2232648b8a66b81b900631d38fcd3b9fbee474acdef15386943c568f792542d6

Analysis

max time kernel
1515624s
max time network
167s
platform
android_x64
resource
android-x64-arm64-20231020-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231020-enlocale:en-usos:android-11-x64system
submitted
17-08-2023 07:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Grab And GO v14.2.apk
Size

10.9MB
MD5

9523305c9619db2812c1d7eb275d5e67
SHA1

c23a5b01dcd445d39652802af963295b0cd6b5c2
SHA256

2232648b8a66b81b900631d38fcd3b9fbee474acdef15386943c568f792542d6
SHA512

9df6b6b599ca418ee0f1d476bdc44bccee83c4d88b94da3d70c2603134a6f6a3287c7c93350ae485820a7d181ba26f4e3597955ee3654ea8d62f956ce1805553
SSDEEP

12288:+VlF9gqcAmUsg4PUtRtUwPC64sYaGXBKqJR9e1E7gRwVTfWuuiwwYGC8:4Fjc9IqUtTJ94sYrKq01UgR/ZGD

Score

8^/10

evasion stealth trojan

Malware Config

Signatures

Makes use of the framework's Accessibility service. 2 IoCs

Processes:

info.reports.babes

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	info.reports.babes
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	info.reports.babes

Removes its main activity from the application launcher 1 IoCs
stealth trojan

Processes:

info.reports.babes

pid process

4480 info.reports.babes
Acquires the wake lock. 1 IoCs

Processes:

info.reports.babes

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock info.reports.babes
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
evasion

Processes:

info.reports.babes

description ioc process

Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS info.reports.babes
Removes a system notification. 1 IoCs
evasion

Processes:

info.reports.babes

description ioc process

Framework service call android.app.INotificationManager.cancelNotificationWithTag info.reports.babes

pid	process
4480	info.reports.babes

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	info.reports.babes

description	ioc	process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	info.reports.babes

description	ioc	process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	info.reports.babes

info.reports.babes
1⤵
- Makes use of the framework's Accessibility service.
- Removes its main activity from the application launcher
- Acquires the wake lock.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Removes a system notification.
PID:4480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/Config/sys/apps/log/log-2023-10-23.txt
Filesize
37B

MD5
1c531304494ed606ae28b116c1250e5d

SHA1
81507cb7039f318d08adad261e6247c9f21a6450

SHA256
4b15c412d480f07889b3edfcd2acc8d538d3684b134eb0738c228734288e32eb

SHA512
e49dc194e0f36d14ce2eea89706ae28f0ebdc1faf65cb3a94f612d34ae29e32d80e3fe7c6243954518bd664f16610cfb7a669b13576a3516517295014aa072ad

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2023-10-23.txt
Filesize
37B

MD5
1c531304494ed606ae28b116c1250e5d

SHA1
81507cb7039f318d08adad261e6247c9f21a6450

SHA256
4b15c412d480f07889b3edfcd2acc8d538d3684b134eb0738c228734288e32eb

SHA512
e49dc194e0f36d14ce2eea89706ae28f0ebdc1faf65cb3a94f612d34ae29e32d80e3fe7c6243954518bd664f16610cfb7a669b13576a3516517295014aa072ad

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2023-10-23.txt
Filesize
37B

MD5
1c531304494ed606ae28b116c1250e5d

SHA1
81507cb7039f318d08adad261e6247c9f21a6450

SHA256
4b15c412d480f07889b3edfcd2acc8d538d3684b134eb0738c228734288e32eb

SHA512
e49dc194e0f36d14ce2eea89706ae28f0ebdc1faf65cb3a94f612d34ae29e32d80e3fe7c6243954518bd664f16610cfb7a669b13576a3516517295014aa072ad

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2023-10-23.txt
Filesize
37B

MD5
1c531304494ed606ae28b116c1250e5d

SHA1
81507cb7039f318d08adad261e6247c9f21a6450

SHA256
4b15c412d480f07889b3edfcd2acc8d538d3684b134eb0738c228734288e32eb

SHA512
e49dc194e0f36d14ce2eea89706ae28f0ebdc1faf65cb3a94f612d34ae29e32d80e3fe7c6243954518bd664f16610cfb7a669b13576a3516517295014aa072ad

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2023-10-23.txt
Filesize
288B

MD5
de8c7baf10787398e26dda42414f4a92

SHA1
7c66c53186aadd75dbfa110c6ab3ec2e40d9791a

SHA256
093463e92a2cc08a6eb6eb68b93f805b0eeadc84a66de56fab197655335a6b41

SHA512
d436bf0fe5bc52ffea96a1f5fe5098e4f8b42a72ba48ca4417c8bd959e27553f113b0a3022ce50e314eef5a49e5454e6db33473feba066035685c1ad8700a06a

Download Submit