67208202460427473c38d2abb1d49a5078a39287d2b8e491bab503c83b947e04

Analysis

max time kernel
2318953s
max time network
159s
platform
android_x64
resource
android-x64-arm64-20230831-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20230831-enlocale:en-usos:android-11-x64system
submitted
12-09-2023 16:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ready.apk
Size

6.2MB
MD5

f55f7f03bf6815b5d34181865e414e17
SHA1

210d8e0454449de94e4eb18b675902e7a3497658
SHA256

67208202460427473c38d2abb1d49a5078a39287d2b8e491bab503c83b947e04
SHA512

2e4bf09754b1a2cb15ae82b802bfdeb65821e29aa994bf7bd941e9b8580c8db09902fc61e1824996d70d36d18d6828b463ab93a3f8d494cd408b05cafca633a0
SSDEEP

24576:9rZ7OO54MxfbcgbUPLC8Lse/M0GPaok79XT:9r/x4DLX/MfON

Score

8^/10

banker evasion stealth trojan

Malware Config

Signatures

Makes use of the framework's Accessibility service. 3 IoCs

Processes:

others.casey.mississippi

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	others.casey.mississippi
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	others.casey.mississippi
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	others.casey.mississippi

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
banker

Processes:

others.casey.mississippi

description ioc process

Framework service call android.content.pm.IPackageManager.getInstalledApplications others.casey.mississippi
Removes its main activity from the application launcher 1 IoCs
stealth trojan

Processes:

others.casey.mississippi

pid process

4479 others.casey.mississippi
Acquires the wake lock. 1 IoCs

Processes:

others.casey.mississippi

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock others.casey.mississippi
Tries to add a device administrator. 1 IoCs

Processes:

others.casey.mississippi

description ioc process

Intent action android.app.action.ADD_DEVICE_ADMIN others.casey.mississippi
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
evasion

Processes:

others.casey.mississippi

description ioc process

Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS others.casey.mississippi
Removes a system notification. 1 IoCs
evasion

Processes:

others.casey.mississippi

description ioc process

Framework service call android.app.INotificationManager.cancelNotificationWithTag others.casey.mississippi

description	ioc	process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	others.casey.mississippi

pid	process
4479	others.casey.mississippi

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	others.casey.mississippi

description	ioc	process
Intent action	android.app.action.ADD_DEVICE_ADMIN	others.casey.mississippi

description	ioc	process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	others.casey.mississippi

description	ioc	process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	others.casey.mississippi

others.casey.mississippi
1⤵
- Makes use of the framework's Accessibility service.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
- Removes its main activity from the application launcher
- Acquires the wake lock.
- Tries to add a device administrator.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Removes a system notification.
PID:4479

getprop ro.miui.ui.version.name
2⤵
PID:4541

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/Config/sys/apps/log/log-2023-09-12.txt

Filesize
17B

MD5
e9741c8b822d66f3190e379511b05305

SHA1
5a534d9a8acf1d681cc5fcc3fe872eff02abaec2

SHA256
5cbdeb6552a33c4de8ade686f135d01418fe09d82e9cb3a7219be145c80bd152

SHA512
44db01c4a90608d23be9825e7ce24d240e1ee211e576b7b67b564b67f7737d9fcd28ed5338196bc5541592ad0284aeda4a9f4df0302f462147b127f3a1db1fc9

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2023-09-12.txt

Filesize
25B

MD5
ba30336bf53d54ed3c0ea69dd545de8c

SHA1
ce99c6724c75b93b7448e2d9fac16ca702a5711f

SHA256
2d6988fb5afdaafc4e33fa1f71d6f10c95ab5a49a8ec820add5b13eef05439af

SHA512
eea34ca526e03349e746d3687ea660b4748f0174fe2ffdb65161e232e08630b345e03329614852ce881a71362ba68575e9dd08fa361a416e5b2fb231e21a0a3e

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2023-09-12.txt

Filesize
57B

MD5
a9ec0c42a43c72d73c499e5c17ccbb8b

SHA1
731652fbfe61eac3fdb4b9d3e2eaa010848a0906

SHA256
6c5309ce3f31c9af3288b0de3305b7f5ddee97be60ca4ac1184f3c334480c05b

SHA512
5f8ed24a51f68cfa0627aceb9190d3a7febaee61bd5a89898ab113ddaa7ce2a41f129a28c4e200d5e5e4ddff7a483abc0393dc38e870782caf1c46d2ec0df2e3

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2023-09-12.txt

Filesize
21B

MD5
40fcf48a4ecdb632240619eb756772ce

SHA1
83706b0dcc3ff8032962dcd0d73a36ba65dd6f30

SHA256
d153cc76e9f7a12c26dbe0d197285a77fc8efeed1b1f3d35c25ba386711b5c80

SHA512
4757ed0904a24ed77c8c2dca9be96f084cebc54a93c43eb0eb27545aba7e58916abb0b639254d90ebffea1e760b85d0a0fe53ada28194734748116475dd9829b

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2023-09-12.txt

Filesize
312B

MD5
9dd870d3d7cb91b6dcc4285ce06acff5

SHA1
90d12ecfc8fe2210b84bd01bf95426fa5fe369f4

SHA256
37aee39cb6dcbb7ecf463c4127f6a049804513e22769e49b6d1a03e34a7e8ddb

SHA512
1f8c6b5776aeb7cbaf652cf8130f10853946adf7d7d8e8d0552b7e22a226a85b8ea49355e81114295fa5d117ab54d5b5e85821ffc1fde4e9a7a0998d9a51bf06

Download Submit