af8d8233db16b4f3a6adbd7aef5300bde76dda74ccb610f5a1fc3f1dddc82ccb

Analysis

max time kernel
47s
max time network
144s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
19-02-2025 10:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ready.apk
Size

692KB
MD5

5016bd2701cdbe14a39b3a27395c97c4
SHA1

2d996cae86c9a36d7ff4ad75af73bdfc05b10a58
SHA256

af8d8233db16b4f3a6adbd7aef5300bde76dda74ccb610f5a1fc3f1dddc82ccb
SHA512

012ce5e15c8bd9f24c29fff033d8823e2ef511bed238285bbba841d3be16701145c01fddd8ae71217943e2b7a4af35b6e19928e72e077ea093e59a1c78b53311
SSDEEP

12288:cJFRKK4blrTQ9oQhKOUJQSPsKlXEHusT3cgtN0FDb6Rq21pgyBtWDzs:cRQFQYHJQDKREHHT3SFDbGNKhzs

Score

7^/10

collection credential_access defense_evasion discovery impact persistence

Malware Config

Signatures

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.appser.verapp

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.appser.verapp

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.appser.verapp

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.appser.verapp

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.appser.verapp

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.appser.verapp

com.appser.verapp
1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4998

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/Config/sys/apps/log/log-MjAyNS0wMi0xOQ== .txt

Filesize
36B

MD5
ef7483d30f9937599061cf8fddcea864

SHA1
6e31006bbd96ae01f49964c16851be3185ffcf40

SHA256
55106cf8a3fe38e18570e635b3fa4019a563c0921773fcd926e510806cdff3a9

SHA512
43bf4e0d05d4c1bbb86a4605169a2623490481c0a0630c9970f91138174049d800e2a9259b63c610c7983a528cf1dd6e8c98969981e3289e0850ccadb52e74fe

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-MjAyNS0wMi0xOQ== .txt

Filesize
24B

MD5
8b7b3f50eed2777d6c50bdb3e883519c

SHA1
f3f04b5679105f5bd0efc3dda76aa29258ac006f

SHA256
3c5f2c9318209bfb1e85b0bc7d92b4c038881913854a4ea1fd7c4fa46cbd0dde

SHA512
037435b68e40006b82c78989d7ed7b4751b7026859f62c0c2ba58957638d75be284509b6fd108557fcf452d5696f8e03e32b520d56b37d8f3416a519b6c0dbc4

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-MjAyNS0wMi0xOQ== .txt

Filesize
24B

MD5
2ac244b9b6eaae01972d1c5a23aa6909

SHA1
a91d8bd71990aa82b7bdd073dce972a06714f81a

SHA256
3df2098ad52682321aa7e134d7358fd3bbece7830b6b02db1be19de6b609e289

SHA512
ce061ce6d6f8ba4cc61cbd5e66e981d044905787d91e6ffef4b825bc3968ba4aaec710409471802146e746111cb0f61dcdc0c98d402bedbabdf201fe7aaeb18d

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-MjAyNS0wMi0xOQ== .txt

Filesize
24B

MD5
c7c859652eedf38ef39f669f97709f75

SHA1
2adc318b611b21e1ba76e3194111c05995e4ff20

SHA256
bf7e465191433903c9acb6a045ae906de3f3a1a0ecf941797ff94e2d6c2d3bc3

SHA512
9e32d16e10fcb31ed4102fc8d4571a8b565aba69ce380ec722c19ab39d5c643c63a797b31284b17e2033c802cc6ac98725cc22d859f61db1de4ac572568596d5

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-MjAyNS0wMi0xOQ== .txt

Filesize
40B

MD5
268c568eecb5b9d27e4e2be302aba442

SHA1
83a317acbadff1dc0de864ce6d9105eaefe0eb4f

SHA256
22b337b09c121cabda5bc4262a1b3bf10e23311f4972dcab524b2c4ee26b5b57

SHA512
95ce3bae96e751566d463a2698f34c6af7ff1422ad1df78ea1273d2a86955767d0d65c90afce7304a71eaa1ea592841a61167b5dfc8cca479952cc2055aed022

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads