63bad53659039536c1d85f16e0f8ce085416f0dc8d7144ef3114cb9412d63663

Analysis

max time kernel
27s
max time network
147s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
02/12/2024, 16:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NMail2.apk
Size

18.7MB
MD5

13e0f639963d3e10913c0180a4362ffd
SHA1

560e1a2f49bf7536512e78471540f1fcda0f5886
SHA256

63bad53659039536c1d85f16e0f8ce085416f0dc8d7144ef3114cb9412d63663
SHA512

dac76ec3629dd1f01a79d1416defac227bd4a5ca20d87d73026d742e6565ba78a78180234bcbceb092485497fd08df0f29f2e0faf11a2bdea5fd46755935216f
SSDEEP

393216:sWrLalIIclUJotDckP4Z4LbSYpJCmp6zJp7SPA9qdsmOn:94pUOBKLc7zX1qCb

Score

8^/10

collection credential_access discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	com.nhn.android.mail

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.nhn.android.mail

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.nhn.android.mail

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.nhn.android.mail

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.nhn.android.mail

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.nhn.android.mail

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.nhn.android.mail

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.nhn.android.mail

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.nhn.android.mail

com.nhn.android.mail
1⤵
- Checks if the Android device is rooted.
- Makes use of the framework's Accessibility service
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4950

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.nhn.android.mail/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
3f6287191511878c981e843c1111f683

SHA1
2bf2674f1b72b07d87b3ef82171a8a7a6301ee70

SHA256
95a599c805c768e4e960e13023898dbb6b8b88f1e7585cbff2b351f43be4a121

SHA512
de38aae9e1382636d81d7612bd87ba0b9d8aacc8ca9e5a23e3ffa1b5c22d83609e000ec813f0f0f48ea48e8747437ffa3c1d59c6e24dea8c7eea300b353e2dc1

Download Submit
/data/data/com.nhn.android.mail/databases/com.google.android.datatransport.events-journal

Filesize
24KB

MD5
2a3551c176fedbc299783177df204314

SHA1
11349a0ae1cadf48c129ae6d14347f3ab8b20e43

SHA256
1bd0c391c2916377c605633313130ce7d4fb996f697b8b31136dc3da35915355

SHA512
1e3271f7829c04ed9dcce155371bff18de7f385c7173c4815bc37d00dab641094bb8dd9b7f77d6d13b7acd37bd16de638f28041f86230d51381eee925fc5bec6

Download Submit
/data/data/com.nhn.android.mail/databases/com.google.android.datatransport.events-journal

Filesize
16KB

MD5
2d7a816c4715ede741c3e18cf78505b0

SHA1
7e833e79d57731ee5f05c77c838c1d4bd5567eb5

SHA256
4f12477a93cb4948708cccccd4dbdb68eb502fcf270aea373aa6b115167d273b

SHA512
3a9703bcc16500cf96959f2bdb070098010560623486ea9fe76c3f6294ae72901d720989fdf3e0579fa65ce4661abc01105ad9ec381e97d4112487757641c5c6

Download Submit
/data/data/com.nhn.android.mail/databases/com.google.android.datatransport.events-journal

Filesize
16KB

MD5
288860e6ffa74fb72ac6ba68ef9fc41f

SHA1
83d37e6b0c43de3031a46251c2a8858c645d4a5e

SHA256
8a7502e32464ea8d0fd7cd2f0bf001deecf1af9a7af703e7d18d0908716659ad

SHA512
3bcedf9d224a314f881b831aeac227e785684528a901fc8dc061e0f507d61c215d8f803b3d2396312f487da86f97aeaf71037bff42a6f6beb365ced3fed31b45

Download Submit
/data/data/com.nhn.android.mail/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
f9a0a30f6bd0052be01786b024ae9f65

SHA1
5ef28dc569ed992a26519de0ec8c85e88a856956

SHA256
e0780d5c69d3aeaf08480353622d74d37fcf100d0e8901840ce9e5e50a9a274f

SHA512
4492496c5c1a49ad2ece7e63cf94f30350a86b2f67f275f0dedfa1c67f804b6771e9725fd2b7a2f8bd26a9107adc3194e01c9856622c696363321681c513d1a7

Download Submit
/data/data/com.nhn.android.mail/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
e94917ad5fab3a89e0f59c6a1991940a

SHA1
2a6b04a3067f30c1c156042f46a568518e6409e3

SHA256
f4307711f284401df53dd5c9ec2c39877d3b2a3dfca1f9c10331f0675bfe4a0b

SHA512
a262db0bcf89b7c6f826ce6607802f352531b776a4bab5442b65e22f4942e77a09ee9753b314ff0a2d9c6025df580350b055f6419f1956aa78b6a280823eb9eb

Download Submit
/data/data/com.nhn.android.mail/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
ea6e60659ecde60daeb25d6f00aef534

SHA1
5e1d19f75c1fa94b0a411f1039baaaa815cb8989

SHA256
4af6f593a6362c9a2392658fd701ba57f793c71f7c21ac773d064a2678a50d8c

SHA512
9d38c4a7a401e3269d7ade97ee057556b4b55d38306a02928b020c052849a076f0a4aabcc4c6232fb5968a23505ec25b191adde53a466057587a153d56c673df

Download Submit
/data/data/com.nhn.android.mail/databases/nelologdata

Filesize
28KB

MD5
ccab8dd22b546bfc3712ee68d5898ef0

SHA1
6ffbf1b115404cb688ff295b2f19568a43f61fd3

SHA256
5197e3fd13099bf5ad70fbe7a23a88cf6e8789521fa7b6869ed87567d6a157a0

SHA512
dfae20103b1a2626eb0eb2808d1000241b9b0541cb26fcdcac6e45ec2fd36c48923c1af6cba6c4a94444d487ff46ccde9c84352912797e0d992da20dec966a3f

Download Submit
/data/data/com.nhn.android.mail/databases/nelologdata-journal

Filesize
512B

MD5
654b80447f7f5122af1008e53ce1e703

SHA1
8c9922f2a1bc5e1ae270e73eaf513951240bdbdf

SHA256
0877b6d0155f847d44f26d2bf07f710ed0e31aca0a78399c2e5bf9193af74b1a

SHA512
e1ed44cc5a457757495745e9935c245dec48490e007ca7f7ff7148021eecc695f96030c09e7e537af136a46c2008300072bc482c3b8e993ad71ed7283b2b4096

Download Submit
/data/data/com.nhn.android.mail/databases/nelologdata-journal

Filesize
8KB

MD5
8641b49bfa0c7e9f3d9c20fc42aa4880

SHA1
7126052c8fef67ec155c730013058262229397f1

SHA256
dad608fb6914cfadea69917297f171ca60787e3b2721f8f99a1142b00d285e2b

SHA512
efc189256cae6dbf334150119a8a22b569a553ca07b64716a1f45e82b85030082f736dde33b9be8f4387b8db2b61041dc717fd096333a3c941b83a968b912265

Download Submit
/data/data/com.nhn.android.mail/databases/nelologdata-journal

Filesize
8KB

MD5
d92129230e9ec44be0c244e9e1db52f5

SHA1
a15ab83612f823444ad38338fdcc82af038892cf

SHA256
44dd62309a043ea640c155775ecbda652198bcfa4f1892e41f5fc71744cdf80f

SHA512
02ddbbbbf9febc1dcdac39107977cfd7062e71e60467f063b57b2d1b356a0a95f07a44aba5d37d37d728fb43b353eb190af475b41268971433e32f29343b6b1b

Download Submit
/data/data/com.nhn.android.mail/databases/nelologdata-journal

Filesize
16KB

MD5
71c4dbb0c6c3308f2d78ab418eb87c16

SHA1
f8fcfcaada7feadf23148d78ab41f4340d19a0e6

SHA256
19a63a9314eab3787b8bc3e94f89462b5adccebef28c52b94696823eda7926d8

SHA512
63aa0a36db0305ae5dd0f35ccd997ba260791ffbca87d642c30529780205775cddb363420d5f008c5032d16ac0edf374108c8f823cd965fc343212795dcba314

Download Submit
/data/data/com.nhn.android.mail/databases/nelologdata-journal

Filesize
12KB

MD5
ffc6d3af0396fffc5d516c3da4918a94

SHA1
3eb8c5837d74230b2339d3fe9f3f1cd3c8a880d9

SHA256
35f2a5e9f3844bc018d5ce4e6cb7c56b7a6fee7ac05718776fddc5710c136407

SHA512
b4d6f70f1000cf04c380b3fbb163935fdfde3f826c79cb3b826354b03c38711f7d9fb02b01862dc5145f1ca50214a82ab8d0c585e6d5dd06c716f593db3c7512

Download Submit
/data/data/com.nhn.android.mail/databases/nelologdata-journal

Filesize
20KB

MD5
5b168089003542ed1a8a6e3d7f94aa10

SHA1
ccc96f9bff6dbbb57ddc31156394694a1e830206

SHA256
fcd089abbe5919b054f1599b29a892c48fd2fd3450a0a6f3eec8474e8066ba74

SHA512
a5dd01131441ebf4e73ab0acfa96843d77ff95516d1bfc7bbba89b5cd67f6afb4517f8aa5db63f7c2f60915b2770c2362f0f32460b8ba45fcb2175f69c5db4d7

Download Submit
/data/data/com.nhn.android.mail/databases/ntracker_log_v1.db

Filesize
20KB

MD5
4e349df828ab91fa72774f0973702f15

SHA1
943498a611fe61d52770d14cd2ee24391af7fb99

SHA256
662b958ba6a6f21ba25194c8ee81d721ecaeb5ef6e0321b014b1db930602566d

SHA512
f87669c0e572c38e6d8ed7f2c202577d43a65565e2e2fe36aac49d467e14aeebc91c5db612a71ee15e167b6d74600ff5bc5de5dfce968eb6681ccd835f76cdd5

Download Submit
/data/data/com.nhn.android.mail/databases/ntracker_log_v1.db-journal

Filesize
512B

MD5
275c684209a6c1e066c2a558e3de1170

SHA1
760c10827307b55a329af19008fc12028021b39d

SHA256
73133dc14b3dc43f092e7c64b2d3378b44aac043ec2c802a576bf1c4a80b3187

SHA512
e96e24db5660b6cb1c96e39cac07ddf1cacf2d76a767bb2de9a83c82ea96e9b97d10bd00d6fe8177112fc5421a6aca5bc6eb988d950eb2ab7ff19028ff579ae3

Download Submit
/data/data/com.nhn.android.mail/databases/ntracker_log_v1.db-journal

Filesize
8KB

MD5
e4f5ac3a59436a05558fd07040e86b44

SHA1
0c88eca3e9b6859e5bc79d3d2c29fd4f3d20a88f

SHA256
e554e86509a0401ce231d95dc2f20bc8e24ba5a07cb269dd29cae11a6a4ff56a

SHA512
75206e4e022a874fdd9dd6e86082e2b744b3577f3bd4c7b53f73fb92e80a7c4828dc4c83132f7e1cb66e20c4b43a97a78d19d801cce36a35055fd2f6b0b08ec8

Download Submit
/data/data/com.nhn.android.mail/databases/ntracker_log_v1.db-journal

Filesize
8KB

MD5
6275f2155cfc3ab7556c3f2109793691

SHA1
fa77979b72af1f1d4cac209a2513c9fc9fdcd567

SHA256
f12a9a73c27a011cc33d190ace6a8299493f0db1edb7ddbb827a9b612113479b

SHA512
a56eaeda9259ad1f0fcb9b9436d30a01945af2160407539b3d41944fd7d716a6fda78720a41b4d75625a154e806256730653816924fc7c333ce0270eb66ab1a2

Download Submit
/data/data/com.nhn.android.mail/databases/ntracker_log_v1.db-journal

Filesize
12KB

MD5
af1f5f0915717ddf550df9e23047420b

SHA1
472a516283a8274b0172d80b631ab11cbfafc592

SHA256
3b306087ea7b7212a35a665335f87051520c3e3a7199af0c5f15695024e03b2c

SHA512
2de40050c8c64e899877d308561cd0ab1c5fddd632aba5ffbcd1c3294da04efdb6b99a6b5ea3a43e9e39cd7df8545604af4f84cead5cc6a4738afc1f48dd9dcb

Download Submit
/data/data/com.nhn.android.mail/databases/ntracker_log_v1.db-journal

Filesize
8KB

MD5
e06ed54e7cc9071f7b7d0fdd9a034828

SHA1
36785a5018845df21b7449370cda0a6a4555eefd

SHA256
8bd00fea0557fd1516089cf982171d7d4ee5c328c0a90e3ea9a504e24df36163

SHA512
e5db870d5ea34c184f6664a8deaf5fb1d0c362f89503719c90c8fbfcfba82367efe7c574f327026568d0a496afd042f3243763b29629f09e18a2549b0a76c119

Download Submit
/data/data/com.nhn.android.mail/databases/ntracker_log_v1.db-journal

Filesize
12KB

MD5
ea54d26855f9a6342c1ef56dbb295a8a

SHA1
3fd88f73fe96e5c2aa1cdc9a594964f3f300ce30

SHA256
b6bbb8250f18d9e1862e4e68dfa368302e0f2c2c9ca384034d36f271c2e9b6d6

SHA512
6a625718ddde11f27e8ccdcc4f3889d4f0394bd793191ad2598c82436b870cdfc2a17bb5dda00f3690ab8d2b964d74ef7f7bff9a3e90e8ac0eada03e72739d29

Download Submit
/data/data/com.nhn.android.mail/files/KeyLog.txt

Filesize
74B

MD5
4dab5b412fce73aa583d93b36f682b3e

SHA1
644211241fd20aaf90ef528fe2b096eee6d06883

SHA256
293516ad36d62cd7bedf6ea4cb8ecd7871b0f023dd187ce61cb6df6556e7d11e

SHA512
a1f440d464b0825c59bea441520faada7a01b1d418cdb15db6c89df8ffc38ca48eba358f2232869584eae2a71a66d056d2f90e1aeae92527a33bd5bcbd376a48

Download Submit
/data/data/com.nhn.android.mail/files/PersistedInstallation7208102891015614245tmp

Filesize
561B

MD5
9d6c73d6537845a84ef106f87a3ddb05

SHA1
6c88b1d1b5fc638857ec53f88b79001e131b0c12

SHA256
663dc055538046ac28e84354e8526bc600387c04355c7462b4119ee893504ca5

SHA512
14735229ec473ccec9cab5bc2f743e26fd530b8679b6ca5f2f0f096549e9cea2fefca11975a50ae2c2996407572c7c76bbcfddfd942e01d804b652fa034075d4

Download Submit
/data/data/com.nhn.android.mail/files/PersistedInstallation7601058090983848411tmp

Filesize
90B

MD5
4ff9526a140cd6511d1e055772a43c6d

SHA1
6fac38a6d55d2ec015ac9735797b6a5afc50b95f

SHA256
9fd829c9a89ff7977f13e94be3695c0e51ff3c9886a21600d5e3ffcc0b5737dc

SHA512
2daa33d2f24f4c505ed17969fa80c48c76e1e31e7b49170557a9d45a9f84a2ca112ba794b03401672906bdec111bbe9aa8bf1a1007a7aa7a75dd30ffb1960608

Download Submit
/data/data/com.nhn.android.mail/files/nelo2_app_version_N2JmY2QxNTc3ZDE4NGViMmExZThjOTdhODE3ZGE5OTA=.id_v2

Filesize
78B

MD5
0d0d7f462c320c3fea2eb7e2c82b4f1e

SHA1
ea9a8ea3644b6d1f6c273a0357d49020122fd740

SHA256
0aa05848646a81868c6cc6c6374f6fe46a09d3d65de0a9ebdddbb0ca0385d97c

SHA512
e44d4ffb3fb6ac4265fa3faeadad862f49ca71e1a5997d1f6d0e5f3825d3cdaf07866a8a8048a2b7f4c177ee0a294db9b3c64befcff05709a29716a69764d0ff

Download Submit
/data/data/com.nhn.android.mail/files/nelo2_install.id_v2

Filesize
108B

MD5
389d32a57707a5eece449008a2e5c339

SHA1
e264df0baedc5d5bb87f841b0cdc68398e72fc00

SHA256
e2a26bccec4edf0680005bdb77690c90b8c8a52dcb2f6e7c48956d15a3212558

SHA512
3982d016b91c413c22039e85d950dc68c5899fe93869c3b5c517d0299de2f5833ee01cf0fbd9d9a477f40ec048807a7393ed64affd1bdee29595cf27b5360f34

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads