Analysis
-
max time kernel
45s -
max time network
151s -
platform
android-11_x64 -
resource
android-x64-arm64-20240910-en -
resource tags
arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system -
submitted
09-11-2024 12:28
Static task
static1
Behavioral task
behavioral1
Sample
Vencord-v1.0.6.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
Vencord-v1.0.6.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
Vencord-v1.0.6.apk
Resource
android-x64-arm64-20240910-en
General
-
Target
Vencord-v1.0.6.apk
-
Size
1.2MB
-
MD5
c7a2996b321266ee65a05265ca8dfc71
-
SHA1
8bebb56419b329f15065ae9908bfb26f59d91a2e
-
SHA256
56fec181f0b43afa87d7cb76fbc5523ae788e5fed56356d5732a2f2b2cf6ab88
-
SHA512
63b6c9b37a5f1734a18e5dedfc1415bfc42f815afcef342cfac6f3bfb5fcffdcea7fe26ed0abb46b18fbaf905e196092ff3c7955e7d3e2dec0cd8104dacd2721
-
SSDEEP
24576:tdqbaAnGsPRwn4izoTu6tmkXYhafQTnHyxJhRwvarW6uMDT6nmtiS7bszq7K:tdqLGw6n4GujXKV7HyxJwvF46nmtiZqK
Malware Config
Signatures
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
dev.vendicated.vencorddescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener dev.vendicated.vencord -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 19 IoCs
Processes:
flow ioc 44 discord.com 31 discord.com 35 discord.com 36 discord.com 38 discord.com 28 discord.com 39 discord.com 46 discord.com 49 discord.com 51 discord.com 33 discord.com 34 discord.com 40 discord.com 50 discord.com 45 discord.com 27 discord.com 32 discord.com 37 discord.com 41 discord.com -
Checks CPU information 2 TTPs 1 IoCs
Processes:
dev.vendicated.vencorddescription ioc process File opened for read /proc/cpuinfo dev.vendicated.vencord -
Checks memory information 2 TTPs 1 IoCs
Processes:
dev.vendicated.vencorddescription ioc process File opened for read /proc/meminfo dev.vendicated.vencord