7978ef1f9d2c0fdcf9dab2ed56976e5a926c384c99f3dd48250a34b2a402379a

Analysis

max time kernel
23s
max time network
151s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
20-11-2024 22:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7978ef1f9d2c0fdcf9dab2ed56976e5a926c384c99f3dd48250a34b2a402379a.apk
Size

3.5MB
MD5

58d91834a5e9b84300d94eb218aebe2d
SHA1

dee0a096d251bb21091f13cfff105f047349cc11
SHA256

7978ef1f9d2c0fdcf9dab2ed56976e5a926c384c99f3dd48250a34b2a402379a
SHA512

fabf5db512b175e619185053dbc5a49bbed4b7f2c1bf74250ce006c1f288debede133fa677fc1f24b20f0fa12324d207ef0d55e861df97e8d272e6b1f36af32e
SSDEEP

98304:zrYhi7UkHvaV4TNtKIGgh8tuY0BhHNPpSi:fYheUkHvaV4TNtYpcBJp

Score

7^/10

collection credential_access evasion impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

Processes:

com.myunion.service

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.myunion.service

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

Processes:

com.myunion.service

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.myunion.service

Checks the presence of a debugger
evasion

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

com.myunion.service

description	ioc	Process
File opened for read	/proc/cpuinfo	com.myunion.service

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

com.myunion.service

description	ioc	Process
File opened for read	/proc/meminfo	com.myunion.service

com.myunion.service
1⤵
- Obtains sensitive information copied to the device clipboard
- Makes use of the framework's foreground persistence service
- Checks CPU information
- Checks memory information
PID:4755

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.myunion.service/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
fd56b74a52649632961b67f9dc4f5961

SHA1
880277772549a049da633fcc81d307dbe6d1696d

SHA256
7235e2db0599c03677166776a050a6d0172d0b457b472373a17f6eb490364a32

SHA512
ffd4c2cb4ba0a78f47a8181b38bf483ce25ae9ce77100b2c22044e80c97dac29b415970ca881ce23f18b5ee08021a3864c09b562bc5980a07f71dec2a1f0bd25

Download Submit
/data/misc/profiles/cur/0/com.myunion.service/primary.prof

Filesize
1KB

MD5
20b313e35f7e795e3b0db952f3a8f480

SHA1
d576d4836fc6787e263dd2a1c12730e77fb5a50e

SHA256
c9c81a7cdab7f38b403280d4ff23c44f494635db03b30de0eb74049888854604

SHA512
2bf95171265e22e65884ba89c9cdc81b910dbf1cf2ed67d315d9f3859cc393ebf778d266b305d03273645c5362f7ed662d1808868b67b87ee2b83bb5a4eff1ae

Download Submit