Resubmissions
22-09-2022 05:59
220922-gpshqsdhcq 1004-07-2022 03:32
220704-d3qdragdc8 830-06-2022 05:11
220630-fvqqnagaep 828-06-2022 09:39
220628-lmr7eaach9 721-06-2022 09:05
220621-k17nksegh6 8Analysis
-
max time kernel
3343288s -
max time network
158s -
platform
android_x86 -
resource
android-x86-arm-20220621-en -
submitted
04-07-2022 03:32
Static task
static1
Behavioral task
behavioral1
Sample
cryptoapp.apk
Resource
android-x86-arm-20220621-en
Behavioral task
behavioral2
Sample
cryptoapp.apk
Resource
android-x64-20220621-en
Behavioral task
behavioral3
Sample
cryptoapp.apk
Resource
android-x64-arm64-20220621-en
General
-
Target
cryptoapp.apk
-
Size
3.7MB
-
MD5
520855bdec84895dd57eb97e5f30b6e3
-
SHA1
51428eaafc0d544da9a56ba00b8c9c774a01153f
-
SHA256
b12dd66de4d180d4bbf4ae23f66bac875b3a9da455d9010720f0840541366490
-
SHA512
b608aa376c1919cfad95d1ec31943b9350f8c25d30f60610dd1263e08b75fb5c400e635aee815fa29d186b9887e57b5cbb592e67d2e987a858e53e5f3d7c7e26
Malware Config
Signatures
-
Makes use of the framework's Accessibility service. 1 IoCs
Processes:
werwerwee.qwetrydsf.yfdefesdescription ioc process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId werwerwee.qwetrydsf.yfdefes -
Acquires the wake lock. 1 IoCs
Processes:
werwerwee.qwetrydsf.yfdefesdescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock werwerwee.qwetrydsf.yfdefes -
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 29 icanhazip.com 30 icanhazip.com
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
128B
MD520837fd8daf2a2de8d6c4ccd8e90653a
SHA17ac08617bd4585151c239325aea243d9eca586f7
SHA256e05f0ae0ee70ef2efac07e999da273b5f506462b67549f9080f6cdf469d70cec
SHA512a4fd7ac1ce847a84fe4f47c2e7079f00b16b86213fe840b70e3a55992a043da99ca6fe1c9a723e709e2ee3985ed3b7c5a299d1cf5b29e8228f3f81d3cbb6876a
-
Filesize
198B
MD55cb0f79f329d68334f33e63750d88a49
SHA185428f62ef95c797f08ec410ba4fe84c91e817d1
SHA256d79335b3b09224ffbb05b0a7d45d12d4bc1f2e7bd9263a7e5377fe3c1bc3604b
SHA512039caa2de53e409b5b0db890149a612fc84bb726c9479aee85027838607d062feb6894fb0e24a2eb400b3917989ebf644153ad4fe83b0bd4632d74d3dac1569d