e4d7484b888deceefeb17ee346821a0c9d3112dffd5ad57c71f4df7d304580b8

Analysis

max time kernel
20s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
01-07-2024 02:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e4d7484b888deceefeb17ee346821a0c9d3112dffd5ad57c71f4df7d304580b8.apk
Size

2.0MB
MD5

71f6cdb3d8eebe1c8e7e26896238e571
SHA1

019134386a6d900d61285e5e986249928a9504b6
SHA256

e4d7484b888deceefeb17ee346821a0c9d3112dffd5ad57c71f4df7d304580b8
SHA512

740e8bcde7462b99972ea472ee0cae53f4f61fcdc6d9ca1c8c44d0661323178c891f7fe82052cd7bae7239d7a953a6dcdb5e6fc42b28cd4acc9e1634e284228b
SSDEEP

49152:I8FjWz5Kzip37zl3fg1S1RvyzHth1mFI1/3Go1eiUMG1VummJwga8TGi3U/kX1l5:IIhup37zlviS1GHoFW3aiUM6ummJwgaE

Score

7^/10

collection credential_access impact

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

pl.spyone.agent2

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener pl.spyone.agent2
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

pl.spyone.agent2

description ioc process

File opened for read /proc/cpuinfo pl.spyone.agent2
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

pl.spyone.agent2

description ioc process

File opened for read /proc/meminfo pl.spyone.agent2

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	pl.spyone.agent2

description	ioc	process
File opened for read	/proc/cpuinfo	pl.spyone.agent2

description	ioc	process
File opened for read	/proc/meminfo	pl.spyone.agent2

pl.spyone.agent2
1⤵
- Obtains sensitive information copied to the device clipboard
- Checks CPU information
- Checks memory information
PID:4480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/pl.spyone.agent2/databases/database.db
Filesize
76KB

MD5
0379f2b646309bcd59a19760005dd257

SHA1
9185b00c3401321841b1c7edd10624a13c2dd47f

SHA256
62c0d663334435c7b56f7ef5ee45ef1e1476f9ef39ea6667dd48962eadb0216f

SHA512
387a118af4cd9315a8e5323b7a2b78e5214b0556448cdf6a68335ecda5615dfd0c1ca0313d8b355e8489980635319d90f2b7b25889b1e556c11b7657bc184fe8

Download Submit
/data/user/0/pl.spyone.agent2/databases/database.db-journal
Filesize
512B

MD5
249859d957932c89da47e0ee88b602d3

SHA1
4957e0e30dcd25050febe2533da10b79242c94fa

SHA256
b6fe7de764e68ca9e34d74480aa1086a75a8b6db900b8db8395c4f725a5890f7

SHA512
a37733cb206281670ae462dc3d04725fb8b601290bc5233aabfa118e37f3a922d08b9de61d8c1a250c03e7a9ffcb665b4a9f7c29740805a6ce67c7f169e5081f

Download Submit
/data/user/0/pl.spyone.agent2/databases/database.db-journal
Filesize
8KB

MD5
98f7d0c8cb3b81115d127fc541069c3f

SHA1
72c78b1e9a3de8489d01ecd6c920d714cbdc52db

SHA256
e1086d516628c2a43a1663578d14fd9566b2d9430e64b5200f28cfa78eccd8b0

SHA512
814b4632784c7b5207c566cbfbf2190452deb05e0c3ce678c9c19c7baf32892ba74f19d1a2506f39538f770c7d7a8bb7afb63a7d8a74aec23d6881ec539ec6bc

Download Submit
/data/user/0/pl.spyone.agent2/databases/database.db-journal
Filesize
8KB

MD5
330dcee0df1c9ef2fd58cc9ee9cb5fdd

SHA1
ebf845f72c9eb7322ec2298793cf471ac2faf42e

SHA256
0bb604a6571c0e09ce53412bd4b8c3ad304249506527b17bbe16ed7c94dd1c1c

SHA512
8bb3abcae4ceb1250bcde7c427c10df57c9790f97b1014d07a6a6ae6e65667395592017cf26b56132a835cd5386a2c66a56f814e68c63130c67ec2734a508ba4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads