61d6ad05c887bd0027ea828098ccb799ab7b8b108b3285a2338274659dc3c13a

Analysis

max time kernel
3s
max time network
51s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
06/12/2024, 01:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Android_Faker_v1.8.4_Premiumuserupload.in.apk
Size

25.9MB
MD5

5dd71755429d9dd6646ee944a7a9b5d9
SHA1

86b0a23ca124864ca6673ad443c445da127df47f
SHA256

61d6ad05c887bd0027ea828098ccb799ab7b8b108b3285a2338274659dc3c13a
SHA512

d6c67a0cc2dd66393f1a983e2fe00a8341df30d322c87051aa788b403325e9642515695bc4b8cc49381467686d2fe88b320ab8f44950471a65392ceade6f5d58
SSDEEP

393216:N+O/TGb4pwKPCHp/KxTllHJq5vSio3fkl9yfZyICfkYI6L+uq:IITiqDPCJ/ETlu5ZQRlT

Score

7^/10

collection credential_access evasion impact

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/system_ext/framework/androidx.window.sidecar.jar	4499	com.android1500.androidfaker
/system_ext/framework/androidx.window.sidecar.jar	4499	com.android1500.androidfaker

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.android1500.androidfaker

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.android1500.androidfaker

com.android1500.androidfaker
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Checks memory information
PID:4499

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/system_ext/framework/androidx.window.sidecar.jar

Filesize
12KB

MD5
bdf3529e80318eb14e53a5bf3720c10d

SHA1
25c9ace4b1af6e80ebb2572345972c56505969ba

SHA256
bbc8300dd1e9cd08de8f66560c1ac2c928615b72b51cef9649f88974f586d64b

SHA512
48b9c2d01171bb651b9b54826baa51f4add48431a3efd8ceb5f7cc3bcd6f8f37edf47fabb24349dd15b3a02329cd450f90a8d164bf4f8dfae554bf3b35a8a55b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads