4067b5b04e75d56b634fc0a62641f993c0e29c0a24e31a1170dc69bb312fc044

Analysis

max time kernel
574617s
max time network
141s
platform
android_x86
resource
android-x86-arm-20230621-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20230621-enlocale:en-usos:android-9-x86system
submitted
23-08-2023 11:53

Target

4067b5b04e75d56b634fc0a62641f993c0e29c0a24e31a1170dc69bb312fc044.apk
Size

3.1MB
MD5

4eea28c432eb356d9ea32c3540192d9a
SHA1

89fe8937fbb16b46974773a781d3c1decf64b6f1
SHA256

4067b5b04e75d56b634fc0a62641f993c0e29c0a24e31a1170dc69bb312fc044
SHA512

31555b9ec8fefe9f0cd7cef84655cdc9d2b59c793c6331918f8a644a259210af8d469d2df3b5b9bb5830c7dbfae50fc3ba6f40da7a24a02f50872d02d108632c
SSDEEP

98304:l1Oh0qnoPMnH2o9dju6zfJNvbQ4dpTrgmSlzfrDzCxFW:rOh3oP0PpdSmVxFW

Score

8^/10

Makes use of the framework's Accessibility service. 3 IoCs

Processes:

com.reallybadapps.podcastguru

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.reallybadapps.podcastguru
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.reallybadapps.podcastguru
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.reallybadapps.podcastguru

Removes its main activity from the application launcher 1 IoCs
stealth trojan

Processes:

com.reallybadapps.podcastguru

pid process

3955 com.reallybadapps.podcastguru
Acquires the wake lock. 1 IoCs

Processes:

com.reallybadapps.podcastguru

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.reallybadapps.podcastguru
Requests enabling of the accessibility settings. 1 IoCs

Processes:

com.reallybadapps.podcastguru

description ioc process

Intent action android.settings.ACCESSIBILITY_SETTINGS com.reallybadapps.podcastguru
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
evasion

Processes:

com.reallybadapps.podcastguru

description ioc process

Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS com.reallybadapps.podcastguru
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.reallybadapps.podcastguru

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.reallybadapps.podcastguru

pid	process
3955	com.reallybadapps.podcastguru

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.reallybadapps.podcastguru

description	ioc	process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	com.reallybadapps.podcastguru

description	ioc	process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.reallybadapps.podcastguru

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.reallybadapps.podcastguru