Overview

overview

10

Static

static

10

1cb7ecc4a4...72.apk

android-9-x86

7

1cb7ecc4a4...72.apk

android-10-x64

7

1cb7ecc4a4...72.apk

android-11-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    155s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    25/02/2025, 22:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1cb7ecc4a4b704338d30b5448de216914f1f890d454cba5700f0373d298dbe72.apk

  • Size

    4.8MB

  • MD5

    fabf41317034f05724b6c11d80f8ebf8

  • SHA1

    7fd7a77e2494f9add7c2fd56dc96e55fb0b799e6

  • SHA256

    1cb7ecc4a4b704338d30b5448de216914f1f890d454cba5700f0373d298dbe72

  • SHA512

    31ab0316b4d58ec3058b90abe5789bdefc2c58b87f7fa62e789bedf3bfb7cd1ed7bf2e047e4256a271c35a4b5f723bf739c096eef34ac8c684bc07708a0f463a

  • SSDEEP

    98304:vhHA4TLpoN4WNibGNa64CUYeD0fD0iD0qD0eRD0nAED0EiD0bbD0A2K:vpA4LrH6/GYeDeD3DNDvDC1DsDMbDR2K

Score
7/10
collectioncredential_accessdefense_evasionevasionimpactpersistence

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    defense_evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 7 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.intesatoken.appnuova
    1⤵
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4452

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.intesatoken.appnuova/files/db.db
    Filesize

    40KB

    MD5

    c9ba8af2c46cfab6a421f96b0c7a4aba

    SHA1

    7cf335d13973adb71de16c9683c65326e04d0107

    SHA256

    c4ddb071f51d8ccf2ae17406c75498de55d820371a8b28c77197a127d131863c

    SHA512

    0fb0dc739a67f5dca3872f616adbbf361a82075411e17a3d6be06d7d52126b284f2119524d9ea47c251d77752b4802727d1499f015977616dc8ddcdd40309afd

    Download Submit

  • /data/user/0/com.intesatoken.appnuova/files/loading.gif
    Filesize

    121KB

    MD5

    7b38720a0352dffa26411726c72dd2b0

    SHA1

    b15e687f42abcdc12427f146a3115ef2259211f8

    SHA256

    2013f490d45638cada331b3474ed65b9a43cec60da773accc98332e58c06336d

    SHA512

    0df28f87da4f9beb3ca8c108f54021a2a1a1434771abbb5ba67a2736097f2287b05e5220a33e92c42ee13ecae1144714a422b986763712794f69e65bc44c83e3

    Download Submit

  • /data/user/0/com.intesatoken.appnuova/files/txtscreensize.txt
    Filesize

    11B

    MD5

    1b65c10c6215685f9d621d797f911373

    SHA1

    cc50aaed5cd521a62ec8cf9fe0413153ec90f265

    SHA256

    2230c2b2787663a054c47450ecd1718f0296853ad768b8e5d306ecb912685e89

    SHA512

    5a9139f295dbe384b1584eff5c11f3f86759232f7b661b75f27fe92b996b4cdc0552e315f79b26f5f2c1f91756d9ae04cf0c3675b6172e91a3d373b9b314496f

    Download Submit