Overview

overview

10

Static

static

10

Chínhphủ.apk

android-10-x64

Chínhphủ.apk

android-11-x64

8

Chínhphủ.apk

android-13-x64

8

Chínhphủ.apk

android-9-x86

8

Resubmissions

Analysis

  • max time kernel
    295s
  • max time network
    308s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    20/02/2025, 07:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Chínhphủ.apk

  • Size

    23.4MB

  • MD5

    9b4aaaebca0f904234d371475d3dcc6a

  • SHA1

    fdbd2957048a9564a923bda70d68ab292bcb7540

  • SHA256

    c6e52bd7d8a1de54e5a6551a7a737c989d93537c1bb440fdf37914c799e77f16

  • SHA512

    d8ad4d4d10747264e2ef960dcef5e70049ca7eab102fbd02ea07982e01b6af2130f95856694a9ebe0f3bcc3e2512a8bca92f944b1b5aa9f54a0cf5e34ecd67cd

  • SSDEEP

    393216:HehX6Cksss3FNgIuc9zhL9XmENEuEyIlRrU:+hXedsFitchHXT+U

Score
8/10
bankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutionimpactpersistence

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 5 IoCs
    defense_evasion
  • Loads dropped Dex/Jar 1 TTPs 4 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
    collection
  • Reads the content of the SMS messages. 1 TTPs 1 IoCs
    collection
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 2 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    defense_evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 2 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    defense_evasion
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.cam321f.mac
    1⤵
    • Checks if the Android device is rooted.
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Queries information about running processes on the device
    • Reads the contacts stored on the device.
    • Reads the content of the SMS messages.
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries information about active data network
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Schedules tasks to execute at a specified time
    • Checks CPU information
    • Checks memory information
    PID:4446
  • com.cam321f.mac:remote
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's foreground persistence service
    PID:4670

Network

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Foreground Persistence

1
T1541

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Process Discovery

1
T1424

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

3
T1426

System Network Configuration Discovery

1
T1422

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Protected User Data

2
T1636

Contact List

1
T1636.003

SMS Messages

1
T1636.004

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.cam321f.mac/app_crashrecord/1004
    Filesize

    222B

    MD5

    6ef71c44538f61c1e8aede1a826047a8

    SHA1

    e005f1a8d3112b95513dbe9bf5823b8875184364

    SHA256

    3c4ce61f435be6b5ca743e63e2858c2a23c06847a3574f47799d7716be2dec45

    SHA512

    9ced71b78b20412a2a6a5ba4eff5ca8b6d64a97e9a356ca8c8bf7a2aa0564328ceb2ee7ea37ffd9811292b438154bde70d771fd548b9a5bc1cd9a01de1553a69

    Download Submit

  • /data/data/com.cam321f.mac/app_crashrecord/1004
    Filesize

    58B

    MD5

    0d210bfb2a0e1f1b4c082a6a0f79de07

    SHA1

    bb8ed9e364db79d1d9f2fcde3f15091893222faa

    SHA256

    988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

    SHA512

    536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

    Download Submit

  • /data/data/com.cam321f.mac/cache/wp.jpeg
    Filesize

    143KB

    MD5

    e1c1cab680423d4dc5dc0d0e19a9c7e3

    SHA1

    448b0be9efa34d026bcadde00fa73a8bdb9e61d3

    SHA256

    1e02b2561a6eb7c5cb2f97a28ad15cbcd47488d5a47f5bfcd21038e5361aeb5d

    SHA512

    ad41acc422535807026b089e9bc45c2342248e7b76d5dae3c2c138301862a63bb6b486f5e8e5009e05542e29d3a04deee5861fbe74908bda4029ab732f184b8f

    Download Submit

  • /data/data/com.cam321f.mac/databases/bugly_db_
    Filesize

    60KB

    MD5

    64ec1f78c63299c74030262a857fb0da

    SHA1

    793e62553f1b56a5b430ca08f5f9d7380aca9a4a

    SHA256

    4372f0d3cc0e19fa2b8b0bd0f376f4c9b79f21ea6cd7cd44a1242d5a9aac340e

    SHA512

    c7aa3960362b57ee39b3c7640cc7e094c404577902f5d62a288c6a5356ff36bb3880773387cd48d8a2bf8330a60c88fc5ff2a80ef4633f2f8cc89cd2b72233f1

    Download Submit

  • /data/data/com.cam321f.mac/databases/bugly_db_-journal
    Filesize

    8KB

    MD5

    134235093e652b932319b8cccd751c11

    SHA1

    b3534957ad10fc9cc55e270e130768cdeada3ecf

    SHA256

    4e2c29e07200f060642ae14691c6e88b477bef67a07d6e449d922e7804cd4c23

    SHA512

    8d2090caed0d51d5c29a98c3079c421654e257ecd85a15f1b7bc3416cc891c6c6ba5cb8281672ed52ce871be6ab6a7e8202c5f0adc29f71c99e21fef91017fe8

    Download Submit

  • /data/data/com.cam321f.mac/databases/bugly_db_-journal
    Filesize

    8KB

    MD5

    a047a4b1076583413d19526e1e106e5e

    SHA1

    f5f4fd323efecd7b418c534b475d87cf1f731d61

    SHA256

    04aa9d45e7afc356630e27a2665b0737d9a118d368025c5ad9a82db23475f8b5

    SHA512

    0e22523ca29dc1c4e497179f9465f8fdb3f8f9b318a47d4a99606a5312d06b566029b0a5759434316afe56a75e8ace6b049cd63e9a78e1a8117cfa8b31e2d1fa

    Download Submit

  • /data/data/com.cam321f.mac/databases/bugly_db_-journal
    Filesize

    8KB

    MD5

    f9f97f3ce2a4f301e5fa4247eea23385

    SHA1

    002ae83159b2ebd4686fe38d9845fd78c51f6ecf

    SHA256

    eee1f12c076e683a951a470781293409bcca69f7e3445ae4ec140173fb92d1ee

    SHA512

    5e86eef064624e3d4e1cf47885c982949ae0fe791ed630d3b5ec92ba3381c3d04ed504ecd81464ff299bc10bf7ae50ba97e8f83bf7fd15b58aa7acb6d99d6ad6

    Download Submit

  • /data/data/com.cam321f.mac/databases/bugly_db_-journal
    Filesize

    8KB

    MD5

    32eff8df4e0317a64200caf68bbcb969

    SHA1

    9765f9ceed074b271526bf928136abfcb89d61e2

    SHA256

    29471db8e570f43406c56e0b348a4e1a03f9cbcf6e0f5e26e24fedcbd6c69f1b

    SHA512

    5674cfcd16074eed0a6e3e00b42f7dbe505e49c8d8274001811821fb9247add7ed42e3419f2beb0859e823b8c99fa6d66407f0c8491713ae556c1b8baa86f940

    Download Submit

  • /data/data/com.cam321f.mac/databases/bugly_db_-journal
    Filesize

    512B

    MD5

    c71082960c4fea293643bcffa6b0bf65

    SHA1

    c9a6cc94fcec4574e4d55c93c305f1f6f8702fdc

    SHA256

    58affeaadef9174e330b65e2a9a4206b2266fbe2430591883c550153c423bed5

    SHA512

    3a6d513d40b42619a6f35f7eaf23dc45100bd8afc9e90ba311b723b717e9655c52d0a19e686c7d57f467af1f9dd0db1a478a44083b23dc91413515c8e0476fe5

    Download Submit

  • /data/data/com.cam321f.mac/databases/bugly_db_-journal
    Filesize

    8KB

    MD5

    85dd64fc78ed34686c853eae381d4059

    SHA1

    c6a48c7dced086010b15a971f605850a46f1eaaa

    SHA256

    ee7bf0d629c4fd0ffdbd41016eb0beedd96e2ad1939aff2a521301247f0091bd

    SHA512

    266af33846757aa7df21e97f5b8cf3b4eca231a30829ceac32c258ac0713504af78373efe329c7b043f578475e35e6b0ec1f224f7532fe2815c39f2704fca0b1

    Download Submit

  • /data/data/com.cam321f.mac/files/bugly_last_us_up_tm
    Filesize

    13B

    MD5

    8b4e210c8c36d683389dab9222608811

    SHA1

    04ba923a4e853d387093d364e11261d74c67b2b3

    SHA256

    00ee972b178959314e66e6bdfdcbbfa6e43d0fab1466efa99c3c8264d58b1644

    SHA512

    92ed216672650b8b0c547953321b9b1c13a275e1e07c949f0ba7ab96a7b42e78f723cd4e1c4884d36219ba2f7a76cd3ca3b2e0845304571faae414ccda6a7af6

    Download Submit

  • /data/data/com.cam321f.mac/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
    Filesize

    8B

    MD5

    02eea56ffaef06c9cbb731f6c611715d

    SHA1

    ff1672f65650646d639e9227b4ce42515225646d

    SHA256

    1912b3ab6e7a0399088ee7f893cc28fb7ddd5f5af2a425bea088c085229c07d5

    SHA512

    cc5de59543fd7d1bf89a7e01613f7aefd6ea817ce1e56bfe88fc7b6b2e10f81730d8122eb20583cec96a0d6e308b692c2694623f9f0fa8049a183e538045c26d

    Download Submit

  • /data/misc/profiles/cur/0/com.cam321f.mac/primary.prof
    Filesize

    1KB

    MD5

    027bf4950972c394dab576e3f799c8f2

    SHA1

    5933accf7e2152da750868aba364d5c84ab25ab5

    SHA256

    d000a751679b0cd000fb6e0356d51292b3c14a5845e0392984c92ebd6d826f36

    SHA512

    b3dce7b6178c50c37d373b64d9bcd781627d71cebac3276e88fb15754442ddb4ebd7ae5c698ca8a01e0414a5685bec4d1720682efa88514daed05068bdf10551

    Download Submit

  • /data/misc/profiles/cur/0/com.cam321f.mac/primary.prof
    Filesize

    11KB

    MD5

    1de19a7fe24ad42757b4d41dd07bd46f

    SHA1

    532452f6d01c293681fab7dd265d3894a88ea60b

    SHA256

    94a04adc35a33322eca088ad593ae64ce86b2d73dc225ba0e7c117a22e9f8f4e

    SHA512

    dc387448f9765d74bd32a9bf721bf96c7eabc3fb999d82f133d3d24641ebe07d8b606f1b69c7321ea6198d0996f02f2970e2146622f382539213d8392c3ae57a

    Download Submit

  • /system_ext/framework/androidx.window.sidecar.jar
    Filesize

    12KB

    MD5

    bdf3529e80318eb14e53a5bf3720c10d

    SHA1

    25c9ace4b1af6e80ebb2572345972c56505969ba

    SHA256

    bbc8300dd1e9cd08de8f66560c1ac2c928615b72b51cef9649f88974f586d64b

    SHA512

    48b9c2d01171bb651b9b54826baa51f4add48431a3efd8ceb5f7cc3bcd6f8f37edf47fabb24349dd15b3a02329cd450f90a8d164bf4f8dfae554bf3b35a8a55b

    Download Submit