Analysis
-
max time kernel
48s -
max time network
156s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
10-11-2024 01:26
Static task
static1
Behavioral task
behavioral1
Sample
49fdb4eedb1a1b6945068da1171c93667a3aa0e1f3de82d0c02303c476f4414f.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
49fdb4eedb1a1b6945068da1171c93667a3aa0e1f3de82d0c02303c476f4414f.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
49fdb4eedb1a1b6945068da1171c93667a3aa0e1f3de82d0c02303c476f4414f.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
49fdb4eedb1a1b6945068da1171c93667a3aa0e1f3de82d0c02303c476f4414f.apk
-
Size
1.7MB
-
MD5
7da3ff4d693cd73f6e48f59ce1c3336b
-
SHA1
b267626dc9640c5b598cd5ad1a74fe8ed20711ca
-
SHA256
49fdb4eedb1a1b6945068da1171c93667a3aa0e1f3de82d0c02303c476f4414f
-
SHA512
4b49c348f5166977e0818fc111d04468c32c3b91c97ceb4d522d19afd8e9b9a04a1a17ff199dfdca1c1307104c026fe8580f1f1d0ebcb4dd65c4a7a6940a4229
-
SSDEEP
49152:D4NX8J34GQCScpSixuebo0RH9XJgevqxM:D4+J37xLuMbX56M
Malware Config
Signatures
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
www.decodefe.comh5description ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener www.decodefe.comh5 -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
www.decodefe.comh5description ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone www.decodefe.comh5 -
Checks the presence of a debugger
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
www.decodefe.comh5description ioc process Framework service call android.app.IActivityManager.registerReceiver www.decodefe.comh5 -
Checks CPU information 2 TTPs 1 IoCs
Processes:
www.decodefe.comh5description ioc process File opened for read /proc/cpuinfo www.decodefe.comh5 -
Checks memory information 2 TTPs 1 IoCs
Processes:
www.decodefe.comh5description ioc process File opened for read /proc/meminfo www.decodefe.comh5