Analysis
-
max time kernel
36s -
max time network
132s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
01-07-2024 22:02
Static task
static1
Behavioral task
behavioral1
Sample
ed3e471b206d5dcd3fe448b1bebe733710d558c55dcec5f86e65ea11e32145ea.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
ed3e471b206d5dcd3fe448b1bebe733710d558c55dcec5f86e65ea11e32145ea.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
ed3e471b206d5dcd3fe448b1bebe733710d558c55dcec5f86e65ea11e32145ea.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
ed3e471b206d5dcd3fe448b1bebe733710d558c55dcec5f86e65ea11e32145ea.apk
-
Size
2.5MB
-
MD5
b0a15127578501c3c255b53adcf3c3ed
-
SHA1
62da8270d6243bb1e7c33afd9826ba87af60c18e
-
SHA256
ed3e471b206d5dcd3fe448b1bebe733710d558c55dcec5f86e65ea11e32145ea
-
SHA512
0f1d68ed400046418e002180cbc429fb2517a2ba330d3f32b92301c35ed9a3d5de583c352b7bdbe33d82ea30b459e52d9d806da3786cb1b13288e3a4aec99977
-
SSDEEP
49152:lFqiS2tmYT+/dqZgWgCZ2ZrlZOYqLuAthujKtGx/rPplwPQc2XI:08KlqwCZ2ZrlIYKFPoKwPplwNp
Malware Config
Signatures
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
ir.amirkhedam.zedbazidescription ioc process Framework service call android.app.IActivityManager.setServiceForeground ir.amirkhedam.zedbazi -
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs