63bad53659039536c1d85f16e0f8ce085416f0dc8d7144ef3114cb9412d63663

Analysis

max time kernel
150s
max time network
135s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
02-12-2024 16:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NMail2.apk
Size

18.7MB
MD5

13e0f639963d3e10913c0180a4362ffd
SHA1

560e1a2f49bf7536512e78471540f1fcda0f5886
SHA256

63bad53659039536c1d85f16e0f8ce085416f0dc8d7144ef3114cb9412d63663
SHA512

dac76ec3629dd1f01a79d1416defac227bd4a5ca20d87d73026d742e6565ba78a78180234bcbceb092485497fd08df0f29f2e0faf11a2bdea5fd46755935216f
SSDEEP

393216:sWrLalIIclUJotDckP4Z4LbSYpJCmp6zJp7SPA9qdsmOn:94pUOBKLc7zX1qCb

Score

8^/10

collection credential_access discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	com.nhn.android.mail
/system/bin/su	com.nhn.android.mail

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.nhn.android.mail

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.nhn.android.mail

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.nhn.android.mail

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.nhn.android.mail

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.nhn.android.mail

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.nhn.android.mail

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.nhn.android.mail

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.nhn.android.mail

com.nhn.android.mail
1⤵
- Checks if the Android device is rooted.
- Makes use of the framework's Accessibility service
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4466

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Input Injection

T1516

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.nhn.android.mail/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
4b24670babf32a56d573a72721234bc7

SHA1
4edb1a8d774f854f07a47ad8d6d277c265decf79

SHA256
b49822d68fd64060d074c2115277d9d41929acbbc404b753c9688f8e9e7aba0d

SHA512
bf4fc3ab0072e0c450c0ab5d333c4295e40417dc8e865c82d2c3c238b6a92c73ad200f711f3a8574403fd42d128dabdd06639d108f883452d20b137453e494e8

Download Submit
/data/data/com.nhn.android.mail/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
784b3d34e453da721675b8d5e4cfb014

SHA1
495b97fda3c7e39410c2e970d4d064c248b63e44

SHA256
68d61dfcc45a4c1c8d2fdc85b19abfb039a745f65ac52329f1dba9320ffac526

SHA512
c4249b1936c3c9cd637ada9c53397c657a38e9d9464d6face0197f2b1f2eb943b3598b238ed8623fe81c522f408519232c4f5fac16e05d3182efc8f48e093c64

Download Submit
/data/data/com.nhn.android.mail/databases/com.google.android.datatransport.events-journal

Filesize
24KB

MD5
1deeee56669855c043f799290f3b29e4

SHA1
d5febb33edfc0ec063d03871d586a960caed1d8b

SHA256
1df15fde8a504b964cd12f4cb7852be32df11c9ed98c822f370d73493820ac82

SHA512
460dc55eb14bc38e051067d345d51ba7813432999e1b2793c0fc2f61e6aeabd69fd768f35de8fb7fa46a3adfba6151e7ad7237d61a57c5b594f34489dca1e6e3

Download Submit
/data/data/com.nhn.android.mail/databases/com.google.android.datatransport.events-journal

Filesize
16KB

MD5
d4376b10ab7d7922cf1490737c539317

SHA1
4f4ef37693eab69c92cbe793521ef8f995c4606e

SHA256
a59211c891b0c2f05524c9da29e1c663a6e137a983e24645160a3d16148d0213

SHA512
c181e6bf0a667f943dcb5b6b74e7ccfc385dd705a6b41a5f6884298253d39ba912bc129311e0f46da0b7610975e3edc3f88776bcc69473432083bb398e9e124b

Download Submit
/data/data/com.nhn.android.mail/databases/com.google.android.datatransport.events-journal

Filesize
20KB

MD5
bc84eedfa9e6a8253c3e6e57fe78e177

SHA1
0404e585cee24f0b796a2b5350ee0985b6c370fe

SHA256
09111f5af3f6d9a6faa6afa574594ef8df20edf939d169704456ff053fc85ce7

SHA512
7de01d98a7ab2aeabb26b6863031980c8015185514802fee2893fe0630a4204e356311499fb79d915d21c87ddc7004bdb66728983424a6164377b261f0f64966

Download Submit
/data/data/com.nhn.android.mail/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
76089d3e146945fab53d66ad0296aa09

SHA1
18244f263c487570d90e5f4250ef422da3b084c0

SHA256
909d0a0fcba8eef3633d6a137afac388b7f80b0ddb2fc6773335e94ce6b5c597

SHA512
0ccedb3a7d50423e0086fe713719b8cbc68221ee1c9f5b5ed48b1872094ba7709bc79998acec6b82f4d38f667a1fecbbbc268dddc172dfe1fe398962d5d68e51

Download Submit
/data/data/com.nhn.android.mail/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
60e1c7c73fc2bcc8ba2ae0f92d2eab6e

SHA1
3f061f238b526390b4cc3ee0ce478c854a69598d

SHA256
751738b9d4b09c84d8e7c3071ca51d747e19beb64861574b6fe36d27fdde4364

SHA512
e863a5e8a952a8c1311ac363b2dc98a3b44c2b1bd027140d3e551ef5c42f2f3eb7cfd63c6bc97f219ff052af5334774b0fcf1f9e2492f0873c73c1c1278e4372

Download Submit
/data/data/com.nhn.android.mail/databases/nelologdata

Filesize
24KB

MD5
48395f8729b64ba7d60b576c33dafc05

SHA1
9485bdd3270463e46d75015c7621dd7cd328e7c3

SHA256
7a3ec50c0956e153f9e18e9aa71a2c7baaa5e6fdb893dc21f03993d2f022bd8d

SHA512
29da87a8d92ee41ad4fd96056a30a92ca1cc9001eb3f8cf987c47650d8f27bd85008bc5d732657b31521f9666edc2f280526a6b1a042dbb4e6e4d549960e0efa

Download Submit
/data/data/com.nhn.android.mail/databases/nelologdata-journal

Filesize
512B

MD5
7c458ee87d6f6c5ede19df4d6bc54f9f

SHA1
c5cd3630a4bc3f7ef417900308eae281335a4598

SHA256
7e43b5488f5c1fc3fafb24b000d9d71fa67e11573dd3ba5b572407b2512ab947

SHA512
de5b23b55d5ff72bc86908f8f02a03e038c32319c93d8de7a7e4880243c740f7d236d55e622944e31c72977fea1a028ebaa0b0ae535a7394bfe182f1ec9fdaaf

Download Submit
/data/data/com.nhn.android.mail/databases/nelologdata-journal

Filesize
8KB

MD5
3c58db1b5f64594260bd35b3be2a45eb

SHA1
b85de460d13dfd7c1cdb4c4e74eabce439b2c338

SHA256
8a872163090f98890bf32ca4c31bb782450857bb0b48268eb554f80d2b3b8fe7

SHA512
cfd2799dd46211af6d9fd50e8e25c8fdd8efbdc3ddfe4ebad292ce9e1b0c4830d18fe78e70d80af0d73af69e3e4fc927b25a370b8e2d053588e67cea75f53214

Download Submit
/data/data/com.nhn.android.mail/databases/nelologdata-journal

Filesize
8KB

MD5
7a731c7967411c4bd7f359d27cbf61b0

SHA1
e008a364e6d6d323ff56aec6b572ca70995fd8fa

SHA256
f9500fc4f4e3cc5259c635f364c074c2a5156e9d2f2911824ec3f989ce4f9097

SHA512
9f3f04210deaf1ef671925d0b1fb64807aab45be01a4708c284d510c1b75ace3a46e3e3a2bb6eaa8433d109642f3663b52dce8f8773a8a4838263eaa63f5626f

Download Submit
/data/data/com.nhn.android.mail/databases/nelologdata-journal

Filesize
16KB

MD5
b2409d179b6d61ece9791a3d6e12baa6

SHA1
cb4d205a4276030e40cbee4919a4d6cc0417b06e

SHA256
9330b88bcb145087746f7e51f9441877e2ae988e8b5c5d40501a5e9773728fe0

SHA512
3df08ba88f23711de0da321c47a2da65c4ecb5ddd54f18d6605772d0ab0d9ad31c28ca6ad3c531922cbb64eedf9f915090a48368edcb370389fea38287421668

Download Submit
/data/data/com.nhn.android.mail/databases/nelologdata-journal

Filesize
12KB

MD5
282e01656f44dcea98752ac403dce24a

SHA1
cfb6dfb44cc520d33ca5eed8ea0adda89d0a2b59

SHA256
1d7d3348519bf4dd3d4802cd228104010f82b153105d74829572409380d4c605

SHA512
6cdc0e01f1e5f4d28904bec5b9c6a8f34cfec4aad29ee88cadc5888aa9146f5fc0311f3043a3dbbc680ab19b74bf90d9135bb28c7a6ed9728637ea6566048ce7

Download Submit
/data/data/com.nhn.android.mail/databases/ntracker_log_v1.db

Filesize
20KB

MD5
5573da219fa49b1aeab5a0a3affe5213

SHA1
dfeb15c487e3ee39a7d1ecd5e2f707287e4d7fc8

SHA256
1b61145db70260811f151a46615bf66abeb10a7465e381c8c58c9b4c899e52c2

SHA512
61121513037bc37c100245c7d2f5b96f59fe7fa84a2c42f8e3c33f87c58fd0d0f48895cf4ace218d45de5fdd2941e28d5b43cde41738d8b12d74fd30971d46c7

Download Submit
/data/data/com.nhn.android.mail/databases/ntracker_log_v1.db-journal

Filesize
512B

MD5
7693fcd1afb6af0ba0ef749bfb6a0749

SHA1
e6e6211c8f5507dec6291b734fa15891436ae052

SHA256
259ed25f349d7255ec9ab868f871a7c8ea146d21280d4bc3204fec7046184118

SHA512
d940eb2c8f4b8ed73c748eebb6325c52b62ff300c23152823143631d3c2a694419593cfba7215b8db1be94fe11f069c3319cf6fd05c770c7c8838ad64e8183dd

Download Submit
/data/data/com.nhn.android.mail/databases/ntracker_log_v1.db-journal

Filesize
8KB

MD5
9d4cbaec7f8a9970ccf972d5e78cb22f

SHA1
fb6a2f925d6d6850e6035df9de42792c0836beeb

SHA256
403e7cd3840e9e00c4f990a6387f4116b433c2aa719e3dcc8574238830484a58

SHA512
84dfdf31635af20497a9e0813f86fd07e4795f0ed1a68844c11f9fb8cd33a83dcd7d97939f304ba663b0f02f30e725c20ae4f7e39ad30e492d917ebd8aad0f66

Download Submit
/data/data/com.nhn.android.mail/databases/ntracker_log_v1.db-journal

Filesize
8KB

MD5
0ffd599f27ed241688444ded15fb1522

SHA1
27074e70b4ec9a6e43c106fb969cbd88ebdbdcb4

SHA256
bb0a89188c5d2ebb9b96a55682f5bc237f3cfeec99cc1651e7d4e55d77e128cb

SHA512
44cae84c03387ad913fac95c19bdb8188f507c08a90245300ac89f053ac2dd0f7471f9ee2e96dc042110e92fff6bab3a3bf6ecbb01db0156b960460a3ac74dc0

Download Submit
/data/data/com.nhn.android.mail/databases/ntracker_log_v1.db-journal

Filesize
12KB

MD5
8f3e142b62c6801859f1878b4f42826d

SHA1
71d2b0d7f9ae4557145b39f08b955049ff5f330d

SHA256
c7e90367de66e7c34c87331b0470c5569c9d5d4c404f19c442e8b4e7d27bab11

SHA512
d1af85016555921c30a03cf36d1c9360f02cac787eed043a0b6f310dd5e4a33bdfe458b0c497d523ed9f4aba99a862801118ddb15c6dd429521f1eb98f900418

Download Submit
/data/data/com.nhn.android.mail/databases/ntracker_log_v1.db-journal

Filesize
12KB

MD5
9f8aea1e17475cc638f31140b96a0a76

SHA1
9ff0b95e572b1180f0185f3a778d8960c482ab06

SHA256
d6e3ca4a1147114682c348ab763706eb3b49d0a3212fea4f6f5e0dbfe43b89c8

SHA512
04133e96986434431df6a50fc11bf5b63be7a68502b83c354e89d3aec9410047ac8a410fbcb45df5b8f7ddb75d0dc81d3bf9fc7b9c0bcc79eb25637246fdd8de

Download Submit
/data/data/com.nhn.android.mail/databases/ntracker_log_v1.db-journal

Filesize
8KB

MD5
2d5285006aa3e3d629aba05cb0d22d07

SHA1
4b2582c9a3d3dad08fc49aad6b11b47b354e684f

SHA256
3011c44fde7a2357461b8477128c09274214ad63dde18ebee232b92b53800138

SHA512
503a2840d401752b586005323439cbefaa5df2ee7c892330bf490404f212f037566f5aded2432cb0bb520020836810ae6b00f315de752d0a7825747c58267480

Download Submit
/data/data/com.nhn.android.mail/files/KeyLog.txt

Filesize
70B

MD5
930e3ad1460ff9a2559c4575cfc8ea31

SHA1
8813afb0347a813ef338dc1ecadf26692eeec2bd

SHA256
262899f4c6bbd85e8799d3557763c4977ad0d1dfdc530d212b11c967ed54cf7b

SHA512
e1511aef6bafd2ab10b97f1864b4c23a31b0c2b61a909faa72eeabfe19c5ab84eb2206eeb4f4d0869bd0785aeaa3c65b50f3b29ea2567357c6fca18c4ce28f3f

Download Submit
/data/data/com.nhn.android.mail/files/KeyLog.txt

Filesize
70B

MD5
0d2a7820c9a40e76695ffdf9d8f417bd

SHA1
5cbd7f26cff7ca921bbf8211f2de098a1fa0c147

SHA256
b15f6440b88a3e0d20b44765e3ec472b787d90a192f3e3d0c609ad24ff54be46

SHA512
856c9f4335f32c452bd3f3c4393743bfae5e401a7f5e3e0a5314f28dea5107999005e01aeb2088cb55bab82f2bfbdb671615d7ae5dc9a4ad425a0ea47b2851e4

Download Submit
/data/data/com.nhn.android.mail/files/KeyLog.txt

Filesize
70B

MD5
335bc5c9b9a25bf13b5f552a2857fdc8

SHA1
390262be27a4b7be1ebc7b83510e1890e30af954

SHA256
d72d300aafd7db418f26fdf2b5aacdfe365b8baa3aed3f8767ce547ad8df7a52

SHA512
54841324f6e036ecccab10baee3320e3862dd89a7253cb9bec10e0fa95448b465d10fb27decff957b1531393dbb849f8a5d319cb164f5c5b13e51c7d2d6dbbb4

Download Submit
/data/data/com.nhn.android.mail/files/KeyLog.txt

Filesize
70B

MD5
b44b154786ae9c2837c67367de1d1c9f

SHA1
0eeac3ab53b79a80c69993a406e105e3a5e138ab

SHA256
ad1ad7afc397bb1aafddea76f99e2878feb5b415223a9b3708e5167c54d3d9fd

SHA512
7d5cad2294e5a1e3a4d2a14421c3f1ae8bfb8c865c2f2f1d94c5e8d53654002a99cfb555e270f0c3a57558c27926870b33092fb11eabb566988a5e48f3aa695a

Download Submit
/data/data/com.nhn.android.mail/files/KeyLog.txt

Filesize
70B

MD5
329b5c2c7f64d17c8fcc50e94e93caf0

SHA1
66f892cc830a850d3496cc559a03b11a96315d3c

SHA256
813aca64356cff009b18924d03d4a507695c66a98862ff91f3beea7202c54a74

SHA512
03fda52d4087eec503004388fdb46ae4a31ace0dddb55aaf27b4090120f85b7931f91172db610772e170fcf11105fe4a556a6fd74eeb7f6605850063f3a7d23c

Download Submit
/data/data/com.nhn.android.mail/files/PersistedInstallation409076022293040407tmp

Filesize
90B

MD5
f6a3415f1b5a7fac3e43dd53dccd7470

SHA1
7943d93be8b66ae33beed921afb1b899e8ea9ffd

SHA256
8633dd12bd5faa26903074b2da702e84678195797cb22b6d6f1f82dbe5a535a5

SHA512
08236761cebb16582de42689b6b0bffcbc4932e316123ce975c61fc93c0e6110f742cfb7c9e40ebe2bd9d0908720b397ea9a87dfb6a7768818c02d5b3459d578

Download Submit
/data/data/com.nhn.android.mail/files/PersistedInstallation7368214874313777391tmp

Filesize
561B

MD5
cd529324c0faffee74f2cff4fefc77c0

SHA1
6c8a0124cf6106975f10a41637aef405c8c4d43f

SHA256
a63593ae0c5850dfd820d5710e6b352da95165ab9c2b921ea55e5f3d4c857585

SHA512
c6d85c6eb4cb3b2f18e321ae0aa6241076e613110f2f40cc324045ac2e931f669325182d411dd44b922d3e66ac04773162af9a0ad853a59ad1e0735283430ef1

Download Submit
/data/data/com.nhn.android.mail/files/frc_1:129436326568:android:3fb259f21ca1e06e_fireperf_fetch.json

Filesize
1KB

MD5
9061bb55968e7153c400586bbff81b04

SHA1
ee56ecf42e88701c706026eb96f06f28c1da8e46

SHA256
17f8568a1c1fd313605de1a72f742c91e8b68801f628da06a387afbc805ef717

SHA512
b6cc98fc1f659214c0662ecf2b4ffddccc39a2d5c5146371566c00571df556b539cb23a9f7b3625b1c59d15a76e99a44bf04d3b8c1d22c83f258f9e426480a84

Download Submit
/data/data/com.nhn.android.mail/files/nelo2_app_version_N2JmY2QxNTc3ZDE4NGViMmExZThjOTdhODE3ZGE5OTA=.id_v2

Filesize
78B

MD5
7ecbe3396ec43cbcf5c79de348849b4a

SHA1
9473f9d6b76f0bb95b8f470d128db79b5ef47cbf

SHA256
a05c2d74bc02c014ed95ef04968b141fc63287be94dd6fe39b30ae14ec81464d

SHA512
af5f58616d08eb86790261966e5b9433b0a3dd281ad27623c5943f724f46effa56bea102fe6a4cbeba0d216e6e59083d4f5dd0c32b24e85cf72970a2b06c89bb

Download Submit
/data/data/com.nhn.android.mail/files/nelo2_install.id_v2

Filesize
108B

MD5
48e88471afce3a0bfdfad478ddceeb06

SHA1
6ee9f844ace4897990687423554f65b4928ec924

SHA256
28d5575cf2326e75d8e305e6ce2fca800fa37a514e648fab6d5fae38d1be71ef

SHA512
e30c784246cd6ce14349ae32683dd9889543438c6ee2a782fb2ab6334db7f52c457385cb56990f1534873ff7622d97c9bebc36ae8630f8f0820195dcc7adda47

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads