988b57dbef854f64c336421be4ff779ae07bc3a184cefc2432f98966f862579a

Analysis

max time kernel
123s
max time network
150s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
28/03/2025, 22:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

988b57dbef854f64c336421be4ff779ae07bc3a184cefc2432f98966f862579a.apk
Size

3.9MB
MD5

7c8b3c00973ca3958f4e41e8950cce35
SHA1

824a227d09917582c8ecf5594b62454931fdba22
SHA256

988b57dbef854f64c336421be4ff779ae07bc3a184cefc2432f98966f862579a
SHA512

73b980b63bbdb97388cff1220deecfb507d903cda89ed3cde99a3f0a3dab67f49e43ae5ccb16642d0c33dc7eef99ddbd3f150f173b8cc9a1acbc7105b363a13b
SSDEEP

98304:2fZi2qb/g2nKAPQthA8Cm0IkxOLN9g2/Lo2PZtceey:s4h4j2l8SYY9E

Score

8^/10

collection credential_access defense_evasion discovery impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

defense_evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.GjIZIJIz

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.GjIZIJIz

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.GjIZIJIz

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.GjIZIJIz

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.GjIZIJIz

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.GjIZIJIz

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.GjIZIJIz

com.GjIZIJIz
1⤵
- Checks if the Android device is rooted.
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about active data network
- Listens for changes in the sensor environment (might be used to detect emulation)
- Checks CPU information
- Checks memory information
PID:4622

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.GjIZIJIz/app_tbs/core_private/download_upload

Filesize
56B

MD5
08a63c618272902cdf012e94b32670d4

SHA1
0e4cafbdccb3a994a0e9ad388c00731c3ec328e8

SHA256
7ea072bdec5a188e32fc98a57ad3ca924f2fe65c986c80012606e91e34d62c5f

SHA512
68a28be5ae3bca29bc5c866871c0389003bb0362bdc7d1142e171dbcea3933a2ca441854f25268e8b512d27185101243199fc46e4d69907be8d0aa790be2d829

Download Submit
/data/user/0/com.GjIZIJIz/app_tbs/core_private/download_upload

Filesize
56B

MD5
8b94442bbdafa818d90d3d965f7e1dcd

SHA1
7b54e3b2452e37ccfa2ba18d9546c21b031b9e12

SHA256
b228011228db04ee2093053a955cc518c29ef9b8d06596ef990e3efdfd1af519

SHA512
cc1d4544320574d4cd999743a154d6688a5b6ffea8c69308a16d8fe3d49c0bfde10a48a39ea9f4db98204bdb955fa18c3cb0ddb46ac5e43de0c5b82c91d127af

Download Submit
/data/user/0/com.GjIZIJIz/app_tbs/core_private/download_upload

Filesize
84B

MD5
87d730c042436581d72d91b04a14c1b0

SHA1
fe7df1a04aec8512a11949ee422743f28d7d66e5

SHA256
7e12b3fd0aa884cfb6a0a7213166707edb997fa2f8ac402bb07d85fb135a82e3

SHA512
feac56e94890d3b5859b3703072e612b514cb8c8972fa8fddd63db2c3263b3afa16df1c64e9fd2d263c87315c30ca12475f6f5393d68f1ef278d2e7a3e9c9ccc

Download Submit
/data/user/0/com.GjIZIJIz/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzQzMTk5ODQ0MTI1

Filesize
1KB

MD5
1bb0be1ee3f84e02bda8ce179b961ffd

SHA1
e3008e0dd09ee5fd615e1ced1f607e1076c48faa

SHA256
0b2fb0f2fcb3a7d0dce0b21b95ebc2ca4f7c39926cfb316245a19604774b4acf

SHA512
611fb7bbca4b0129208f1b59ee7ad197256975cc1073aebd9b85c826d3dbfdbc0c642b6a2a7ed5964732fb6d4ebc196ed15409427ea892522d0ede29cb48067b

Download Submit
/data/user/0/com.GjIZIJIz/files/umeng_it.cache

Filesize
350B

MD5
bc0dadb93fdc920315f587e7a7853564

SHA1
62798c32813355c071ecc6426ec742e4f975773c

SHA256
a509b31e585954cc9df95020839e34adb6232d5b30baab7ad2073299633f1593

SHA512
99b3d26d49808969552b1e7f7987e29b1ad6a3c8c51c3a1646a11f6d1ea1e61d8296c81a78d247b6fd00c87492353b978fb294a26e8c78790b49175673541412

Download Submit
/storage/emulated/0/Android/data/com.GjIZIJIz/files/tbslog/tbslog.txt (deleted)

Filesize
5KB

MD5
aa0b3696507a4b03b3862a71f695ae93

SHA1
dc201e2bcf80ecf383b7f581b22169883b3e0ab5

SHA256
65db96887a1a70a951913f871a8bf2b16a11b84290dc1fdfd93a184540e4ebf6

SHA512
f662d7bec48a315150d148f9ecb99fec3b4c88fb8d99c18c93a6b651dbf4f43694437aa491880bb0d6321893a6f74890207a00f3592d36c686bdebb4db222ad4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads