4855970aa460909d3e7aa57251a89cd83864900a4ed1c011311c8e87a768b46b

Analysis

max time kernel
18s
max time network
158s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
27/03/2025, 22:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

haha.apk
Size

2.1MB
MD5

7513f1e7073f370baaeed7474834599a
SHA1

68889c85521d10d27ca31c20b72c4bb3061ab6a0
SHA256

baa6ffe5ca25c9d67b4944b8f0049a95adf79284236261ee0a6924def87c677c
SHA512

e755a7c98b8753915cab5ae87eaba17f9909972ce20c9ce75de484b5d1cb19568e69aea35306566e149632c0c2d0722df96557cc2c37865590c1af40c29d0148
SSDEEP

49152:C3g92A+0sJLNSCZs55W187bbJbG30TVkSD2YE:R+06NSus55WK73A034

Score

7^/10

collection credential_access discovery impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	eri.etzs.wons

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	eri.etzs.wons

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	eri.etzs.wons

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	eri.etzs.wons

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	eri.etzs.wons

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	eri.etzs.wons

eri.etzs.wons
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:5108

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/eri.etzs.wons/files/profileInstalled

Filesize
24B

MD5
74204505f0e1d709ceccdb9453c5b077

SHA1
45eb80b2138f6ba9669cd3dd599b9bd140ce7348

SHA256
762f3dc81d0a127932c107faf06d9af8a047fd96e46ee7bfef31d453c4a07f91

SHA512
746abb28063dd97d2f90cfc79a7c26cf978b416732df078a85bedad124f86c716d433b54bf8e4e9369827de85cf127397febf88ef2037ef05435193f285b391d

Download Submit
/data/data/eri.etzs.wons/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
6d7e1bf1d5fa3210c355db3e8804bd76

SHA1
00fc9ede87cad7e95182a39851cf7eb8e8da53fb

SHA256
113ff6803923f60eb58f22b8e5384f45baf8ab026c0ab299d7d19e9e8120fbab

SHA512
77887d157cd55a0276e633f9b8f7a60c8bf6f235c1dd2ddf2f98e86402bb6784110756ffe5bc54e96c90da5fc66325e0b86e8af0a0c3f481e0c80570e3d4bb29

Download Submit
/data/misc/profiles/cur/0/eri.etzs.wons/primary.prof

Filesize
1KB

MD5
f161240cd045c531ecb44c32cee4f442

SHA1
d71bbc3aca53bd32acf65e3ca6100b8b719e2dc0

SHA256
137c0a1d7d809e36dc3b99d5d2ac2e9c76278092ba08c52a65eeea4ad860e11d

SHA512
0001b2c19d4c04a822484ae165ef5d3aeae6d1f823b8f2e9a41a709d57d4f399d0b879f2bde58fbb614bc77168ad4c404cdbe2a7808901a179024fec7db9c378

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads