Analysis
-
max time kernel
35s -
max time network
131s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
30-06-2024 22:12
Static task
static1
Behavioral task
behavioral1
Sample
bb9cf9fd5a9ac4b1d04d593e36601dd004b718074941a70b2986f178a3394acf.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
bb9cf9fd5a9ac4b1d04d593e36601dd004b718074941a70b2986f178a3394acf.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
bb9cf9fd5a9ac4b1d04d593e36601dd004b718074941a70b2986f178a3394acf.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
bb9cf9fd5a9ac4b1d04d593e36601dd004b718074941a70b2986f178a3394acf.apk
-
Size
2.5MB
-
MD5
64e9b58eaed9f79b82b9d4bbda325c7c
-
SHA1
0a066ed9949dcf4962784c8b970fc9331a2489d5
-
SHA256
bb9cf9fd5a9ac4b1d04d593e36601dd004b718074941a70b2986f178a3394acf
-
SHA512
3b7d73eca38bd234af41075aea65de9edda2ede72faaa673b9b71a6c34edc350f8cbb53096f633834b724ba377c4fbe0695784fcaaf625b769e1feaae4738204
-
SSDEEP
49152:lFqiS2tmYT+/dqZgWgCZ2ZrlZOYqLuAthujKtGx/rPplwPQc2Xl:08KlqwCZ2ZrlIYKFPoKwPplwNw
Malware Config
Signatures
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
ir.amirkhedam.zedbazidescription ioc process Framework service call android.app.IActivityManager.setServiceForeground ir.amirkhedam.zedbazi -
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs