Overview

overview

10

Static

static

10

ROPanel-FF-v4.apk

android-13-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    android-13_x64
  • resource
    android-33-x64-arm64-20240910-en
  • resource tags

    arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
  • submitted
    27/03/2025, 07:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ROPanel-FF-v4.apk

  • Size

    37.4MB

  • MD5

    848920df47508f0316be22ac51ac88e5

  • SHA1

    44c65cb043c4485e6fedb1123a2ab0f11c24b8d8

  • SHA256

    7daef80bc7cd3ec6303ffd1e07d06982431b2c29685fbf9f95367a9ad4521b2f

  • SHA512

    dcc1ef0559e7c7c01ba4b5e3d87f7cbac9ec2a113761c2d0bd081d8834f71fa809d27857c2d64735769c093b2e4137f5aa23547c977bb0ae53dd01c855674f23

  • SSDEEP

    786432:MHVEVNWex9coTFuIPFd1VDUCBITOMWePBy4yUCXJ6PwCBL7n4x9G/d54:WEHRx2oMAd1VNpMWePByjJ6Pfnn47454

Score
7/10
collectioncredential_accessdefense_evasiondiscoveryimpactpersistence

Malware Config

Signatures

  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
    collection
  • Reads the content of SMS inbox messages. 1 TTPs 1 IoCs
    collection
  • Reads the content of the call log. 1 TTPs 1 IoCs
    collection
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    defense_evasionpersistence
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.jatodoshackers.returnsffh4v137
    1⤵
    • Obtains sensitive information copied to the device clipboard
    • Reads the contacts stored on the device.
    • Reads the content of SMS inbox messages.
    • Reads the content of the call log.
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about active data network
    • Checks memory information
    PID:4504

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.jatodoshackers.returnsffh4v137/cache/image_manager_disk_cache/0862bb2fa7acf8076df7993c8a6f54717eb17891c08028cc791332ea52b5075b.0.tmp
    Filesize

    477KB

    MD5

    762ab79bec280dd06ad1038d3013490b

    SHA1

    9fa1bafc2dccadb2c97285cd6fdea161dd9f68f2

    SHA256

    2f012327606074c67ec6b0f7f43f692113dc985b70ade60cbe50d76bd445726a

    SHA512

    718714b91afdad553b19c5293632175fbfcd3e354a8fa3164da98b90fba7a096fc5be3f43f09ebf8ae456d4b068c24bfca664dde59242d795467c979d61e1f2f

    Download Submit

  • /data/user/0/com.jatodoshackers.returnsffh4v137/cache/image_manager_disk_cache/516ccc2cce0598e2d014e3045f6f042b92ce13c5b4b4f7e548ce83ca3e7d52ef.0.tmp
    Filesize

    4KB

    MD5

    a1810fbc3690a34611ba34c66d7f5d23

    SHA1

    5d1a7eee2c7d42b778d3a6ee5744cb2a2045a09b

    SHA256

    0f3143c0b60533d0d8f655463338ab22c1cc31fedcbecbcf25bb4639ffd06144

    SHA512

    51d6eb90fee3e8a1fdef0eb8ca3ee97828194ae8bf843dac18280be2dac89fcfe00571264a6762f45e759cff83dd806f55eefe1f3d09266e6f378c35cf2330ca

    Download Submit

  • /data/user/0/com.jatodoshackers.returnsffh4v137/cache/image_manager_disk_cache/journal
    Filesize

    397B

    MD5

    7573bc07009ed3431ba59398c30d0cc1

    SHA1

    901a5cce1ae89b91cb7f9d54cdb7e916b684f336

    SHA256

    e290f7491906450d0b9d07382fdf8f478912b6416faf8e0900b1fceb6dd94815

    SHA512

    25e4a293d88193e3c33a27b1d2d0e7a35985ea581b0f3bd84c0e3c445f6b6485b277d028bae2448504d69784484b0035efc00d8bd13915d56ed0503b56c71036

    Download Submit

  • /data/user/0/com.jatodoshackers.returnsffh4v137/cache/image_manager_disk_cache/journal.tmp
    Filesize

    31B

    MD5

    8c92de9ce46d41a22f3b20f77404cc1d

    SHA1

    8671a6dca00edb72be47363a7071be65cf270373

    SHA256

    68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

    SHA512

    30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

    Download Submit

  • /data/user/0/com.jatodoshackers.returnsffh4v137/no_backup/com.google.InstanceId.properties
    Filesize

    2KB

    MD5

    88232abcf9621cc94b3a630e2313e058

    SHA1

    73c11b8ee5784b3e09cf19aa9a0fdb43f7894045

    SHA256

    3fb08b29adbdb00584d25e6b1e2911d6885567577c96ae68c8792cbfccc011b5

    SHA512

    889e9a73bc7fec8463f6b1cb6dfefe2dbfe17c0180ac39576fad9d1f3f9d83f11ba25d45fbff799aac330c11e21e29b7ad24a7c6f2e10d3f2c7ff384ed3d2a14

    Download Submit