7178832f203c705a977f6a9da477d862bdc1bbe893d50266473f010eacd640c5

Resubmissions

23-11-2024 01:20

241123-bqarestqf1 7

23-11-2024 01:15

241123-bmg2bstqax 6

Analysis

max time kernel
22s
max time network
133s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
23-11-2024 01:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AndChecker.apk
Size

8.5MB
MD5

3e22fa7e6838639f6fc593d4e87e5c8c
SHA1

4f3399ebd5e090a6089c2012254ccd78c054e620
SHA256

7178832f203c705a977f6a9da477d862bdc1bbe893d50266473f010eacd640c5
SHA512

0ebf21b7f5777a4dccbe5c8fa3b236151575b09e5430ccf771bf4686078b5c95a314b3bf12522a5fd7b4dd4a7b45fd87afdf5cbe1bc6927ccd445c512858af65
SSDEEP

196608:Y/fZptcXuYUm01PAmsxwnK8NyvsIgXnEoEmkSoewsTBMJ03XAM:2fieYO1PWwnK+lnpZ+stMJYX1

Score

7^/10

banker collection credential_access discovery impact

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.example.application

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.example.application

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.example.application

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.example.application

com.example.application
1⤵
- Obtains sensitive information copied to the device clipboard
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4328

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.example.application/files/profileInstalled

Filesize
24B

MD5
a77dd6a29b7ca9a21c14d5225c8197f3

SHA1
bb7720cf06ba890e38025cec9a773afcdcc6ec9f

SHA256
de7cb3898d10164da1da04636a071b609cbb324caaea8abfccaa0f361479fd24

SHA512
a5aa7b91b387d5e7ef72f26f5e2ea3353b8aebd39efb49e949613513a2e726d43906049bb831415cc229eaf4dbff4d58cd5881750246563ee3b2d34f23e30e6c

Download Submit
/data/data/com.example.application/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
a45590e4dc7584b7f89a28a8ce8cc96b

SHA1
9d86716bacf1b8489c99637e6c2282394a57b949

SHA256
441de2e6e1972aa39c7ab421dc9bffbf1069f4896039a87eaa32afab22a33c6c

SHA512
9400096be7bf48da8928c615fef3bc0c44f951c1cb8677440838871b77b5ec79cff0981fdff6b32721c4b459f8f942a47de7383c14cb7c9a56f9b3916d488ade

Download Submit
/data/misc/profiles/cur/0/com.example.application/primary.prof

Filesize
5KB

MD5
dc4c5908dac1c1a501bc0a36a977c34c

SHA1
fc7aed3e96cafb2c35439c5af208b0515a203c6b

SHA256
b5d8c5df8410f3e407eeb2354433c19692a590186ac7c26d49c0931ee480ba17

SHA512
309207277dfa8d36f68c5a22efdb218793f2d083f205e6b82021107cdcf9da94259616a072d7301aaca69aad9a90a1636d305942e18e0d251b9413644797b994

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads