Analysis
-
max time kernel
1515621s -
max time network
165s -
platform
android_x64 -
resource
android-x64-20230831-en -
resource tags
androidarch:x64arch:x86image:android-x64-20230831-enlocale:en-usos:android-10-x64system -
submitted
17-08-2023 07:29
Behavioral task
behavioral1
Sample
Grab And GO v14.2.apk
Resource
android-x86-arm-20231020-en
Behavioral task
behavioral2
Sample
Grab And GO v14.2.apk
Resource
android-x64-20230831-en
General
-
Target
Grab And GO v14.2.apk
-
Size
10.9MB
-
MD5
9523305c9619db2812c1d7eb275d5e67
-
SHA1
c23a5b01dcd445d39652802af963295b0cd6b5c2
-
SHA256
2232648b8a66b81b900631d38fcd3b9fbee474acdef15386943c568f792542d6
-
SHA512
9df6b6b599ca418ee0f1d476bdc44bccee83c4d88b94da3d70c2603134a6f6a3287c7c93350ae485820a7d181ba26f4e3597955ee3654ea8d62f956ce1805553
-
SSDEEP
12288:+VlF9gqcAmUsg4PUtRtUwPC64sYaGXBKqJR9e1E7gRwVTfWuuiwwYGC8:4Fjc9IqUtTJ94sYrKq01UgR/ZGD
Malware Config
Signatures
-
Makes use of the framework's Accessibility service. 2 IoCs
Processes:
info.reports.babesdescription ioc process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId info.reports.babes Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId info.reports.babes -
Processes:
info.reports.babespid process 4868 info.reports.babes -
Acquires the wake lock. 1 IoCs
Processes:
info.reports.babesdescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock info.reports.babes -
Removes a system notification. 1 IoCs
Processes:
info.reports.babesdescription ioc process Framework service call android.app.INotificationManager.cancelNotificationWithTag info.reports.babes
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/storage/emulated/0/Config/sys/apps/log/log-2023-10-23.txtFilesize
37B
MD51c531304494ed606ae28b116c1250e5d
SHA181507cb7039f318d08adad261e6247c9f21a6450
SHA2564b15c412d480f07889b3edfcd2acc8d538d3684b134eb0738c228734288e32eb
SHA512e49dc194e0f36d14ce2eea89706ae28f0ebdc1faf65cb3a94f612d34ae29e32d80e3fe7c6243954518bd664f16610cfb7a669b13576a3516517295014aa072ad
-
/storage/emulated/0/Config/sys/apps/log/log-2023-10-23.txtFilesize
37B
MD51c531304494ed606ae28b116c1250e5d
SHA181507cb7039f318d08adad261e6247c9f21a6450
SHA2564b15c412d480f07889b3edfcd2acc8d538d3684b134eb0738c228734288e32eb
SHA512e49dc194e0f36d14ce2eea89706ae28f0ebdc1faf65cb3a94f612d34ae29e32d80e3fe7c6243954518bd664f16610cfb7a669b13576a3516517295014aa072ad
-
/storage/emulated/0/Config/sys/apps/log/log-2023-10-23.txtFilesize
37B
MD51c531304494ed606ae28b116c1250e5d
SHA181507cb7039f318d08adad261e6247c9f21a6450
SHA2564b15c412d480f07889b3edfcd2acc8d538d3684b134eb0738c228734288e32eb
SHA512e49dc194e0f36d14ce2eea89706ae28f0ebdc1faf65cb3a94f612d34ae29e32d80e3fe7c6243954518bd664f16610cfb7a669b13576a3516517295014aa072ad
-
/storage/emulated/0/Config/sys/apps/log/log-2023-10-23.txtFilesize
25B
MD5ba30336bf53d54ed3c0ea69dd545de8c
SHA1ce99c6724c75b93b7448e2d9fac16ca702a5711f
SHA2562d6988fb5afdaafc4e33fa1f71d6f10c95ab5a49a8ec820add5b13eef05439af
SHA512eea34ca526e03349e746d3687ea660b4748f0174fe2ffdb65161e232e08630b345e03329614852ce881a71362ba68575e9dd08fa361a416e5b2fb231e21a0a3e
-
/storage/emulated/0/Config/sys/apps/log/log-2023-10-23.txtFilesize
288B
MD526b2c8b5252dab20f9299dffa3f39235
SHA1974ce592b6048ac6d0cc87b5ca69b84860af76d7
SHA256b2dbb2c00f4acddec78bcd2e7826b35cb211ff86a1946002a075c401fd6d49c4
SHA512c7662b5fd177b5c5a53941f188d9bd66317dc6492a918ccbc4e40a10d9fea8f508f8ded8599b10990d1c65049ba36238d5e54966292a139b504ff5e9e80316aa