7178832f203c705a977f6a9da477d862bdc1bbe893d50266473f010eacd640c5

Resubmissions

23-11-2024 01:20

241123-bqarestqf1 7

23-11-2024 01:15

241123-bmg2bstqax 6

Analysis

max time kernel
76s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
23-11-2024 01:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AndChecker.apk
Size

8.5MB
MD5

3e22fa7e6838639f6fc593d4e87e5c8c
SHA1

4f3399ebd5e090a6089c2012254ccd78c054e620
SHA256

7178832f203c705a977f6a9da477d862bdc1bbe893d50266473f010eacd640c5
SHA512

0ebf21b7f5777a4dccbe5c8fa3b236151575b09e5430ccf771bf4686078b5c95a314b3bf12522a5fd7b4dd4a7b45fd87afdf5cbe1bc6927ccd445c512858af65
SSDEEP

196608:Y/fZptcXuYUm01PAmsxwnK8NyvsIgXnEoEmkSoewsTBMJ03XAM:2fieYO1PWwnK+lnpZ+stMJYX1

Score

7^/10

banker collection credential_access discovery impact

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

com.example.application

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.example.application
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.example.application

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.example.application
Checks CPU information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.example.application

description ioc process

File opened for read /proc/cpuinfo com.example.application
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.example.application

description ioc process

File opened for read /proc/meminfo com.example.application

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.example.application

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.example.application

description	ioc	process
File opened for read	/proc/cpuinfo	com.example.application

description	ioc	process
File opened for read	/proc/meminfo	com.example.application

com.example.application
1⤵
- Obtains sensitive information copied to the device clipboard
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4458

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.example.application/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
4378a708040961b52dbed3769f38ca06

SHA1
1b42998cd789a1d0a20d33033f646ab7fff88e4e

SHA256
069e6e88615b787c55bda6b3e6ae09b15eb9522909f1b7d7bb4fb19f7b7a8127

SHA512
f39dc8b8848105dd91976433c32147e8b6ecbbb5b19882a8416ad02ec4107062cdd5ec59e5656a7c63e36546e42f7b6ed7803bf7a7409baa3dbb074597fe6961

Download Submit
/data/misc/profiles/cur/0/com.example.application/primary.prof

Filesize
5KB

MD5
a0bced221e57fd10f501f6f1ec99efb4

SHA1
f89c6076daeef32d26b513c0b822fd040e4a07d3

SHA256
fd0aa2a5787a8a087482fa730e2382a3aa3c2ea5ef0f6e0bc6864738e6fa7df8

SHA512
c35e7077fce382ecf8b9499743a498763607e1108c3fb87f1c3fe652bb2a983309204dbbcd9031971af9dd30c1ed1888e5fa630e15a05ec08fd17957945b2f47

Download Submit
/data/misc/profiles/cur/0/com.example.application/primary.prof

Filesize
9KB

MD5
b79372741a706561054e6242dae774ef

SHA1
442008ead553c2d0d6cfab32529adc9e22b2a48c

SHA256
e8bc85777c908b09ce1a7534ae44e6929c8b9849aba19cbf4e6d271fa8e68219

SHA512
9be5f2e57edb10bef749dc2e56faa6e8462c0666a45a0b22f458bc8d38a46404348645d82cbbfbe9419860a8c56121635fa9a66980af82291e6d3c5957ff7744

Download Submit