d0b493c7dc8060b9cb42dffbdcf07d5d56c422670f07b440c13a6d4f5525dca8

Analysis

max time kernel
123s
max time network
155s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
17-11-2024 05:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

app.apk
Size

2.8MB
MD5

b5b268849ce14d6e2d5da4239baa0730
SHA1

12e431546e9c0cf8c97816cece092c1ea2b1784e
SHA256

d0b493c7dc8060b9cb42dffbdcf07d5d56c422670f07b440c13a6d4f5525dca8
SHA512

aa35c3eb5d019ffa73cbc78bfe3e717e44d5b4048f765ce0e6527839e03e45e7ea955743680e0e3e9291a6eff765980b375b58f0ced786977bb010b7e3aa50c1
SSDEEP

49152:xiQOfK6yHrJPzD5fjToKfYD2E+8YbKvn8E2MtiML8qUojC3exHunNReYQrH:xxLJLJbD57ToKAD3Ae/12xMTUojCnNR8

Score

7^/10

collection credential_access discovery impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

Com.ukjent.app

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener Com.ukjent.app
Acquires the wake lock 1 IoCs

Processes:

Com.ukjent.app

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock Com.ukjent.app
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

Com.ukjent.app

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo Com.ukjent.app
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

Com.ukjent.app

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone Com.ukjent.app
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

Com.ukjent.app

description ioc process

Framework service call android.app.IActivityManager.registerReceiver Com.ukjent.app
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

Com.ukjent.app

description ioc process

File opened for read /proc/meminfo Com.ukjent.app

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	Com.ukjent.app

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	Com.ukjent.app

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	Com.ukjent.app

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	Com.ukjent.app

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	Com.ukjent.app

description	ioc	process
File opened for read	/proc/meminfo	Com.ukjent.app

Com.ukjent.app
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4968

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/Com.ukjent.app/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/Com.ukjent.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
9fc86274f3e929dfa5a714e2b9e85417

SHA1
ae5fe6516fa8d967bc6708c1826d3ad64306757a

SHA256
fa6a213e4b7b5eae24b0fa4404daf8a3827acf1739baf258c707de6d947ae6fa

SHA512
45fafaaa541a9a2bd1b1bb52e92302e8050044c72e4332c2ea2da7aa091eea42faf82f914e1e28a6611676ac2217148aeaa7f30c71093ee5e374982ef36f663c

Download Submit
/data/data/Com.ukjent.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
18ac800338c4855516d72e7d667a75a6

SHA1
b077aa8b233420e100e3d694cdcdd5a8adc08ac5

SHA256
1aeedd83c182b8cc325ecd61c5a7d1d50f2edefee7d3939f70b5d0c3e172d67a

SHA512
d9368efbe338208ac13b5fdeb8653204b48204c9d8abc5741fa9ad9843fccd5c6e440855e841629b2a08f0a4332d6440dcd3217ca6e89ac2207ce87b224c505c

Download Submit
/data/data/Com.ukjent.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
11c11cc56c3e24b599e4d5ac48fcc180

SHA1
8d01d3f4721f9355a31d16198c555c82093b0b4b

SHA256
37ee54959105c4d3aee4ef99d458675684a3ec54cdfdf1e579254d2c06508be7

SHA512
991fd55260dcfebc5da4ebd939e1034a80d443050678e83be0e5aae318a17c34e6662fb6320db227189119d35ed4fa705f67fca81438594142fb688ec880d8cb

Download Submit
/data/data/Com.ukjent.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
6e2de2e278e31663283b774b8e8442ea

SHA1
85bd0cf994a0050580585f66d59652f96b675fc6

SHA256
fb7efba8dc6b2a6b202f8d2ff4f48086e9ca71da03502011b3b601b084492477

SHA512
547cb6dfff758b0682db4b7b174121de6a36ec8161c9fa6e8b05c80d682ebe472fed888b320368a8d06e8d2a00b26b5b3784a958149654a676dc448df3ff3c15

Download Submit
/data/data/Com.ukjent.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
adf6082723784327d7d1b34adf974e7d

SHA1
b1502f70eb881a1dfe41139cb719fefb877ee37c

SHA256
252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9

SHA512
762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b

Download Submit
/data/data/Com.ukjent.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/Com.ukjent.app/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
7abd8202ae584a6cddb87c5dbc8284a8

SHA1
fa12433c0fea4040de12d02678b0a214063640cb

SHA256
e57f700e405f83a09c27cbfcdb7b669a7e63a2b20a0b936f0403be5f1f96fa2d

SHA512
3cbe2475e3075fc2cb024835de9b9f2a223558813806673fac0d999075d8108feb662c98fc79fddc1b211f3be3563f6a3dd25a3400037282a4c863944dbed6a0

Download Submit
/data/data/Com.ukjent.app/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
1f13ccdb6fcf90efe24767886e136d68

SHA1
19897da89c37dfa79186f38c832a37d4c40526be

SHA256
ed0bb2b2bf59e3b2268dcfc185fdafa0a4fb2a6ffe4ad99a81a1f278803c8bd0

SHA512
b34adf8338ebc1fd08955d5ab98be0a7142737260e654a2ad7c6ea07bf427d303315860162e92731be7fc7bf594a46ecf2168017652fac04f655833b82a527db

Download Submit
/data/data/Com.ukjent.app/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
d6cc6fd76ed0721bc79639cfd166ea59

SHA1
988d1ef7d79cda8971d2152cdf39d72c566b5fdb

SHA256
d980ac6eeb214375aedb1cb7ef9bb02abd9dd81c4a456a5cc1f22aa90a6f0a56

SHA512
3fdc03afdd4b2de9b1872e4e4ac80ebfa033c449f8fc35c5d3f5c078473b0b30a04a7826a975a19869d8b85e12ea36917d4bbfdd562339ee162080ff2f139841

Download Submit
/data/data/Com.ukjent.app/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
de0c2c32a6f9b9220a48efef33376186

SHA1
ba899cab253149f69dd7b162d697860cafb2fa58

SHA256
94b07ed6f2dd0830f64712a285943609118475edfb15fe0a368360d5085780b3

SHA512
2fdcd91165f96ad110141f8b9d2c1de4c051564cd09d69738f4e12d290475a950280ffc55f57e34fe1d534b1036b0b9ab2861f9083179bb33148b18882365979

Download Submit
/data/data/Com.ukjent.app/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
8826670b12cf16eae0a969b4b8a168e3

SHA1
eb4ee64d8eeb4a0fd18678e993374e03ef13d84b

SHA256
a369e0d13ec2c784f6ce74e6668da6eb31aa63fb7d71869f1670eeb7d32979ac

SHA512
af059d365b745a41c86530d1c8d9ef1af9b769d5c60ca81f17be655bb1217aaa5441bd6f37b1594642f1c7cfe258f77442cde9af0dd15f64ca0f3d349cf99c53

Download Submit
/data/data/Com.ukjent.app/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
67eabc03ca3cc0391a530797a69aa663

SHA1
962f9b70df118658ceb1ae9ff08832d315ea6921

SHA256
512118568c25d5c038ba3a4d7a4b67e8423d2f1c88a02d5438ba930a7e7e7573

SHA512
eb25b2375be4fc18be6f3a488d199c3529a7d382e08168d235cf2925ddf34a2d015a5a0c2663dc7b03f20c80bf5e00dd9c5189a497cb4786e825bbf349ac981d

Download Submit
/data/data/Com.ukjent.app/files/PersistedInstallation2638692234095248409tmp

Filesize
90B

MD5
8592d34244bcb331e7ea4180241cd40d

SHA1
88f23088b21f2d644d32809d31bbbff92ce00fc8

SHA256
5a15bbb65a59a4e44d4a1270c55fc9e09f83392b474682e0a2bf7f8adac6bd24

SHA512
1edb7a521c958e4a591b704e99649da3252f87d7deaeb5388dee90ed81fcd0e1310351f7a2b228f68e0c8aaa3a147c25b70bbfc3ccf5bb312163c030ce5cb7e1

Download Submit
/data/data/Com.ukjent.app/files/PersistedInstallation6485546920520100116tmp

Filesize
572B

MD5
e4b355ea639e3da4436fdeee1966ee20

SHA1
bf49680a345be5122804eb3768d289d4b304e178

SHA256
d78f516d152a03cfb64580664f2fa27f0b6b92e980aa98765bd2b5c06a9e6d97

SHA512
da8be0626b2b0043d72d58a09ca75f1fd62a35dc53f1a5b100b1d6c5568761b69a8d422bb139c0cf7c7d961b0d2e9ed143eafabd92a2150915d9ba0555b3dbc3

Download Submit
/data/data/Com.ukjent.app/files/keyfile.txt

Filesize
5B

MD5
1d4e3e81d1c05f78f91f7919bb25e146

SHA1
0f71ed9123596d5fe554a961e03b237c50e6b4be

SHA256
41ca235e08ea6757beacd7542ff89e65bf66efcddd2d6a0255e9891e639efcd6

SHA512
afbabe899b6ccaefa86d75197fa4fd65b8832dd441487ad4c21ee95e8c45316b8592c6f069a4fd52cd3694a738883e484f711a076ca4e88ea92145bf687bc052

Download Submit
/data/data/Com.ukjent.app/files/starter.txt

Filesize
4B

MD5
b326b5062b2f0e69046810717534cb09

SHA1
5ffe533b830f08a0326348a9160afafc8ada44db

SHA256
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

SHA512
9120cd5faef07a08e971ff024a3fcbea1e3a6b44142a6d82ca28c6c42e4f852595bcf53d81d776f10541045abdb7c37950629415d0dc66c8d86c64a5606d32de

Download Submit