Analysis
-
max time kernel
12s -
max time network
22s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
14-11-2024 10:05
Static task
static1
Behavioral task
behavioral1
Sample
App BypassKey Client (NoVirus) By Nope.apk
Resource
android-x64-20240624-en
5 signatures
150 seconds
General
-
Target
App BypassKey Client (NoVirus) By Nope.apk
-
Size
36KB
-
MD5
3ee5b5617bbae511ce63187ccd17bb19
-
SHA1
5a5ef63822ff4c6fa0d59545630ad33494b3f56b
-
SHA256
d4c81aef04b47da4fe8bf181772d1bc7a538e9667ca39d677d13e654ee890d32
-
SHA512
fe0e6d36b23f6a3b302b44842851f912453df42edabdca17df9e68846dd183e59386aa95018c29d9258b7e6b2fd7b73a4154f786ea8a0af76175c16f9e246091
-
SSDEEP
768:HL3wgV7EOxowNJ7hyTTSCPgGO0wChevDIvdi+:rggVwOyKJ7wSCIhmevsj
Malware Config
Signatures
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
com.bypass.adlinkdescription ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.bypass.adlink -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.bypass.adlinkdescription ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.bypass.adlink -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.bypass.adlinkdescription ioc Process Framework service call android.app.IActivityManager.registerReceiver com.bypass.adlink -
Checks CPU information 2 TTPs 1 IoCs
Processes:
com.bypass.adlinkdescription ioc Process File opened for read /proc/cpuinfo com.bypass.adlink -
Checks memory information 2 TTPs 1 IoCs
Processes:
com.bypass.adlinkdescription ioc Process File opened for read /proc/meminfo com.bypass.adlink