0198b8fa11bf9e8442defa00befa2ab224ada5ebb4a60256f2bf5fc491cca0a1

Resubmissions

19/10/2022, 07:24

221019-h8nvbsfehl 10

13/09/2022, 08:50

220913-krtqcsfbc9 8

02/09/2022, 10:02

220902-l2sfqacadq 8

Analysis

max time kernel
4255705s
max time network
157s
platform
android_x86
resource
android-x86-arm-20220823-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
submitted
02/09/2022, 10:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0198b8fa11bf9e8442defa00befa2ab224ada5ebb4a60256f2bf5fc491cca0a1.apk
Size

4.0MB
MD5

0b3248698651c68aa79c128c26df6f5c
SHA1

93be818f6087423909594f5630b67cf0ddcf71b6
SHA256

0198b8fa11bf9e8442defa00befa2ab224ada5ebb4a60256f2bf5fc491cca0a1
SHA512

c9815d347d65cb2184a50b9e0bc6086dd77023666189b69baabfe3e21e7cebaae513c7530c96af877bd0ef03f1f946a23f947bcaafc4be7d89d967bb9d3dbfa4
SSDEEP

98304:rAf1Qd2ofrWriq/urhQuzI6TZS+DixH8bU4bFLzbcHeze8:rANZLky4To+mgU4bFLq8

Score

8^/10

banker evasion

Malware Config

Signatures

Makes use of the framework's Accessibility service. 2 IoCs

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.personal.pdf
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.personal.pdf

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.personal.pdf

Acquires the wake lock. 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.personal.pdf

Requests disabling of battery optimizations (often used to enable hiding in the background). 2 IoCs

evasion

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.personal.pdf:remote
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.personal.pdf

Removes a system notification. 1 IoCs

evasion

description	ioc	Process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	com.personal.pdf

com.personal.pdf
1⤵
- Makes use of the framework's Accessibility service.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
- Acquires the wake lock.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Removes a system notification.
PID:4047

com.personal.pdf:remote
1⤵
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4310

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.personal.pdf/app_webview/Cookies

Filesize
64KB

MD5
cb7543c4df600f2af58097cce0e334ba

SHA1
83cc92f38c27fdb4fa519b1ce2f37912f24af1f0

SHA256
64c022ae708f94ffde986e105d88f708884de325720bfb9925c4160a6d417233

SHA512
ad51cad0472327bd68aa2d791341cfafed58971752352537bb603ed18b15a3f9185e9150983a28ecd09606e8dcaef6d1c9d93213dd246ef7720f39842eb3d980

Download Submit
/data/user/0/com.personal.pdf/app_webview/Cookies-journal

Filesize
1KB

MD5
6edbcbce907d803df9e08d57c054d775

SHA1
09037b18407a7060a7ebe56e364f52ea4641dd2f

SHA256
d9efe680778fc0d1739dde9d7d9965eeec348462cfb2868af027cc794e510199

SHA512
67098be7ffcddcdaf15b443091f4a84296666a1e262c45a5683fbdc8cf737d6390aef0878b8dc2c485494c1e7e3eaac43add9f088cbba22069075a557335c13d

Download Submit
/data/user/0/com.personal.pdf/app_webview/GPUCache/index

Filesize
20B

MD5
93027d42b314432c4216e6cfca48b384

SHA1
43448dd8102979c3926828182579691945eedd4e

SHA256
3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

SHA512
a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

Download Submit
/data/user/0/com.personal.pdf/app_webview/GPUCache/index-dir/temp-index

Filesize
48B

MD5
710f70b587c89d333c182e9bfacecc96

SHA1
fae710af5eab1f6f2d5291e2e062af876db483b5

SHA256
f6c9d239e84cfd42b32081ec9192f24e54b8bd9cb061a23474647e8dbad39478

SHA512
36966e3f3fe340d0bd9c59002d794e2a5dcc858a4e84a365d4b2650c26d1b65a8823e18d05a72e99599bd0b54d73f2385183a6c5578c15c82eebd560194401d2

Download Submit
/data/user/0/com.personal.pdf/app_webview/Web Data

Filesize
104KB

MD5
dc79f9ce5f3ab5270b33e61119dfc959

SHA1
1844bf222a5144b513dcf2fb50a18c011701c647

SHA256
47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65

SHA512
18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

Download Submit
/data/user/0/com.personal.pdf/app_webview/Web Data-journal

Filesize
1KB

MD5
4aeb8d55a2832940d0de8b1ef3505604

SHA1
c1d92dc941339da67d350f77eb749029851f0936

SHA256
770811a9397a8d008032e5be1ae636866117d861ce3769f63f502dd144e2c65f

SHA512
92fc31a718807b0081390eb6eca318cc2934b57b1c1e6c286f7191f40c933d9968de6a67a3d7937597d3c38a5ff5e59a0582fd0d7e36cda949e16fe1fb59e118

Download Submit
/data/user/0/com.personal.pdf/app_webview/metrics_guid

Filesize
36B

MD5
cccbb401a4b96171de027831427bb543

SHA1
53da3fc4e95334e6a0aaa74b35e562e9363f6825

SHA256
c9142e68ed672aaec4a9eb751a1d9403b75a7171c3a680539147aea3c96f26b6

SHA512
65864598fd514f4cd520a6144244f3341a1385fa7123393096c73b76d165a5509cb07bf61097f8392d9d75a1002dca5a4c40e354d110e00848d7c87b2b62b50d

Download Submit
/data/user/0/com.personal.pdf/cache/org.chromium.android_webview/44e5652fb145311f_0

Filesize
1KB

MD5
68eebc5dbd4cdc6d9c5128d457684cdb

SHA1
131d5039735d68b850dd97571232d4fac2f46ef1

SHA256
bf770694bafa77e1ea8b29e3cabf5d1ce761b5ee91df03daa8dc3870e6c0c916

SHA512
9e2e887df2a7dfd122cd7604e9c0cde68d2d34d092a165ebb401faeaf26022107deabc11a96cadc17b5afcf3d4be8451e875f641302e4bcf25b60e7d64b485cd

Download Submit
/data/user/0/com.personal.pdf/cache/org.chromium.android_webview/f7dc77863b8aa457_0

Filesize
365B

MD5
75ec18f20087c92573257945163e77d4

SHA1
2a8f08c19707ad76b56631526cd4b7907896cf32

SHA256
645bd3187411b4158b36bb7b89b5afb09e7addfa398844a0e7c1335fa3a950f5

SHA512
77b34d056847e25242ca73522d747f23c609a42f718b9077a42f974402c0769e1d09806bd4736582639a99b357e4cbaba305be80736b293fa49a825cb4059d00

Download Submit
/data/user/0/com.personal.pdf/cache/org.chromium.android_webview/index

Filesize
20B

MD5
93027d42b314432c4216e6cfca48b384

SHA1
43448dd8102979c3926828182579691945eedd4e

SHA256
3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

SHA512
a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

Download Submit
/data/user/0/com.personal.pdf/cache/org.chromium.android_webview/index-dir/temp-index

Filesize
72B

MD5
89d5f7906e0733747ea4abe4b1a2194a

SHA1
86b6be6d1cb7269fc803d8adfcbd1911503886cc

SHA256
b5a7f8d248541bf18a60ffc9d834bfcde49464202802b52fd340437e1edeea7f

SHA512
08c0fbf53051b3b3873808f8514f3790d8b9dd724672a46664b71123892f5a1207832e1cd9331d44aacaaf143cf30ea8a25123b4a8f8d091841414e7f402a9ce

Download Submit
/data/user/0/com.personal.pdf/shared_prefs/WebViewChromiumPrefs.xml

Filesize
127B

MD5
21223e9184445fe043476484cd8cb1f9

SHA1
2b4813f849121d60ba35eb0889080668bb62c778

SHA256
bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

SHA512
be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

Download Submit