Analysis
-
max time kernel
53s -
max time network
134s -
platform
android_x64 -
resource
android-33-x64-arm64-20240624-en -
resource tags
androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system -
submitted
07-11-2024 22:00
Static task
static1
Behavioral task
behavioral1
Sample
6bfa4ec31eded318330f12abe8d1675c192264124bc0ed5a475eefe8f2b0ef79.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
6bfa4ec31eded318330f12abe8d1675c192264124bc0ed5a475eefe8f2b0ef79.apk
Resource
android-33-x64-arm64-20240624-en
General
-
Target
6bfa4ec31eded318330f12abe8d1675c192264124bc0ed5a475eefe8f2b0ef79.apk
-
Size
3.7MB
-
MD5
8d0159701bccd4c63c2098fc05955a4e
-
SHA1
5de396a555d415c833b575a83e51cbd9d21edfab
-
SHA256
6bfa4ec31eded318330f12abe8d1675c192264124bc0ed5a475eefe8f2b0ef79
-
SHA512
671fa73ccab12e6f5ff415d5ac1b66611c9de50ed171d98a7835a0f1facf8b352d271acbfdd367d26ae7dde495f950b27a8f0e52730aa3429fdad712559326a6
-
SSDEEP
49152:193mKOlV3Rk2ewTnI9cV1zhr2gpLUOC6pW09a1e9XvIeOcgFcypMl+qPBOr7/zNH:ubRx9Tnn7r2gpLUj6Np9XEDXz1w2
Malware Config
Signatures
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
com.yonoservice.registrationdescription ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.yonoservice.registration -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
com.yonoservice.registrationdescription ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.yonoservice.registration -
Checks the presence of a debugger
-
Checks CPU information 2 TTPs 1 IoCs
Processes:
com.yonoservice.registrationdescription ioc Process File opened for read /proc/cpuinfo com.yonoservice.registration -
Checks memory information 2 TTPs 1 IoCs
Processes:
com.yonoservice.registrationdescription ioc Process File opened for read /proc/meminfo com.yonoservice.registration
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
24B
MD5eb874fdcdd9328f1fe3dd07b25e619c3
SHA1d56260375fc071c9eb6037b1b733b414ea349982
SHA25652e90fb832261ce8f9119812a97bd93c425a48f0dca78af583cae0d81bdb5359
SHA512008264c811609919eda0ab7005b2c6bc78d17a626f24cf2bd3717d8b7ef2d94f07d82b00979f0ab3f4af8897bfc16d1bfbd022b7a020f5d22f26bdc34ef1da02
-
Filesize
8B
MD50dd951e37c421d4b76edbb52c2ed5f62
SHA109e27da512da58adedd8add567801b9bb1e8d1ee
SHA2565361b54d180997db67c2d172221ee6de38d3e7e1be6a834f726fcd1ae88f6afa
SHA51224a7ff62c58e4b22d6e8ade8275998adcf607e5227172782a8e879478eac069120f60d494d1e29b6633300b4dbd89ba90c7747f1caa9e809ed7b11a2a86bb2f5
-
Filesize
2KB
MD53f40a3add29c68243ae352b006e6a16a
SHA105a030a47f897d5b3bbd0bbd5cb9869356a1a358
SHA256e92b3847638d82a6123f739de5568918e4e09cc8e1966084ea086f54e0a7a41d
SHA5127d34b9277407f19d8c79f61272e7c4aed08f8581a28af3f7a41604026441687ca1b5fdbab6bbde43b01190885fd4c69baea5d2e80a25eab5b1310afc27dcab17