Analysis
-
max time kernel
54s -
max time network
154s -
platform
android-13_x64 -
resource
android-33-x64-arm64-20240910-en -
resource tags
arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system -
submitted
09-11-2024 23:10
Static task
static1
Behavioral task
behavioral1
Sample
acabb6b9cdd2549dae64f7cc9f0e4a402fdaf505958c11bec721eb2f0c3e3ac0.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
acabb6b9cdd2549dae64f7cc9f0e4a402fdaf505958c11bec721eb2f0c3e3ac0.apk
Resource
android-33-x64-arm64-20240910-en
General
-
Target
acabb6b9cdd2549dae64f7cc9f0e4a402fdaf505958c11bec721eb2f0c3e3ac0.apk
-
Size
3.7MB
-
MD5
cae1387f541b5192eb0e1b270337dc2a
-
SHA1
a686b9c9975ebf751c7e8766c3bdc1b87ba361b8
-
SHA256
acabb6b9cdd2549dae64f7cc9f0e4a402fdaf505958c11bec721eb2f0c3e3ac0
-
SHA512
0ddfed868c70dd2a221b932545dd2df3dfd485999f8e7c3b7a676847183161dfc31a08fe68b25fa1b9fe07dc8bc547b4b9e9c61d1489184dac2e9f5d144a6ec8
-
SSDEEP
49152:193mKOlV3Rk2ewTnI9cV1zhr2gpLUOC6pW09a1e9XvIeOcQcySYSWhyYl/BMr7/t:ubRx9Tnn7r2gpLUj6Np9XzXTXz19V
Malware Config
Signatures
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
com.yonoservice.registrationdescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.yonoservice.registration -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
com.yonoservice.registrationdescription ioc process Framework service call android.app.IActivityManager.setServiceForeground com.yonoservice.registration -
Checks the presence of a debugger
-
Checks CPU information 2 TTPs 1 IoCs
Processes:
com.yonoservice.registrationdescription ioc process File opened for read /proc/cpuinfo com.yonoservice.registration -
Checks memory information 2 TTPs 1 IoCs
Processes:
com.yonoservice.registrationdescription ioc process File opened for read /proc/meminfo com.yonoservice.registration
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
24B
MD5282771dda9f414e04a00e151907f8635
SHA1be2f10c2ba092bed7df71fcff99a072ee2c6aecf
SHA25651ec21fcf1df4e01a514e74af319bf2dad3ecd42003fd478f9c3d13b6741e701
SHA512a89853883ec6ffbbda200597fab1a76a1b9fab5a0d26f928d0095445232059b6e1961bd58fa0bff6f4bcfd40756794d27b32315a1f8ff874236003583c433309
-
Filesize
8B
MD5bc1683e567c0f8f66b4d4deb7c643290
SHA1e44c23fd15b33665989cd9339277b721ce08d5e6
SHA256a7546895de9edb81ba01c079ce16f51524b925bfba4b865f7ad51648fe9cfe17
SHA512dc81b2864c8b24dc417f033b0dead68ab73a870fbcfac7919a87ffbe5b78f04872038d8292c14e071f5526a18ee8a0301c5270b8d4670f66b6a0df7146290173
-
Filesize
2KB
MD53f40a3add29c68243ae352b006e6a16a
SHA105a030a47f897d5b3bbd0bbd5cb9869356a1a358
SHA256e92b3847638d82a6123f739de5568918e4e09cc8e1966084ea086f54e0a7a41d
SHA5127d34b9277407f19d8c79f61272e7c4aed08f8581a28af3f7a41604026441687ca1b5fdbab6bbde43b01190885fd4c69baea5d2e80a25eab5b1310afc27dcab17