Overview

overview

10

Static

static

10

3676a81603...06.apk

android-9-x86

10

3676a81603...06.apk

android-10-x64

10

3676a81603...06.apk

android-11-x64

7

Analysis

  • max time kernel
    12s
  • max time network
    152s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    04-02-2025 22:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3676a816037c6616bce49c186b30a1125ee568c2eba7d40000be013ee8dd1b06.apk

  • Size

    1.1MB

  • MD5

    03e8d7ca2eabc0e7554ec378bf26cec4

  • SHA1

    6ea1995c3bc704196dd546d01849933e76b3614c

  • SHA256

    3676a816037c6616bce49c186b30a1125ee568c2eba7d40000be013ee8dd1b06

  • SHA512

    63e865fb61c5311fed4ccc28f005598b463c82aa3e81641f28c970a461b27893e04e9aaff43f2279dbfc3ab05e33dd390a0de1bb7baae2a072be9f6144b7b511

  • SSDEEP

    24576:xQEO1+TFOR0Sb4DWIws0Q9n66R7Wv/kjy0hg/AJQM:y/1+B3Sb1tyL7+/70hg/fM

Score
7/10
collectioncredential_accessdefense_evasiondiscoveryexecutionimpactpersistence

Malware Config

Signatures

  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    defense_evasionpersistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.dawidevumira.cobadape
    1⤵
    • Obtains sensitive information copied to the device clipboard
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4771

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.dawidevumira.cobadape/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    7e858c4054eb00fcddc653a04e5cd1c6

    SHA1

    2e056bf31a8d78df136f02a62afeeca77f4faccf

    SHA256

    9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

    SHA512

    d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

    Download Submit

  • /data/user/0/com.dawidevumira.cobadape/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    02808bdc1ae05ee17e5cef01dad660dc

    SHA1

    b2c326be3a2f317736269af239791540b06d0a68

    SHA256

    4acedb95d8471ed8e4cd7fffeb19b423bef9c3aeb2bb39f6ad715132a0d2ac93

    SHA512

    b156de8a1d7faaed2e3ad7b9f7164e8072639732bf18d3a4f4017a9b1bf76bb835fb3c7ede40c6db2345c6a8d72d1a095d7e2d6a50a0e8dd4cad8f3c29fdfc30

    Download Submit

  • /data/user/0/com.dawidevumira.cobadape/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/user/0/com.dawidevumira.cobadape/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    3e698681bf70170e9c20bdae9161362a

    SHA1

    8d1477c720a0c0defdcda80a3c95a0852601af6a

    SHA256

    b81854818c738f2510f7ecfdf13b443ed5930858f638cbe6fdce96b253574ee5

    SHA512

    72cd06dcc0ca97decaf86d6050fd478184867b1520be9b77de6cad654b00393ae7bf5fbeebfbbe6d2033b232a8a164c4ede90ab38a6bca706ed5abe20c15506b

    Download Submit

  • /data/user/0/com.dawidevumira.cobadape/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    b3f4fa58cea19e09408268775847f1ea

    SHA1

    12f6a375301c47773fc94ed64f4b9456541881a7

    SHA256

    b5aa3780969f8799d6c6335bccc9de2526b542cd90ab8e8f40d3b6493f0d1b1c

    SHA512

    54d31627f241c193ae0f73aa0fd5621b9d825cce15261acbab751d880c423ebdc90d11104fca0fba0e1ee850fc893f09db9d5c159c9d31880dc72c9dabd5c19c

    Download Submit

  • /data/user/0/com.dawidevumira.cobadape/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    d5b66e3f64537f22ed75e24e940e279f

    SHA1

    b5b0eb33cb982b01f52d225799b50ad12dd3d687

    SHA256

    32965e8386c3a86f2bdb64063f52357495ca211482cc1c94628dde99cea53aa3

    SHA512

    af2c6f25ddd86d1b9b7ab1b63e85d5a767ed02a1e7215c356756930c18a9bde23d316d4755f866b3fd8c7a43d849afaa6d114ebd200396f96ed283038608714b

    Download Submit