5ac0516a1c4876afaef78a9463a5311e250f780563924ce36518621906ac9451

Analysis

max time kernel
129s
max time network
132s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
04-01-2025 22:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5ac0516a1c4876afaef78a9463a5311e250f780563924ce36518621906ac9451.apk
Size

4.5MB
MD5

7de05fc6e00db0fe4b5054fc55be0c2e
SHA1

8f3c46b091e54c1aaba0dacdd2133b655b4a804f
SHA256

5ac0516a1c4876afaef78a9463a5311e250f780563924ce36518621906ac9451
SHA512

2d36d4353992a4350c9c0e44e0da19e19ea244f33aa6dd5504904d7151bed316a9c82b8e6a2a9c53ca080b06486b02d816476ecbe0c196893c7ab5095b0345b4
SSDEEP

98304:XMTwrB/orDVlA4MSYGnOohCLLowWdBnyL+lyxgId3:9orD3dqTWXlyxv3

Score

8^/10

banker collection credential_access discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.errorforcode.netix
/system/xbin/su	com.errorforcode.netix

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/system_ext/framework/androidx.window.extensions.jar	4355	com.errorforcode.netix
/system_ext/framework/androidx.window.extensions.jar	4355	com.errorforcode.netix
/system_ext/framework/androidx.window.sidecar.jar	4355	com.errorforcode.netix
/system_ext/framework/androidx.window.sidecar.jar	4355	com.errorforcode.netix

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.errorforcode.netix

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.errorforcode.netix

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.errorforcode.netix

Checks the presence of a debugger
evasion

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.errorforcode.netix

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.errorforcode.netix

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.errorforcode.netix

com.errorforcode.netix
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4355

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.errorforcode.netix/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
360088808c1df3cde6b5e6200883c11e

SHA1
67fee8d29bc4d9e98f7c9799bb4dc5b79e72d1b5

SHA256
869b6c1b34062814e1f60df0f17cef3da29b7972cd8037d67825831616b029ab

SHA512
a64b023eef944a1e6a906b696e1397d49a32169c771c995605166443cdcf0fd2fa54146f33fd3b08c5003aafec5ff94e8228039bb0c09278a09a5bbff46182b9

Download Submit
/data/data/com.errorforcode.netix/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
7119f7e3f133be851e111375eda0df39

SHA1
13b875a934053adfdf8600ad929a123c3d8d485c

SHA256
777da8b1c5d5170372a384fffe966e4ba5b8aebd60c903937dd57615ac03914e

SHA512
2ff5934b6d0a9d54750d4512f1886d1cb5a6f82b87920efaf32ed3087c73a3f295d7243b2da8331a4b0ef95e1624dacfda5e381fc9bac4e515444d773d02a5d5

Download Submit
/data/data/com.errorforcode.netix/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
de1beb29b3ca334b99bba08b52fab5d9

SHA1
59f083500aa364b1f02b978289422956914f0f27

SHA256
25d576161f83074c71f37b7965d36e8791881432ef0556fe6f3cfe07f94c4d38

SHA512
959da586914984dc9726897b91b369d430a59940415d2a38b9c404051a5135bb5dc1886a302af648bf09666be8e19dc4c492bdf997d67a124ab48f7add31966c

Download Submit
/data/data/com.errorforcode.netix/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
1f44a3f1573c4cb73e6e6a4607e0200a

SHA1
8854ac3128e761179c24f9847d62aa809556ab4f

SHA256
cebdd563ee0c5dc48a2886ec19815dc388ce81bcc20d3b5f7068edfa909223d2

SHA512
4ccc766929a78482621cdd00789b7323eaeae44d790c81a1dab391564a6020cb37db020313c5fb57565264d281a15a2abdbc83dfabef7a4fd615968884e5e1e7

Download Submit
/data/data/com.errorforcode.netix/databases/google_app_measurement_local.db

Filesize
16KB

MD5
62ad4a05cbdca7f47b3206b7dbda487f

SHA1
4f4044cef7b7b1e5c6184ed9025267fc92bf0cd3

SHA256
18b909096c7c61d51ab076ae8e562effb0d4ada28e2a4ecd0e6b88ef58f6b2a6

SHA512
0936531ed1b2b356a247123200739a43cfc765469ab47a424dcd6e3d1176092a212b0a28591d07f8c2d0cc9d2e0eeddfcea8dde314c2f9343783c61075b071a6

Download Submit
/data/data/com.errorforcode.netix/databases/google_app_measurement_local.db

Filesize
16KB

MD5
012c35cb81237b910bf9908e033dc89b

SHA1
bd0599a190c97a4bac5429581b55b4c2533bb5fa

SHA256
e9bc50a2f32bcc035d6941220cac45f5ac1caf7bd2dd7270e7ea48c7b805df4a

SHA512
dc28df43b02c0d1dd177511c4a73fbcc4387dc7dbec3ec9abdcbd90c6d87295a4c6fc60e377c44670300a1f3e5b742fbcca2b535573e891e0117df78ef0ebba4

Download Submit
/data/data/com.errorforcode.netix/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7b703267893b7e43c74acf0bded5a80a

SHA1
cf1d0dea6a48cf5288e533c2d3ecacddfd2e450f

SHA256
d0ff754d2e0b30672150b83aab3eb1fc6dc35663dad1a483370dde17e1b18bc6

SHA512
0f1ee8e5f89e5aa90bc15e90d8abc0e5b18fca44575aeee4778f5e2700b1dab1547763b3ccb6ffc2691a4b547d850a88d970fc2d09acce4567b423606e5dabb6

Download Submit
/data/data/com.errorforcode.netix/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b1ef6689966683f57c245f9417078951

SHA1
2337a9891083bf73c2f6f25a5ee813c44d8c6e23

SHA256
299d86afc622f68b5db062cb08827e8cdc061076b9284b0b9f6cf4ae6af6be5f

SHA512
3b070289897f89b8de45d363b2d8938db8b19d2a312d10f5ef5cf46ca2bcf3455081aed8c41b85a8c5d41db99515ac41856ba9ce1f5f95f4f65896ed0731da55

Download Submit
/data/data/com.errorforcode.netix/databases/google_app_measurement_local.db

Filesize
16KB

MD5
25bd568fcab3678778d5dfbc6c9eb467

SHA1
ee7b314062a8bfeee04069944b01519da20572e7

SHA256
481ab338ec8c12c3e2565d00e13f7ecf0e36976c1e86ca5a2f9c6191d982b4f0

SHA512
6accc36c9b464375499f62204f998080ac717008dae2679994a3a197d9afb4ffca44b511b259d230a3959ce4b080c019a7ad80ff617c26ca44c809a56e087371

Download Submit
/data/data/com.errorforcode.netix/databases/google_app_measurement_local.db

Filesize
16KB

MD5
0f33d19c127dac185a9d24bea05b7a0b

SHA1
614017cf6ee424cc161f84b9a10502ddc973c686

SHA256
613f692bc9a5f13ebd099f614269d710c6af01d7655b21c72c4d1a53aea11273

SHA512
ab0598d62e4e854c9e288201d950e4093244bae287a1ca30dd73249049b84bbe3699bbb50c75dc6191251b6ebc134bcd3bd7783184e71ebc7b9ec788188e9345

Download Submit
/data/data/com.errorforcode.netix/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
94816c53070b7ee6cb4b5075ab8e9636

SHA1
b2872e78dd94efa2295c6fcedbe87bb3efe48fa2

SHA256
7bd746ed49398074477e5c4cefda739ff8de1af3d892835cfb95e535a9fdef87

SHA512
b2aaf622fa532d25ab3dda5d7dd79cd91c5c8baddbf97a562dde15608e5f52679d16bf09879f29d78d6983957538199eaba5ee9dba27322780935e08a6b2380b

Download Submit
/data/data/com.errorforcode.netix/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
854dc7f193f985cece3117df6ae31669

SHA1
d7de6502dc385e4bac1f2e2678cd79895a9ec011

SHA256
2ca292465b938527ce072e8737614a47a58c7099347606012cecd5477ee9ff5b

SHA512
bfbf3b6177205b37f91cdbf62f17d284ea8c7e16a077b3d376a4f767cca48cbe760b68df7ba52c9ad4b88df932e20bf1bcd079983d126cf0c40d27d01cab0634

Download Submit
/data/data/com.errorforcode.netix/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
9a5ced63d26f77a0661fc2f43946905e

SHA1
fb00e7a494682be82cec02b8f003c2f33bd432bd

SHA256
e680b2f44587fa48a210718a44345b68713cc50c8ae9aa643e40665e2817eecc

SHA512
fce588352fa7b3908a925a3b0ba6a3625dd42053f6ca6cabf9aa21fc09a51d822676e8532f9930cc24f2dfbd54ff083e99a2eea8169547317d6e31d5b17ca940

Download Submit
/data/data/com.errorforcode.netix/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
1825bdf08517cd91f9ac27aa4d74bccc

SHA1
9b1376443451a562cac4f346880bbe64ef278d10

SHA256
8f11a6f0dcde4cd70dee8b1b135d73e5f46cad9109401416b52d50e342b575f8

SHA512
94025f8fb071e36d257b95153b037099c9fc247036a45a332bc6ecc2dc56360b5248ffb64ebbdd72d141d4b75904194fccc8d4857f6733b3a079f90131b6339f

Download Submit
/data/data/com.errorforcode.netix/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
b46f97d337db82bdf488704d4c811345

SHA1
188242907157cdd0c7ea42c18e56bbdb6e8b80dc

SHA256
90be610b79a62b925d0d03fd847a3967be70375efba9fcae713b9b9e829e627e

SHA512
0a6cdd085ce5d4f1ac930521c420e21249299bc459b403bed6bb9cd95fdb9a9b371f50f14b138c1672165dd059fcdecc77387319e419c6aa800319d7984f04d0

Download Submit
/data/data/com.errorforcode.netix/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
13aedaf79cba087e2ed4815d554bc4c8

SHA1
a136100a8d3a586a758c65379c34340ba60827bd

SHA256
4f079e4ca09ee74f6fc2849109b0170b879a347913986bda36a0c740f77e8615

SHA512
9afb8eb3ee453e907eea4af56010c446f3de4463367e689f8057027ef5376966ae547f08fad394d0dd9cd00bf04e9d74b2b81ccbcf40c76964a03fc1b3415ef1

Download Submit
/data/data/com.errorforcode.netix/files/.com.google.firebase.crashlytics.files.v2:com.errorforcode.netix/com.crashlytics.settings.json

Filesize
718B

MD5
9cde45e51acc90eac7338495b33f22b3

SHA1
deee57c6bbf694720ab2f1653248d1f8b344836e

SHA256
7531b0d01ffdfa816a68b2d7264a7fbf16f278ee43351d4e93c7ba0af72b3dc9

SHA512
0e024f093bd1c1da16a455b5e2ad6c4e36e47a5e6c7841111eb55e17e3b20be912916374e6f5207a8a012f70e5c87072d0479d2cb6340ee497b9b1096d37228d

Download Submit
/data/data/com.errorforcode.netix/files/.com.google.firebase.crashlytics.files.v2:com.errorforcode.netix/open-sessions/6779B03B01AC0001110312EDE1430E29/report

Filesize
741B

MD5
0fd9e1a1fcf072da6ea663e1b7947675

SHA1
5424ca05e46f7c7d5dc8e0983daa96eb5a6b63ff

SHA256
4269bb3f21c8b86f0d49b77d41df7e148345804f251543d0e1a62b2492732520

SHA512
c73999b997ea0e48fa3f4bbbae69bef7f775d49efe62f3409c795047f78e24436254d071d2773f89bb757ae3bb2f49f82e08e3fa1ec1f52d2c9242eaea2bb7dc

Download Submit
/data/data/com.errorforcode.netix/files/.com.google.firebase.crashlytics.files.v2:com.errorforcode.netix/open-sessions/6779B03B01AC0001110312EDE1430E29/userlog

Filesize
192B

MD5
3a10863d14c8eed623fdc945eccd5f1f

SHA1
7c45d337f3c7f6528500c3c215f6826cf22348e7

SHA256
e294993e58f8dafa9dd24a60ff7ba65e5183f5f87059f10fe5f93583d1826e97

SHA512
004fcef09690006803198d5f2ddd603935c42d80effb4fdb6f7c86e645c4e276d0603b6bafcf89922363dfb4206dd9033508c9eae7817bb9f613dc33fc385165

Download Submit
/data/data/com.errorforcode.netix/files/.com.google.firebase.crashlytics.files.v2:com.errorforcode.netix/open-sessions/6779B03B01AC0001110312EDE1430E29/userlog.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.errorforcode.netix/files/PersistedInstallation1568850703319187999tmp

Filesize
569B

MD5
16ff147effad5352b43b8dd1722421db

SHA1
59a2989faf51e42f0b916c6f23d54c1d90d23b9e

SHA256
0ffdbcea89b44ce921c8fabe0752022ad232eb8b0edce132d0323c68a974a737

SHA512
965cd9b1aa8b93e15798c394fa774a3135fff67cadf6066cda488ba5c8cfa5ab225fcf146b3fbd2fd9b6325ebdeae2d5f49f2f9fe2f98fc9a5fc9b3b7429f543

Download Submit
/data/data/com.errorforcode.netix/files/PersistedInstallation4157016991615218568tmp

Filesize
90B

MD5
c0b1756da3e085d5275b7d320b923355

SHA1
ace954f4f0049f2bd6bb3f256376a27558a81f1c

SHA256
dd4d0c1819dd5991fde286af8549e9dd9d532ed1e7f5ff66a1581170e32f5a24

SHA512
515318ab8f73c95c09dd7373a12292aba530ff4e1e7d51d4bf9690fb36c4524d72cdfbbea568e4ec6cf40ba5d466c7ad938b4de0afbafbfb18d70c68c6972cc6

Download Submit
/data/data/com.errorforcode.netix/files/database.db

Filesize
383B

MD5
ea3942b1c17855bf8138c226c60dbe27

SHA1
9977089e907544abba3b6e661c3d7bdc656b5787

SHA256
86bfcf9abe4a7f6949cf0573aca76d8c20d39cc1eb4b156aabce218e94729173

SHA512
c5f7b8d225d7b02b4a6182a2032cf49eb9512227a996ceb10a27bc69996e9d53b01b6875cdf579eec822b671973f439e7e24aaea54994a359c4efc93e51bdc5e

Download Submit
/data/data/com.errorforcode.netix/files/profileInstalled

Filesize
24B

MD5
4512d8bf7d489dc825dec9a4429546de

SHA1
3be0cacdadf26858a10f3ebb841476b3c37a96e1

SHA256
e7398553976ee6462f010d235a037f25811d8e51b7f4b9e53534aa5081358b0c

SHA512
57863968628661105505a77e0fd8f2ed0f5311fe43b3df49a940a7ac8f496dd1f754af4a327bb6826e88047e9d4300a9f59bc5babfe03b5d15e1c9ddf82fcb35

Download Submit
/data/data/com.errorforcode.netix/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
96ce81c97614082b82e5a8036e0ae46a

SHA1
8c949bddc8ed07e9868c1d7014a20c853ad42e8f

SHA256
4db50e707bc8ef1733bafa962d25108a5b049329e75cd594a84c217fd953a832

SHA512
1e512e3ca3a823782ec78e54c29b7bcb5ecfc4b87644b80092ccafab37fdf8455261e305a64786316aa45756e0d2defa5c93b538d04d562c6709b21c0c2dbda0

Download Submit
/data/data/com.errorforcode.netix/no_backup/androidx.work.workdb

Filesize
4KB

MD5
0eb157e1a86d4d00aa601dd2f6ff3ee3

SHA1
fee434f784e73cc7916322e949f727caf8363102

SHA256
b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4

SHA512
b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8

Download Submit
/data/data/com.errorforcode.netix/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
b46fe3721abd698370f2eafa8c66466a

SHA1
ede8b031373f811b2453875ac740a4ded939e4cc

SHA256
e0dd8a5c4b9c55eebc6187a7741e341abd2abeffcbc9eb59b668e8bb7dfbe349

SHA512
501d32dc798741a2fee9c209ce5ad90e1e96215e599e6d5e410360954ad31db6a53cc4c17410f031bff23f55386d47c6b166c9a28fe741e46e98c6e4751942b7

Download Submit
/data/data/com.errorforcode.netix/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.errorforcode.netix/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
6105816bd2050ffbe39bdfc8a24b3a20

SHA1
f247249b2cac28e07680e98ea5aaa1323083c629

SHA256
e3d67238612c687f9bddc99e57014493704a8861fd188da58266a54dd4aa681d

SHA512
e42e53576c82841c12293a5915c065312e91725933a7f832c1931290b16da8c1ab73b3051e69344468803eb0eb3e8f529f92f1f6d8b21732ed4d82a26a744187

Download Submit
/data/data/com.errorforcode.netix/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
2857f86f258286c64827a7ce97923487

SHA1
ebd1ff66053ef0d752a57d0da6badbe11cc7ed45

SHA256
6c3bd8358d4ae75a41e891e843ed98dc0b95ab222f14f77cb951c5846a8c49e1

SHA512
e212d53d66e67430e50fc69d331fc8bcfa0425a54449534919c2acfb35db5ff835607a5a833189cf8911c2473f4d8f3fcab1cebf7b6fd72be07fff71215a1252

Download Submit
/data/misc/profiles/cur/0/com.errorforcode.netix/primary.prof

Filesize
1KB

MD5
75ad853d00b594ecf3d487b46968d6b2

SHA1
a6c43600a20724d7d5106767fa9aaf655a8cd48f

SHA256
d91a23b0e7361f2fe6c3c6a640698e72f280b762c4df04681fad5aca0a959fa9

SHA512
1801d2fd94cf02bb8571b8035b02738f6c93df43d298fb344dd25e5cfa274f88fdc337f674c6b558f558c4b0521256665ac7b55289d4009263741ee7ccf6c4e5

Download Submit
/system_ext/framework/androidx.window.extensions.jar

Filesize
123KB

MD5
3056e1bdb7d4e19789d0319eff484bd0

SHA1
6791ae47aa9466fe0bca27ad6643f846853bbee4

SHA256
8e6331a07c9f2ac139214c527dcaff2c82d126bbe7bd3420cdc36d6a8c9204b0

SHA512
c790980fd68d9f89e32743bc28846807d5e5947c555f494de47714dec5cbd0c08d81c3260fa463759d1b17a953af3c44ec30b14fb08bf6b29db3837346c9f658

Download Submit
/system_ext/framework/androidx.window.sidecar.jar

Filesize
25KB

MD5
29469324e59dfcc052f24b5af4e7b2c4

SHA1
10c1e17ac6f598037bb51baa07945663645de4eb

SHA256
9195dc6a1c75a841384050240dfc972e48178964993fba6619788625f4b40d1a

SHA512
5e27c2b1431369a248298f2f749136a575005584f9999f2a4c204a0c47adce2e33c8df9f058bdafa1bde1c99e46d175560cedfcddcd8581718ed1d9973c37cc2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads