63bad53659039536c1d85f16e0f8ce085416f0dc8d7144ef3114cb9412d63663

Analysis

max time kernel
149s
max time network
135s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
03-12-2024 02:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63bad53659039536c1d85f16e0f8ce085416f0dc8d7144ef3114cb9412d63663.apk
Size

18.7MB
MD5

13e0f639963d3e10913c0180a4362ffd
SHA1

560e1a2f49bf7536512e78471540f1fcda0f5886
SHA256

63bad53659039536c1d85f16e0f8ce085416f0dc8d7144ef3114cb9412d63663
SHA512

dac76ec3629dd1f01a79d1416defac227bd4a5ca20d87d73026d742e6565ba78a78180234bcbceb092485497fd08df0f29f2e0faf11a2bdea5fd46755935216f
SSDEEP

393216:sWrLalIIclUJotDckP4Z4LbSYpJCmp6zJp7SPA9qdsmOn:94pUOBKLc7zX1qCb

Score

8^/10

collection credential_access discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	com.nhn.android.mail
/system/bin/su	com.nhn.android.mail

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.nhn.android.mail

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.nhn.android.mail

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.nhn.android.mail

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.nhn.android.mail

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.nhn.android.mail

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.nhn.android.mail

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.nhn.android.mail

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.nhn.android.mail

com.nhn.android.mail
1⤵
- Checks if the Android device is rooted.
- Makes use of the framework's Accessibility service
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4462

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Input Injection

T1516

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.nhn.android.mail/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
7d64aa934de6c153fe55974afb8c50e0

SHA1
7c167af31f085707dbc75e222ee403a2d9a4c429

SHA256
e3d8ba8cb28cc73c46eac912d1bfdd4cab2c451a87f4854788f7b23e7a50e820

SHA512
7006c066ff2b5b9892761593acb7dd11dc443dbb76c14255f2b09f44a0302d3c519b44cbc1b9416c308b80001f8176d125841add49c821b155794cfaaca857cf

Download Submit
/data/data/com.nhn.android.mail/databases/com.google.android.datatransport.events-journal

Filesize
24KB

MD5
c2005d4445148b531716e7d9bd89b4fa

SHA1
5f4735c4829a364618e7fa60538e80ef4e238bba

SHA256
acd646f3f20e9c720b54b2d69c991a9e0942fdf67dc3ee073b8316e38634ded9

SHA512
bf1156a1af84bb93680bd80f4bc628ebbc0ac76090fba7579ad11c46ad42d3f0e717a9f199b33537066fcc5fcdef503945b806d6fbc73fc813ff36046fc0ac7b

Download Submit
/data/data/com.nhn.android.mail/databases/com.google.android.datatransport.events-journal

Filesize
16KB

MD5
910a9b7de44e17875ca6148652ee9bb7

SHA1
193c6cf6e9c6b5dd8819e566405de903e486aaf6

SHA256
aef0813000b9c304c8e58402ce520501bc85941ec11e6ac4eb2aa62eec63b06d

SHA512
731aa9cf44f9b82e49725c0c809f662d223b0b14a7a420d40e2e529c95dee83ef21739825b46c5202b20ae19da97dcfe0a470700b0d9aa6f0f89905988b54c78

Download Submit
/data/data/com.nhn.android.mail/databases/com.google.android.datatransport.events-journal

Filesize
20KB

MD5
994d3e20a71a64647c4c940478b14b01

SHA1
5ab6062e7067ea800f9c6f51b80e5bc2a30e89fe

SHA256
14de282b46314c9cd3bc4485ca53b67c7394c0b5d066c051a9f49f86ba2a6cf5

SHA512
c06c83ec96df2efbba40ea53c6cae6a6b05ea0fce8f3a6310b82244ef3944d8e6699433f30bbcbcb253ab443ff529d894972f549d94f84d12613a5a7362c666b

Download Submit
/data/data/com.nhn.android.mail/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
7f14a81840c441e8ea316e562734756b

SHA1
a6a12d8c41d21fe9622bef0153a69f89f19b0ac7

SHA256
38dc5d88d4fcce8fc6b7d67939c1e563f7d15f4a432b039308a12917a8efe82a

SHA512
540a0d906066f84c88b7ea72997c44d34e2ba7277f5fb2416c31adafdd78a1a28980fd4117a1c99985e88cf55c44d028f49db40f7da231dba563328146abe7b0

Download Submit
/data/data/com.nhn.android.mail/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
3389866eab3b80d8cc9a747303b70642

SHA1
869c9f3879927308f71142504c9122ad986b1947

SHA256
8580034aa4b79679db6b4511e1e94039f86bdb756f174b89c7b3a1442873c2c3

SHA512
457b38a80c5de177044ef2b3c758d31ff123238755e3bc6222e8612e3b6fb80ed2c053663157f0f44b240b25ca1ddac66f3c7974f79f72dd858fb020204d530b

Download Submit
/data/data/com.nhn.android.mail/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
d7199507d235dd1ad4271a80e7a39480

SHA1
4a94ee1ed57f15149b3f4691b5d527c1a97af0c2

SHA256
aa4f3d74aad7ffe841119e569329deb8d61f80180ae3619f866e27ae2e1d69c3

SHA512
6d064cc48195e435cfb5d3a7fc65ed904b6abe0d5eae96105a0b0b96e05d9b813745544ce6e3a06dc0a3cf6e3bce728202fa4d6bfb0196d303ec34ceb73564b1

Download Submit
/data/data/com.nhn.android.mail/databases/nelologdata

Filesize
24KB

MD5
48395f8729b64ba7d60b576c33dafc05

SHA1
9485bdd3270463e46d75015c7621dd7cd328e7c3

SHA256
7a3ec50c0956e153f9e18e9aa71a2c7baaa5e6fdb893dc21f03993d2f022bd8d

SHA512
29da87a8d92ee41ad4fd96056a30a92ca1cc9001eb3f8cf987c47650d8f27bd85008bc5d732657b31521f9666edc2f280526a6b1a042dbb4e6e4d549960e0efa

Download Submit
/data/data/com.nhn.android.mail/databases/nelologdata-journal

Filesize
512B

MD5
ca7eb4057bedd28c99bbdf0a5249deb1

SHA1
de438a9290a6a674267284d6f3f77594f5e4f597

SHA256
6b73210f4b805698971de2e0e7b20560c7c44e749d10e15539afc09a7ae99edc

SHA512
5fad9dcedcb415af00276a9bc427a38161454e2437903623af31c9d3d426977ecbe7b4fc5a1ed6f8a6f0658fdf62f409609112fd871399efa930a5b7c768f1a8

Download Submit
/data/data/com.nhn.android.mail/databases/nelologdata-journal

Filesize
8KB

MD5
1d5d77f4f06f2eb845f14c3f1acf8506

SHA1
70f630200ff40b302c44eed1dc5c29dae3f6e120

SHA256
9fc91cb3c140ed41d67a8743336928d60d3a064149d134a813dbb85427e54c18

SHA512
6fde94e730398305c5c096f2ffbdf965e055a60d35c15d91f2eec5a3a1c48bbd0db2d27ce22f2586f73faf3d3047e42ed43e63bdd10d4b9f68b090c51e823a12

Download Submit
/data/data/com.nhn.android.mail/databases/nelologdata-journal

Filesize
8KB

MD5
d9dd0ebe751078b8c59faec36db92af9

SHA1
ae0fd21805a3cc82f24e06beda913a6112acf777

SHA256
35a6a61551a38772c638fbb84181bf974b2ed4ea39b1fcd574bf1158083927af

SHA512
965ce185cca63996046db230022910d005ea57a4feb09f29bf7a38c7e55483848603969eaf6d45f5f4ed42e70b5dd86e3ba82dce48a545c745c29678d98eda31

Download Submit
/data/data/com.nhn.android.mail/databases/nelologdata-journal

Filesize
16KB

MD5
6baca33b936f53b79f8e582e8f596289

SHA1
3e63c9828d3c7c47465038130ef11a9505cf5012

SHA256
a21c6e9dcfca0eca14d07223da271f755da50bfbbbf365a816dda8a56c555a32

SHA512
8fe95416c941403c57ee9d90281cb35eb82436edcca544fe30d80c9ee5641a4aff3fda5de8987e1f23363e9dc970d4887d3290d54531026b663f7418f9a496d6

Download Submit
/data/data/com.nhn.android.mail/databases/nelologdata-journal

Filesize
12KB

MD5
da732313935c214cd8c9109863ac21c0

SHA1
b5c99a3b439014d54b607e3a95fcdcf95b459be2

SHA256
4b7ae3fa6effa8121b0f097a29f8582add7f547c8e654e4d36daae13235320c9

SHA512
9d114f5550a5b266ec66ce7120dd90d33474455ee252d0d391f4f0440bc096153b98511363f13587887800dae3a91ed87eca06c66827d7bc2cbf5f19e30303ff

Download Submit
/data/data/com.nhn.android.mail/databases/ntracker_log_v1.db

Filesize
20KB

MD5
d80849168df37bf9817e4ddf40363c93

SHA1
c3cc616d829f4334eeda88a825dae527f97c6acc

SHA256
3ee37bb1b6fc5ac8189b9150fe0b234b748650c15aee10dfd48483182d3efd08

SHA512
41f88c064a8b454828d13431933630d1038f679cfcc43423f8dba29e70a5a6fddf1103750ad7d35a7d2e34e2fd4d23c8a459edad9cc2f7b4ba08e5f021e7a112

Download Submit
/data/data/com.nhn.android.mail/databases/ntracker_log_v1.db-journal

Filesize
512B

MD5
35ed4eeb9f82979893c8155fe3ea82ec

SHA1
05d3bfdea8f5349ec7d042114852c60e9ef7fa20

SHA256
2af3e95bdfc5f39dfd4cd47352387f6b2b1b9de4ff1fb244a52eb9ace246949b

SHA512
513c74467a0a3fc9a55f84faec3620ead74f1ec049746597ca4fc11457ac4a377d535296259c79fc663d2982a25380ad2483d4ac89d04cc79a8c2a9797ff31e3

Download Submit
/data/data/com.nhn.android.mail/databases/ntracker_log_v1.db-journal

Filesize
8KB

MD5
7ab33f8cb2a4f869f91e72188390e5f7

SHA1
123c0cd69d3fe2716f0e3e506ede6ae3fae7a03f

SHA256
9ccf1ff656a2a37fd9c27aabe5cf8df3c5de6997e205b70379e2f4353a003c07

SHA512
dd2e14a0e6c142236723bd72663aa7ca5135db6cb25448e557fc1fc6502f7afd53c55fe9a60bc7e7d35e39697e39ea13952a02cae92eab843fe7acda5662cc08

Download Submit
/data/data/com.nhn.android.mail/databases/ntracker_log_v1.db-journal

Filesize
8KB

MD5
64f3df80365af41c7124f5f7d719bb34

SHA1
ebd320cbd4b36c0a59484f0bd4c9c73cfedbb7ce

SHA256
c12b63f69e75f9092a0bfe8e3fc9b377282f5da8313555d73f94495d8e943638

SHA512
30201105d6568b44743df1d564e76e955566e727e87e341be7b49450f5f4e56b998e109c88b5e54a95bad2391d2ac974fcc6233a881c038982121696498bd209

Download Submit
/data/data/com.nhn.android.mail/databases/ntracker_log_v1.db-journal

Filesize
12KB

MD5
94360aa57eea177daa3b455ffbedc054

SHA1
6a0142a7b6e6ec66b65172cacbeed21db6e9f5d1

SHA256
b2b86b8e7bc26132171272619e126d7c98558c8a8a2814afd91c1e3e802f824a

SHA512
5b93220f1aa99398a663a1b405ba8a758c39c53e2fa12818e351f7ed619345c16e7fbedb449893b7fb457d5d215187beb63137b3483f675b250adad46d109b4a

Download Submit
/data/data/com.nhn.android.mail/databases/ntracker_log_v1.db-journal

Filesize
8KB

MD5
b108655eba9502c9f4c82ff8847c41a7

SHA1
a55b43458476023736c2fdcb1e52a301cf30ff5a

SHA256
143f938e4471dc1999b0174ef0b8fc5170cc9c4c6a9e1c7a0636b3a13cd7af48

SHA512
5927f0a8b2ecf915bfd52e8c69f8ca68c0f34b5036bee3ddbace1b865320e962ef897c093c68cba00b2c2da012c8b9475c84891eb4c8770462f41643e2973631

Download Submit
/data/data/com.nhn.android.mail/databases/ntracker_log_v1.db-journal

Filesize
12KB

MD5
82a2c35fb78901c14c377e589825571f

SHA1
8ee9accc8faa9a6b3612ddb43aa2b7dff8477539

SHA256
b50859c13b73458d90b2ce02d45ed8ea92e7104f5e86da16adf82e646680282f

SHA512
6a39f6b3c4699fc060655497cc76aa4c036e0afbdcf53d99651d9676f505ba5c9429b86ee5038d6c43f730b7370d0891fa91d2db2ff1c3a159dc0ed00f8ea08f

Download Submit
/data/data/com.nhn.android.mail/files/KeyLog.txt

Filesize
70B

MD5
b9ec014c758c241edf2fb20dcd28a3ed

SHA1
de30d3b44099d340c40ab248232136a7bdd11104

SHA256
538300293db854fc0d2acd1882792221ace6ae27310bdbd914206be2505eb18c

SHA512
e183c6ebad7e54cddc7ac4eca1d916171969a4930ae6bf26d5dfcf98af9e686de63ab599eff1c8ddd9a87fba91ad5872eed8706e29df5b35d56b7a73dd153235

Download Submit
/data/data/com.nhn.android.mail/files/KeyLog.txt

Filesize
70B

MD5
7dab95aaf76a3cbc87bb88226511907b

SHA1
0b02a9441480e5154a44251962cc22b4876b13d4

SHA256
de077bc8f3101975ac4fb70265f7b583f1047595e4db9d14debfdf0b8445be57

SHA512
b19f597ec81a98a24983fae9472abef916326765b6738b928b85e396e7816c29e1e98410b37cca63b7540aa63751275d37b269f1e2d914eb1269b4c02c6f9e03

Download Submit
/data/data/com.nhn.android.mail/files/KeyLog.txt

Filesize
70B

MD5
7fa247021e7274da15b29ab9052d88d3

SHA1
1f52c3e1966e1cf906c601d1d46884a9a6d1f4b2

SHA256
3f81a454b39ab5d6105c911f4d3ae91342076fc742993d1d7a89c02e7cc8fd3d

SHA512
da30a49c61acaba0e76420eac00c9fa9af268893be7964f4db7f7d8e577b8f1a93d99374016862ee1398fb1a396cc870d877a8966e67450e81378765865b5b59

Download Submit
/data/data/com.nhn.android.mail/files/PersistedInstallation2722260589754375742tmp

Filesize
90B

MD5
47e1d688bd8cb2e82577c72000d58b84

SHA1
beb9ac1067e8696f4a6433ca6c1ee0e1bb03bd8a

SHA256
07955a90659b28f3dc08de19b1d573c1ec6aaa13ae0c2b10e4bab781381a62c5

SHA512
e4b0d839135ab35de224b8028b7cedd5c43a8c95cbb709bbf22e7588b103f34df989bec29c83078167dd68fa1f33e224c4cfeafc55620ff214736de1fffadb79

Download Submit
/data/data/com.nhn.android.mail/files/PersistedInstallation7469606412927102769tmp

Filesize
561B

MD5
9cd64962a7fd036e2de830ff965f4052

SHA1
ff9eee5ce294a79d3ca4b3a1c136aff6367f00d6

SHA256
c1d461e5b13e9bd7c296962d01e78817b932c6312cb56649c1f914b52af2c4a0

SHA512
486a662be8f0d3afe014c737fe56c9bd6b9d5702976914fdb9bdc706fe7f9354412adac616ffa50f2cad91751729b39d9fc2292ab7001a3a15d520cfa264ea6e

Download Submit
/data/data/com.nhn.android.mail/files/frc_1:129436326568:android:3fb259f21ca1e06e_fireperf_fetch.json

Filesize
1KB

MD5
53a7156c9bdfaee61d86d3807399aa16

SHA1
c3bd615463298952e67e8d92531d8074a109c0a0

SHA256
25d7802ba710406397bbe0edc0b930169fea61d95780a4f9a6760e6997f363ae

SHA512
25f283b9c519cfa920098a1b22febf9a22658dff377053cd98d41f91ea3c5f8e58df808a04daa39cd5523881d23d7cb06d1cb2afd605d888fd9b9bcbb77f3a46

Download Submit
/data/data/com.nhn.android.mail/files/nelo2_app_version_N2JmY2QxNTc3ZDE4NGViMmExZThjOTdhODE3ZGE5OTA=.id_v2

Filesize
78B

MD5
005f1a203ccd58f23b8bcde95cbbb66b

SHA1
3353c9eb4071a3a1bd10f6e058b5e925f203dad7

SHA256
f6f888f19ff4382843b1148893c171b87fec6eef03d4a7a2298f93aff9c47c38

SHA512
7914eac7536942d580a58af919b2fe6e7ddb1b031186bca47aaba2c067dbfc0daa3dd6535519292547eedeb5c66437ee8031fa738214aecf949591eb04f42bf0

Download Submit
/data/data/com.nhn.android.mail/files/nelo2_install.id_v2

Filesize
108B

MD5
0ef5093931945a8ff7a136ea642cb1c0

SHA1
303a1e95ac0cb6d45c7b0066e86d6cb4f85e88d3

SHA256
88464fb49b2133cea3f8f6e1e1d8abbc6c183b733e524e17032dda09a3975fdf

SHA512
914fa09d1c29109474631635b53b0506c707c3fbc55da1791df19d22fc9a44f40af78dde424b275c0f496fe965ae870fc9fb6bea356d2e6c289e6a839a916bab

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads