5d8e16fac38841614297666183a3a9d5f903a5639dd28ee579da3505ffaa6b34

Analysis

max time kernel
1515572s
max time network
160s
platform
android_x64
resource
android-x64-arm64-20231020-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231020-enlocale:en-usos:android-11-x64system
submitted
17-08-2023 07:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Grab And GO v5.9.apk
Size

10.9MB
MD5

eafcf6351894d779cf32a23fd8fdff99
SHA1

31143c8ba055813e8199f79badfb1e5f194d4514
SHA256

5d8e16fac38841614297666183a3a9d5f903a5639dd28ee579da3505ffaa6b34
SHA512

6550b38772f64a35e7d3c2cb5fd1af0baa36c1e69f14781f5de3d4f73b4f1c48b2e3e3d0aff6f40c343b57f30138565ab1d1a6b8f14b018d2cbdf9eeb7e86150
SSDEEP

24576:S5LI1HKn22BO+vIGTBzevuU1+jOUpeLP7:S61HKnU2wV2OUpET

Score

8^/10

evasion stealth trojan

Malware Config

Signatures

Makes use of the framework's Accessibility service. 2 IoCs

Processes:

liable.copied.nutten

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	liable.copied.nutten
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	liable.copied.nutten

Removes its main activity from the application launcher 1 IoCs
stealth trojan

Processes:

liable.copied.nutten

pid process

4589 liable.copied.nutten
Acquires the wake lock. 1 IoCs

Processes:

liable.copied.nutten

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock liable.copied.nutten
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
evasion

Processes:

liable.copied.nutten

description ioc process

Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS liable.copied.nutten
Removes a system notification. 1 IoCs
evasion

Processes:

liable.copied.nutten

description ioc process

Framework service call android.app.INotificationManager.cancelNotificationWithTag liable.copied.nutten

pid	process
4589	liable.copied.nutten

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	liable.copied.nutten

description	ioc	process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	liable.copied.nutten

description	ioc	process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	liable.copied.nutten

liable.copied.nutten
1⤵
- Makes use of the framework's Accessibility service.
- Removes its main activity from the application launcher
- Acquires the wake lock.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Removes a system notification.
PID:4589

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/Config/sys/apps/log/log-2023-10-23.txt

Filesize
33B

MD5
2956d11393d8a4ec3fa387a9f004ea90

SHA1
276e6c5485d44ce14d3bdece20e911112843a05a

SHA256
ee2ae5c4a6481a961ea94f44d4f0467623f9e1e56de1bc5445b46299a06c75d5

SHA512
a724ee5b7acaad01a9427226fa3ab45be0563cf5b0b76ad07f1f1d85529cd314d1a4346246c3e9f85c90cc560f7557273d173cad08aa917820e4f5814c6e3e7c

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2023-10-23.txt

Filesize
33B

MD5
2956d11393d8a4ec3fa387a9f004ea90

SHA1
276e6c5485d44ce14d3bdece20e911112843a05a

SHA256
ee2ae5c4a6481a961ea94f44d4f0467623f9e1e56de1bc5445b46299a06c75d5

SHA512
a724ee5b7acaad01a9427226fa3ab45be0563cf5b0b76ad07f1f1d85529cd314d1a4346246c3e9f85c90cc560f7557273d173cad08aa917820e4f5814c6e3e7c

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2023-10-23.txt

Filesize
33B

MD5
2956d11393d8a4ec3fa387a9f004ea90

SHA1
276e6c5485d44ce14d3bdece20e911112843a05a

SHA256
ee2ae5c4a6481a961ea94f44d4f0467623f9e1e56de1bc5445b46299a06c75d5

SHA512
a724ee5b7acaad01a9427226fa3ab45be0563cf5b0b76ad07f1f1d85529cd314d1a4346246c3e9f85c90cc560f7557273d173cad08aa917820e4f5814c6e3e7c

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2023-10-23.txt

Filesize
33B

MD5
2956d11393d8a4ec3fa387a9f004ea90

SHA1
276e6c5485d44ce14d3bdece20e911112843a05a

SHA256
ee2ae5c4a6481a961ea94f44d4f0467623f9e1e56de1bc5445b46299a06c75d5

SHA512
a724ee5b7acaad01a9427226fa3ab45be0563cf5b0b76ad07f1f1d85529cd314d1a4346246c3e9f85c90cc560f7557273d173cad08aa917820e4f5814c6e3e7c

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2023-10-23.txt

Filesize
288B

MD5
dcda9a9086def1a8425e99161cf156e6

SHA1
df05ce14f9068f3a346cf8f6bbec67be29929923

SHA256
4055baffa6d59e89c23837191a13d5856b4786192cb181f726ba79e39e3f53e2

SHA512
e6f8bf4213b9a0559f7422bb41760c49bbaaff04d6c3ed9ee0e521a90f2f112c9c6e38134b480cc81dcbf6e462877fba0bf81846ddd903086496dd3f2c8fe1d8

Download Submit