c7e19c454970c5886effba510c181d56bb849316bcaf7b9bf17d4951414d30a3

Analysis

max time kernel
133s
max time network
141s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
26/12/2024, 22:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c7e19c454970c5886effba510c181d56bb849316bcaf7b9bf17d4951414d30a3.apk
Size

4.3MB
MD5

7957ea4c12443f0c65bf9962701add5d
SHA1

845b5bacc1f2c5331c1f468c531bc15677c2f923
SHA256

c7e19c454970c5886effba510c181d56bb849316bcaf7b9bf17d4951414d30a3
SHA512

fc20094ec3499a8c31a09fa9bf9b6920a9e645658e0bae73e93c2634f5ffd0f6b7effca02006000aadb015956c693deaead8fec33f8706c8005bcf9d9aee6474
SSDEEP

98304:t9MTwruT37Qex2e8Job7G7IwZbw5a64Wl/ZOvvcdw:t037Qyy7Nw5a6xZOIw

Score

7^/10

banker collection credential_access discovery evasion impact

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/system_ext/framework/androidx.window.sidecar.jar	4621	com.errorforcode.netix
/system_ext/framework/androidx.window.sidecar.jar	4621	com.errorforcode.netix

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.errorforcode.netix

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.errorforcode.netix

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.errorforcode.netix

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.errorforcode.netix

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.errorforcode.netix

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.errorforcode.netix

com.errorforcode.netix
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4621

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.errorforcode.netix/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
eed49af1d9d619440f90929c2d6a56b6

SHA1
cf2a7b4d48d6fed16d41593bfa62ed04fd256014

SHA256
53e0671b1d3bff794801a7cfc02e7076574f98ac3c5e1e9d570ce0ce6b5a44a2

SHA512
593d461827c9ed1f800dec099989a5a2e66e14b2c07b97b20c0814f780abff904ddeb781c107f8c381757b30265090e2ca7c564d4f8f970b53dae53b5fe6c7bb

Download Submit
/data/data/com.errorforcode.netix/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
f8460697a45b752c6a6e8c508d71bab5

SHA1
38fad7caf12e268232f7e6df79ec58b05fda1b46

SHA256
98ac257c00177efc50f40498ec4719c6e7236dfeaf6d4c2b987f06ce7af40d8e

SHA512
25f9a82cb9b3fe5af440e9f344d53cf58c42dab90489f015856c4fbad4cbbd7d2de6f008f8f7ab4b8dc665ebb96f5827679c61f85d8e4b8f01d4eb42075b2fa8

Download Submit
/data/data/com.errorforcode.netix/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
f2a66e7c48d8cae726296783ef4bc55f

SHA1
0e0fdd6d996963e565fa60533c02196621c961ef

SHA256
cb84091f36a0714d3bd0a1b33032fd00d77ac5bd00e4b31847b0305f1472fa24

SHA512
2bb43290bfc18d3bba5f7f8aaa57a0f9633f4a3423dacafc33f0fc2360ed0a262a546cac35ddf495e05cb3bc2bd6bd2859ed79f07452b6869d54baea5e032108

Download Submit
/data/data/com.errorforcode.netix/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
20e65fcb1f67a9904b86068c7e0df316

SHA1
99a8d71aea7d6a5eac70a4f5d527184d9d1dfd76

SHA256
bad34f7d7cc786f735a0a9fac654aabb4864d844d08d18270c1dd986003f7461

SHA512
46936a21c7a92195d7cb907d8f4ea859b124036b28164e08ffc82060ce056f4d15cebc03472c4e6a16d42f582ab1015adf4d5cba29fd90cb5588bfcb8fb386c1

Download Submit
/data/data/com.errorforcode.netix/files/PersistedInstallation1094851691139584443tmp

Filesize
90B

MD5
c0b5a9066bb11826ea2a6e452accb891

SHA1
0c926cfc1538479a6f7bc7552b408c675c909b0b

SHA256
5102963bd85dfd7c06f8eac07e07bf0b861234efdc32556a3a7fbdf2eeea1e99

SHA512
87a185a09f222b80f87f0a9c11b58851f6e3e84ac9c6cfdcc74c893fa7e6537a87c642de1ba5f6cd5cdb0c91eec6aa06f71b62a43b5d74d1608628a2fc057acb

Download Submit
/data/data/com.errorforcode.netix/files/PersistedInstallation7852853583691262716tmp

Filesize
567B

MD5
47c4503bc7da89c865ef347f336336d6

SHA1
78a3c5f63400db3a198d012812f667699133ec24

SHA256
49460c0e50a7b318014693bfa2e0327e21f335f5050432970a3eca37b034f636

SHA512
4130d54c60832ff887555bc9f58824f79865c5d00c03e1d0da8124372baf8ad83c54102b5b29dda342ad632d3968ce0ee958027f1a758886de39c0bf04f36c2c

Download Submit
/data/data/com.errorforcode.netix/files/database.db

Filesize
355B

MD5
00ab17e4c71d11a8bf05d1f81fac8e7c

SHA1
9c03e49068baabc1ca07643edf2e3f2aeeee2362

SHA256
f27318292dfe1bfe4686de6fd58f9518d7f48e9109195d722f832eea596d9067

SHA512
f4b2c9b7bc3d7ddffb1513bffa0a77a1fbfdebf9f860f3e52684dfdd650b6365913204ccae35c49bace8489c384e7d72159e4a16ff99bb9c0e7cb1c261cda05a

Download Submit
/data/data/com.errorforcode.netix/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
93f4ef2e7dcfa06f3bd702e8e779f309

SHA1
2b7d3ef55017e2cb0ca65d22672c1d7590a4c2ce

SHA256
bdb176582f86eb52902b5945273bc4a267b7143b8fb996d25241413d87f87b41

SHA512
f964748f5e5b7c3c29fa75a680c6f71dfa122557db69d068c4b8dcc4c51640f3d58204ea03b4a208c6317165aae916cdc268b96c792a07189d3cd8da13e71919

Download Submit
/data/data/com.errorforcode.netix/no_backup/androidx.work.workdb

Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/data/com.errorforcode.netix/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
5e5b3a6f8f60ae6a5eb241679a219a25

SHA1
7d1af7674e91471acd090f0836e9bcd21e20154a

SHA256
02b69e9e89509ae9edb27b0846f089297e9ade70ced3b002807b9d82931ce781

SHA512
ea79cb0833554244e8cf7d4e91d920e44693150e013777671215580b5aac4b338620d9bec7d3f89663b39a0ec8d5f55768d2e180371ea6977e7f67e168025a31

Download Submit
/data/data/com.errorforcode.netix/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.errorforcode.netix/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
b009066f09228128d1294d1ff91f2b6d

SHA1
340a95c9d8d6357b02eda44f67716f38eaa7934e

SHA256
cd655ad9d92464e9dd16199a5ce278da23f079e4043376af37b87e2d55e54ef4

SHA512
4cefc59f2fb157b09fd16721d32c8d9c05ceae7aac07fa0d0d0c2d3a52146953b03e7433eb2be87a82e483e596461aa35954edae663694f1c2d97404ecdcb937

Download Submit
/data/data/com.errorforcode.netix/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
7c322adbd8af38b358d9cdaf844c2d7d

SHA1
1e0d9a876505a8d2db1d7eedc075a2cc1e00ed8f

SHA256
82dd27022413c714470f06b9130db529bb017d165c5ab4187c51252b76f3ecf5

SHA512
620b8df0cb24b01149d8f1ddcd8e7bcabd13d2345299097410fb8b8f87beb47629d72e365f321cc7e323cc947dd0ec3687e432b4e2122b21dc1dbefb004367fe

Download Submit
/data/misc/profiles/cur/0/com.errorforcode.netix/primary.prof

Filesize
2KB

MD5
24a68235374500012828e677cf626dfa

SHA1
9f0d9011624cd22fce0fe180c2e879187dac7642

SHA256
2377fd9bc43ef4255893d3c034914647f82bb1e420fac7e493c86a3139333ef7

SHA512
8e3de81e64044753d840e941c3df03de00e9ae5be27ccc28e223ca6fdfe3aedfccd1d92c8a29176fa42ee87981371198877a2d4bdbd36bb8fe672557222c47fc

Download Submit
/system_ext/framework/androidx.window.sidecar.jar

Filesize
12KB

MD5
bdf3529e80318eb14e53a5bf3720c10d

SHA1
25c9ace4b1af6e80ebb2572345972c56505969ba

SHA256
bbc8300dd1e9cd08de8f66560c1ac2c928615b72b51cef9649f88974f586d64b

SHA512
48b9c2d01171bb651b9b54826baa51f4add48431a3efd8ceb5f7cc3bcd6f8f37edf47fabb24349dd15b3a02329cd450f90a8d164bf4f8dfae554bf3b35a8a55b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads