Analysis
-
max time kernel
138s -
max time network
155s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
09-11-2024 14:14
Static task
static1
Behavioral task
behavioral1
Sample
H570.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
H570.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
H570.apk
Resource
android-x64-arm64-20240910-en
General
-
Target
H570.apk
-
Size
36KB
-
MD5
93a3a74fb6f523fd2c418dd6529ad6f1
-
SHA1
92eceb78ce954a739793b4ad92d85b0d096419f6
-
SHA256
c99b92ce6e51f5f235884aeb979d36cace131641469f2c12b27d90fd30f7eefd
-
SHA512
b0eeb93082889fc8fcaf41078eb78e13baeaea717c37e878ca51cac4253624a2a329525180ef7a2478c7bb09148ab4123f6b27712500d6d5c21b45bd84304f48
-
SSDEEP
768:7FopZbapoLs4LCOs76NFS7ukyiissHGs+b4rP:7CPb+2xs2NFSHyY5srP
Malware Config
Signatures
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
org.noear.h5description ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener org.noear.h5 -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
org.noear.h5description ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses org.noear.h5 -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
org.noear.h5description ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo org.noear.h5 -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
org.noear.h5description ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone org.noear.h5 -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
org.noear.h5description ioc process Framework service call android.app.IActivityManager.registerReceiver org.noear.h5 -
Checks CPU information 2 TTPs 1 IoCs
Processes:
org.noear.h5description ioc process File opened for read /proc/cpuinfo org.noear.h5 -
Checks memory information 2 TTPs 1 IoCs
Processes:
org.noear.h5description ioc process File opened for read /proc/meminfo org.noear.h5
Processes
-
org.noear.h51⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4991
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
40KB
MD573ea068258640fde38570fa440e69922
SHA10c6ff10eb5f6e9e5ff9bd17aea7104171f3e4fb2
SHA25618546706395763a6c64e4abc97640b55b78735d61c1221c1701afaa5e72191d2
SHA5124ebd356d58e997413994c453ae2f0e36bce8c2a3173cb79b042bad839b1e0c8bb14d10003db907465c063c630de0e93a855584951486b3276ac801e3b11e9561
-
Filesize
512B
MD57ebece237b029b980ced6811bcd99295
SHA13ce297e4fc90e5b4a701fdaca6a13d5514199cc2
SHA256accdef8f9191013decbc83ce15089cad79c86dbade1471b373e05d4748a7d293
SHA512e7009cc093ab2f6ee8a044d05ec6d225e0a9a5310096d49877b1005a77ae9ee1c721130465faa7f059a2ced0439985850bd781b6658a8d4989c0d282777213f5
-
Filesize
8KB
MD525b552bab8eab5011d4c4ad3796fa9b7
SHA105c3d01e11c4889bca64ab5f5a25033c1f33d706
SHA25688d8aa45ae272134337d5fdf670ead8da26113d78f5ed3b2fdd4a5be64ad01ec
SHA512a4706bb0aacc75b80fc6cc99a3769ab5dc3170f881ee383f932f14fd0ae5ad2527f3e24576e8dedce0fd68530d75946ce338ef9e6fb251739e6f2b76bf424303
-
Filesize
8KB
MD5df136d10e9555673785ac8353c11e10c
SHA10e6202a35c7d445e62315909de91e386da0fcb0a
SHA2565911790349413a9f32bf1d147cfb5a06d68a51a31851ef4243389f2bfeb9e4bc
SHA5125f738ed62ac5fb01a1c3a2249f7bfa766821c4edaf6f47ab4a7c832e3028b4237c88bebcd9600a8e2d0e2582a600e2e13fe072677e984fbc9b7456bc2e85f90b