86551a262b0ab4a20d54fd931cad2d0aa393853e378746893f4f61de0c9173a7

Analysis

max time kernel
37s
max time network
150s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
20-11-2024 22:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

86551a262b0ab4a20d54fd931cad2d0aa393853e378746893f4f61de0c9173a7.apk
Size

1.2MB
MD5

0f8dca99ce56c2e0931a29cc6d841721
SHA1

5902f47aeb5198d62f923242d7fc102aed30707e
SHA256

86551a262b0ab4a20d54fd931cad2d0aa393853e378746893f4f61de0c9173a7
SHA512

9eb63708bc1e4638955e6beb499ca107f70fcb934b10949c38224f951740600f96151c92535e75054e6357b21a057960776d07a506e93ba68025a7d0a3c784ca
SSDEEP

24576:PeM9P5EZJbpxv7rJPmhRXxO1/YM35honoUXzs+x0f5Mdtv:PeyqLLBPGRoT3TioUDTxW8tv

Score

7^/10

collection credential_access impact phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: 5C36123F5245AF470A490D45@AdobeOrg
phishing
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

i8iwk.lqoo2

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener i8iwk.lqoo2
Requests changing the default SMS application. 2 TTPs 1 IoCs
collection impact

SMS Messages
T1636.004

SMS Control
T1582

Processes:

i8iwk.lqoo2

description ioc process

Intent action android.provider.Telephony.ACTION_CHANGE_DEFAULT i8iwk.lqoo2
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

i8iwk.lqoo2

description ioc process

Framework API call javax.crypto.Cipher.doFinal i8iwk.lqoo2
Checks CPU information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

i8iwk.lqoo2

description ioc process

File opened for read /proc/cpuinfo i8iwk.lqoo2
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

i8iwk.lqoo2

description ioc process

File opened for read /proc/meminfo i8iwk.lqoo2

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	i8iwk.lqoo2

description	ioc	process
Intent action	android.provider.Telephony.ACTION_CHANGE_DEFAULT	i8iwk.lqoo2

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	i8iwk.lqoo2

description	ioc	process
File opened for read	/proc/cpuinfo	i8iwk.lqoo2

description	ioc	process
File opened for read	/proc/meminfo	i8iwk.lqoo2

i8iwk.lqoo2
1⤵
- Obtains sensitive information copied to the device clipboard
- Requests changing the default SMS application.
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4786

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Protected User Data

T1636

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

SMS Control

T1582

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/i8iwk.lqoo2/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫

Filesize
83KB

MD5
87fd5a5617d55d904de6e2210fc218e3

SHA1
199a47008837e591dd4e4b2d5de07cc4260623a4

SHA256
8b7274c55179f74587bffc099f6b9b5eaa8aad46c581f004c2e82affdc6ab10a

SHA512
dbf77bcf609a8f7ac8a15e339c5a7310d65ba960626787d9befb4d911c44343dbabe5df857363a686ed044aaceb4df68e5f1880c24b35c0583c89dc8d38a49a6

Download Submit
/data/user/0/i8iwk.lqoo2/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫.

Filesize
8B

MD5
97846544ea3100cc4a7b73d87dfb9ec8

SHA1
e05806c0f9aebff18b59bdaf14b04e9f6546b782

SHA256
ac81444651d4174c0a6cf2130a8613f1ddc982ca85af4dda6b443b03e47e2a5a

SHA512
6383626b7b4c478e5ce81e9f6a3d30dd1d0ce0147c2ec4585823b1b37e07fd75fcd0c19bc6fd39b0816b8f1a147baa9112b49d4f1afc4725eac7d74ce0de6c83

Download Submit