149bd232175659434bbeed9f12c8dd369d888b22afaf2faabc684c8ff2096f8c

Analysis

max time kernel
37s
max time network
91s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
01-11-2024 14:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

149bd232175659434bbeed9f12c8dd369d888b22afaf2faabc684c8ff2096f8c.apk
Size

8.5MB
MD5

a097e2b3ec5496dd18b34c9344b5b231
SHA1

d92439fcdba8d468b2b6d64d0542c48c41b99abc
SHA256

149bd232175659434bbeed9f12c8dd369d888b22afaf2faabc684c8ff2096f8c
SHA512

45b400ea85aa225dfaeee7c0ad108b3d27b15ab633a003fe8d767df7162544e4a661083041e76587f79f841a36e63e59b55ef8bf3f15848d65d30d21862a83f2
SSDEEP

196608:JH6fslAGOGD+ZAeZx2S7cRrFXKe+rof8n7DLH:lwslAPTAeZxeFXWr+o

Score

8^/10

collection credential_access discovery evasion impact persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

Suppress Application Icon
T1628.001

Processes:

com.douyin.softwareapp

pid process

4960 com.douyin.softwareapp
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

com.douyin.softwareapp

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.douyin.softwareapp
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

com.douyin.softwareapp

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.douyin.softwareapp
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.douyin.softwareapp

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.douyin.softwareapp
Checks CPU information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.douyin.softwareapp

description ioc process

File opened for read /proc/cpuinfo com.douyin.softwareapp
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.douyin.softwareapp

description ioc process

File opened for read /proc/meminfo com.douyin.softwareapp

pid	process
4960	com.douyin.softwareapp

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.douyin.softwareapp

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.douyin.softwareapp

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.douyin.softwareapp

description	ioc	process
File opened for read	/proc/cpuinfo	com.douyin.softwareapp

description	ioc	process
File opened for read	/proc/meminfo	com.douyin.softwareapp

com.douyin.softwareapp
1⤵
- Removes its main activity from the application launcher
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4960

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.douyin.softwareapp/files/profileInstalled

Filesize
24B

MD5
99bc340267ee7288eed1991f0b3272a4

SHA1
ac527b786174d54a2a70a2e2e88dbce9fe63a532

SHA256
3394cda3bbe4a049385c3a5edcc600cadf3b3012ce6e6e8fe9255caa2a117fc4

SHA512
f202d9b105f62f74f9e3cd1c0685c4cc0e32005b791898185ebe1fb2dc6f399d7384b2af781418abc558d540b64baab682f322facc35ece80bef7947be305f97

Download Submit
/data/data/com.douyin.softwareapp/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
945fa85399f56c6cd35fc9f0dc4ceb84

SHA1
1facde7bc54d76426a0231e0c72aa2ed7875ae30

SHA256
9b731f40d4668a140e9d035abc328b98e6bd35019ae6e6d23aeb5e1edcbc0ded

SHA512
b86330f77158e471e189c6f73ebcd74a5521ffa24044e19fa9da59d8ac86452142fa2018604a1517175229e7646161c6cd23ecda22fe62b1b2ab100d1208f84d

Download Submit
/data/misc/profiles/cur/0/com.douyin.softwareapp/primary.prof

Filesize
11KB

MD5
1e4655edb2288f29b810ba9cbacaae5a

SHA1
2005f92a7d8957bf8195d6d78e58a349a34ae040

SHA256
ac74db3dbc26b9918cfcf6f1e4503288774fe221f62d9e7ea5580a41d5868ad3

SHA512
abc53d46a6d2c137d9a4eb86f53f2f05d559333bac67e6e3dbab1ef70d42a1a9785b19d60b943cb39252b0a745f05c378ce1d2cbe3309c9fd57eaf03137fc8bd

Download Submit