0aa1d9f0dcec3c232c31bb5ca534a7ecfc32f7a20afd6d762e06617da3c6834a

Analysis

max time kernel
6s
max time network
133s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
23-10-2024 01:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f3ee8522c46e31269449c58c69369f93a525201559fda2a2eff1d2d205f4f778.apk
Size

7.0MB
MD5

d2e511a1e5836f0557c695eb23307711
SHA1

7e0c6781b9b560dc958d38786419f5a09dcf3cf6
SHA256

f3ee8522c46e31269449c58c69369f93a525201559fda2a2eff1d2d205f4f778
SHA512

56e6f6fa644e564533f0727dfddb3b22229ddffb550a8f72db58071bc48b936c3717f61a06071976b0dddef7c5381119e2e2f9f6f44c3490fbbe33bbe96c4527
SSDEEP

196608:debHCUOigkvgP45yCG8Ii8Z1v1oGKoBbq27:d8iUODHrG8jdo7ow0

Score

7^/10

collection credential_access discovery impact

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	bot.avesta.uno

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	bot.avesta.uno

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	bot.avesta.uno

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	bot.avesta.uno

bot.avesta.uno
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Checks memory information
PID:4637

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/bot.avesta.uno/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f69572041b513d3bd8812cb136d43998

SHA1
e632cf55f5aaf4cabc854b8bc3ceb13f03204de8

SHA256
5cf3fceffbacc7bcfb474f933032c49a8ba015b45dd9aba3465ff3e63fcc18a3

SHA512
ad255ad89b7d72a1ba962bc52ed3784a39547c76c63b910b9c24c61e21e95b371a9a423d76ba3d570a44c48868dc463bd75784209ee5f5fd8e5d55ccd0902cad

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2ba6d209895ebc82ae1d03d32ec0f721

SHA1
80cba12e78598a908996b7f7004a8dab575434d8

SHA256
ca1e18c010f17b048439584fe14d139e9e4e60edb3c7b90884e09bb1515aaa74

SHA512
f45adb35731ef8adb2aa42c5686a88219c2cf469d4ae50ea60df88888d4b965c5a3f75e4c3714b72fa9c0a4bba3cf3e52632b292b0cfa902a1f067e0f992b949

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db

Filesize
16KB

MD5
56b5933d34a9acbfea726b3f254c3a48

SHA1
7b08ea9259a2a885e85d00f18f688284956fe442

SHA256
ad7e4e498cff47411ae84950f09dcbcba147eaf800fbf172bd1ec868ca52861f

SHA512
a1fa70f440b267e1eabb7776942b172d254709cd1925944c233c831cfb3495a01c0d886f1d1a8ae4adec3d0c013abb99f70e6d22b86d283b99be2830a75ef69c

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b08d08ee46d29f856f638c55d2044d04

SHA1
bb90db38d427ef751b516e249080ebd8d0ccbed6

SHA256
e094923e08569d7fcf297c1286359c3f48433914b93a451ffe45cfa47fd11a47

SHA512
3e3c07d2600d90c77d94013e39deb3a8a0087db7ae7fea0bf2862bc670e00561cfb78375195cb22945348f354e9c0f0d562b754185170e0b42fc1c49eb5083cf

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db

Filesize
16KB

MD5
657810321e18b2369c22c3a53c2f416a

SHA1
a32ffab658c108649a9f1cdc6afa9ab3590c3dae

SHA256
c52e7fc7bee1feec4edc7d788a54bb575963e55c2a65f3ca550af2b7de405751

SHA512
14d70ad553d135e090a310b78c022d6f4222d1c8f1a861198a9a830e1011fd2c2c32de87116d780ce4abc60cf14f68a597c421a6ddd0a86e7562ba23f3680c0a

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c3da25b68342f725845ee5292850f327

SHA1
b4f040d4bd079a9d42d7236c75f4a82c79e1b3d3

SHA256
1240230e72e7fb4a40559e65f3a217f2bb6a2d60df446061e35afa5b218ca00d

SHA512
15a2123643cebb55276811f8b8d68a6a4c4b06b1b422810211009de2300d54198643bccab6c289bf8f0cbdf7420913cd7ccecc1424339ba8973c10d08cc11929

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
e60a64eacfb051b1ba4041279c98930f

SHA1
d34731b426574b6f0c061e2a75069d6925578a30

SHA256
851de3401cc71282ba4b568205dfbd41263daa1ca60001b70529b2880116aab4

SHA512
0e87a4e3dc2e5d45cd2b495f238e2451b09ff502d81bc97446c706bd75018101eb3e57a8f2cdf354a60a9408b80de68d9e69a28476e44056847ed4b12a6556cd

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
474bd3274f0e2f657cc8444cd06ccb05

SHA1
fcec6c09aa56642cc7f31abd5a0ca1aef2bc513c

SHA256
b77b8ac8969c2c53285686e2bbac2ec80bde276b066c73828545df1cc28e38d9

SHA512
0aa178afd1f766b40203aeefdc251f093aee107380593dd828f21796ae7241f86d28cba9fb6e3d6ae434afb50a87f3dd22b436afa83f2dab869b86a24f45414d

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
97d38736ebacb1f46ad9224882e3fb5b

SHA1
7fec461661108ae5b4f4b188d11d41043413c353

SHA256
c495270fa1b5251183bd11ecd42687bb96077200ccb72d3c30ecc281a62cf2e4

SHA512
baa8765b2d02aa690b7c10ba7bb00051a424e8d7d1fc4c192a870053c724d42674668ccbf94db91fb11a049e1a9ffca4fd042230c0f494182e62947ef084476c

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
8c891f4657e4357d817a288abff3fa0d

SHA1
96e2c961e028e9b82108c1041c86d1af8a4eff5e

SHA256
acaf46fbc8fa1763d0d39fa9853b19df3ab0cf1cfaa4bda84162816d5e4991a8

SHA512
32f2ac6400b6160c61ed965002452f6fc1fdbfdf18b21bcef3f553284f6ad8268d9f395223904658116b4db52d042afdda0504a163472e6b257cf3a7c428804f

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
1ba19d32ca9944cc0130cd256f3ff290

SHA1
c0adae68cd981ea74f2ecc6fe16070f38fb577ae

SHA256
acd04b6396a2bf8f60cdc59b1033eaf2c334d9c69509749b0b489595f8fec525

SHA512
9e9a230e84980094daf21844a4e92e9331fbcec58ad3347b384eae0d46132c9e9d437cfcacc29ccf32f4d014334ad625888790a6fb4a8f88b0a6eb6ed93dec07

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
dea05c7edf6c3158fbf63f9456decfb0

SHA1
ebc568f47f806670fb64d43de909046558a248e1

SHA256
74365e96b001903502476cde769fb80f03a3eb74d59ef9e20662a4ec96a4c5e4

SHA512
49e2e18f42b69847db20b72a72ba71de14a13557cc377fab5d96d709e83b44319e34c34837c63ec087ab3846f2efaef63bd802692431a364dbd0135a4d702a6f

Download Submit
/data/data/bot.avesta.uno/files/PersistedInstallation2698099447342434761tmp

Filesize
90B

MD5
34f1b05802fdbffba85c0c25a96fe703

SHA1
b6a87a3f65a1eeb2fc0751544b64bd3d6f442271

SHA256
1dcaa1a26edfd0376353aaa8b241af2032556615874150597d1bdc2d67e2b3c2

SHA512
385f106c490f5f62fd233bd97beb78903d16b1b37692db3a4d779543877e144615a813dba256dce1ad3aba1a8b7003fd6d07e78c67e3b541a28e2ba923ccde0b

Download Submit
/data/data/bot.avesta.uno/files/PersistedInstallation903288218167983846tmp

Filesize
569B

MD5
0beddd7901a153c7866df0f7d7d15bc5

SHA1
788cac6c9bd4ec51a0861d687078d759e4bb21b5

SHA256
8f15813966b0d0b804bfd9efec8f2eb9d9b8b72e1fb4ee392654d99dbf7d9a8f

SHA512
ffa734288eb2fdd1e838c68089dddb0aea0564836c620eecd40444c3b7fc422c121fa52a4567504bf56388a5a4e154663bd14e8399bc7a520f8057229ce1d1f0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads