Analysis
-
max time kernel
25s -
max time network
155s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
30-06-2024 22:00
Static task
static1
Behavioral task
behavioral1
Sample
0c2523fc04bf1bbaa183e2d9117d939e5ba496f7099efe9aabc90789e746287c.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
0c2523fc04bf1bbaa183e2d9117d939e5ba496f7099efe9aabc90789e746287c.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
0c2523fc04bf1bbaa183e2d9117d939e5ba496f7099efe9aabc90789e746287c.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
0c2523fc04bf1bbaa183e2d9117d939e5ba496f7099efe9aabc90789e746287c.apk
-
Size
2.9MB
-
MD5
8deef0a73ea4f56d9957af7fe7ebd125
-
SHA1
de6a11ec18f32ed335e45634b144632228ed2fa4
-
SHA256
0c2523fc04bf1bbaa183e2d9117d939e5ba496f7099efe9aabc90789e746287c
-
SHA512
a91582879757a9bc10a2bd8884f4b0e5dbc46ea97749124320740f29bc67e074417889980a080ce80b4574ca5494956a8220193f9303b4a05f6a2294058c10e9
-
SSDEEP
49152:sfF2qTze4bjhmBinGJkVVeKVuvYfTsLJgIyohOrd1C:sf4mJUI3xuveshhOrdI
Malware Config
Signatures
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
kyc.pk.rblbanknewdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone kyc.pk.rblbanknew -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
kyc.pk.rblbanknewdescription ioc process Framework service call android.app.IActivityManager.registerReceiver kyc.pk.rblbanknew -
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/kyc.pk.rblbanknew/files/profileInstalledFilesize
24B
MD587c157ceb660e9c0232a6d7718b22780
SHA1cd11be88c8b6a99ca82f60961abc7338df67bcc7
SHA2565c59811d5151a65531197714f7d5e4111e9bca3ad46a8cd06f30f75b7cb8f1b5
SHA5123108b4b0cac2abb013159e8fde8eac461983513f53922c33e7ff3c1a990e3d262ff116b69c68141b98f5c7b810bff00b41a4234ead65659ffa24a2a04a150272
-
/data/data/kyc.pk.rblbanknew/files/profileinstaller_profileWrittenFor_lastUpdateTime.datFilesize
8B
MD57119cad25c3899e8598a09ba3f282c6f
SHA15dcf49448b940a71072ce6ef1cf1a672ff748c49
SHA2564cad6888aed5f7c5e91db729d8700d301829f701410109c6e3e62b9bde3245dd
SHA512d1268767440251706a8a07067bb24ce97b1f7a188882d8359180c67edae163b765dbb2fe7127bf1accc8164fb8cde788e2f1a5813a71861360d037137f852e12
-
/data/misc/profiles/cur/0/kyc.pk.rblbanknew/primary.profFilesize
1KB
MD595c454793016ea827b29e8ed872754b0
SHA1e3ab798ca4f0aa27882fab5c3e60bdc12ee3908b
SHA256a8be3be88e3a8cc1fe96b780ca1c0d0dc7db7f43374b9d003358e8afc68fba09
SHA512f08dadc474e29f425a4a9388c70b2394dcacb0631c2f737fc7f886dbc940cddaf30f0f50d78c493cd64389f22e1390ea0dcd6dffde5fe535dcd4e717e4522b6f