfc32f7a20afd6d762e06617da3c6834a

Analysis

max time kernel
5s
max time network
151s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
23-10-2024 01:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f3ee8522c46e31269449c58c69369f93a525201559fda2a2eff1d2d205f4f778.apk
Size

7.0MB
MD5

d2e511a1e5836f0557c695eb23307711
SHA1

7e0c6781b9b560dc958d38786419f5a09dcf3cf6
SHA256

f3ee8522c46e31269449c58c69369f93a525201559fda2a2eff1d2d205f4f778
SHA512

56e6f6fa644e564533f0727dfddb3b22229ddffb550a8f72db58071bc48b936c3717f61a06071976b0dddef7c5381119e2e2f9f6f44c3490fbbe33bbe96c4527
SSDEEP

196608:debHCUOigkvgP45yCG8Ii8Z1v1oGKoBbq27:d8iUODHrG8jdo7ow0

Score

7^/10

collection credential_access discovery impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	bot.avesta.uno

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	bot.avesta.uno

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	bot.avesta.uno

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	bot.avesta.uno

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	bot.avesta.uno

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	bot.avesta.uno

bot.avesta.uno
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4997

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/bot.avesta.uno/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db

Filesize
16KB

MD5
8f4ed472e4d6cd65df3c1288fcf29fd8

SHA1
c41c6fb5bbba137ff78632b58c5a17d3543b3c94

SHA256
f0580a7326dac32b4828aeb57175f701fe891abc419d00c74832b9b94a38d46b

SHA512
306c1f3667e382eadb1a87d0decc193235af4f29b1d8b834702e019019a871ee0300ad24abbebf51ba371853cb14027527856de29ac6630a7215b065387515e8

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c5e5fdd6fd50708d4a4b0dd548fc0791

SHA1
61d1d897c05556a73415c49a667083d64c2056b8

SHA256
de2f7c84e3b21bf022172934cc066b348624274d7cf95e2a932f5791bb1de986

SHA512
bb8f7f1dd4d5aeedf594fea0fe45aa57017c4aa6a5fb2d2129d1a4a0144966abfed7b2ae1f625c587b8b2176a8f03c9e3289f1627c88c562f8e3edef7e52cc64

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db

Filesize
16KB

MD5
fde7d6cc2582052c4415facc4806b466

SHA1
046d44bddbe5ed2758835956e1dd71d2f1c31073

SHA256
11bc6a5d755a7361b3f5e374c0acb8675bedca4d57d4923f6904de7f46a9f2ab

SHA512
843f4d98ce8bf4d94e3f8d019c334510ece331ace75e32f18763ae89c0bd89bb9b6e5b32cfac481c0299436cec798ccd9693e2482a3a6447d76bc70c8ca487ff

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db

Filesize
16KB

MD5
da18f76991d8b37b00493b276a20471c

SHA1
37ff665e3eb573ced4defe110e0c529c98c557f1

SHA256
75dbbdd779a473833a746baf2c39b73861a3ccd2f966624849db7ace907091e7

SHA512
29c11eda37396f8a02dddba09e9653eb87c0dc87e7914d43efcab5afed73fd7433d5c8c1ffb83b1272271cdde7a1de33efa5d6700644095f2eed0379a3c77ef8

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e555db6cc98505bbbb057b31e10d584a

SHA1
4d726751aa9b4bf6f0b38a715959bdd6f5d11175

SHA256
f65b6bb2de141fc9ec88351b5a39a2a5027281ea53928f63334a2cbdb2c6ca58

SHA512
3e9b1278eb4d312837f2566d05480293edb303203ef5ac79cb1a9dc44b907e4464a10afe005e635371836b3eac770eb65ea4fdf1c0773de3167870b5058080ce

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
f920e410b2a5050f597215e2f89caaa5

SHA1
59db4f8f12c77b485220d4332264b150f9a7958f

SHA256
8517fbc175134c48b437d6d368b89f07b4d88da15d8b8e5e43feb2f21119c680

SHA512
404b40662317d57ddcaf5d3df90ff07160c9922bd9a839ccb7fcfe6d61d73458ff4145b02225ab3a101794ede805ba75b6682744c4d86433b9cfccb6c28a1989

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
37681d701a4def64141260d57e738638

SHA1
d0528fc1aedeb925af46c9fbe5130e6118738a9b

SHA256
cb9be30fea3da1dfffd7a7eb5494dbb30e99b1b5faea0cab87d87da2933b743c

SHA512
244a469772e3b043903b8ed4eb76bacf9e07288a89fc4d467bfc2b542c1c245df0dd5b6092d4f6944811ce3faa9eaa84d756ee45105ee95afd6d881f307be6a6

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
55acf14549afc9815b00d0233d7ae409

SHA1
d2e04f6b19ac878540eee1dc20da485ad17160f4

SHA256
98bbfe2b2c4f21457e8fc9c9e58a117b5115a78383358d23b16d03d8093ff027

SHA512
f32e523b6ded46a065c68918f2c3b3fd3d1bffde5e524634437ef4bd8f326f9d9a7f54e146492c825ea5374169bf52b5bf33a2b69c8c7d644a501715f2fbb981

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
2967acea81e6f360c94445fd7215583c

SHA1
8785d62b1be1c97ca34d8cc494e66c26f83bb6c2

SHA256
285627af0949e42ed1f9f3d86faede1410a34c5c94df97c43cd4afc69378f313

SHA512
76436f9cd0c81d57f7a2b9ce091c38493eb771d93b33a99c3297a16170fc5d5ee49bc14000a9119a706aac29f8f4439cf4fa7b7047e376bdc363529d6316a336

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
84b08a51dfd00ac2856fb51b3722e295

SHA1
c7b094d8ba88061477a344471cb0e0c8027c5f0c

SHA256
936289ec25d94a51cd0a5d77c4d459a6b95e4679729f4edf93f4b480338c8887

SHA512
a7837a3621723288567c6ef6a75e70b70e197be5c2efea53fcd6e42391d2f0c69d5c75b26aeb4eb550bdba6cbc95b75c2977a18c295cfbd2cc167bf2c688cf75

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
44dccfba7adca32b6251a5afde55d63c

SHA1
0679f4bd50a8c1145281e7b95b967a277a725fd3

SHA256
1ebf2a38f015baecd7eed78999b46630a0da3b046840078b4a57d46549d75c1e

SHA512
019bf06c7eba4a56085c2006bed85e88e4efbe46082785f0ebb8b03e372c67cd2082e7323a9a630d821463ee83aa1a917eaac866a7b698c927a175b7355acc9a

Download Submit
/data/data/bot.avesta.uno/files/PersistedInstallation1153643697392916864tmp

Filesize
569B

MD5
8f59863d3a8dd25cc71ffd0e63783d04

SHA1
ec911b6139a08f3a6abf38fd9d555ced7fddd558

SHA256
0c8ca2a9a27d9eb0416c3b238290e1380d66df65bb19f4446b8ee0310d4f1801

SHA512
2eeef0413c0aefe924be2f0ef41c459799a51e4692a8a08462466b8fe6484d07417a7e089a4d120861a8f0943805314c70e40d639d8a54af8fdc9e8f748e79c0

Download Submit
/data/data/bot.avesta.uno/files/PersistedInstallation2475014114305829668tmp

Filesize
90B

MD5
f8099bdef94e2f67bc1f096d354e0f14

SHA1
3a6fc7980c249fb308826874610ba57374d7aaeb

SHA256
08aba2baa4fd9d9ec2db3123a22a3d7166793a7b991e72b915ff0e5ac63ca43d

SHA512
bbac29c79335fd55b6de7ce8090e2af05b17725f0f5c7b6948ab8535c2c46dd5f852e796260e2edd701c84806714afb2e2a6f38455ad75a4c9890d3e289950b7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads