55710744002873ae31cf9d9b2480b765acb5a2ced1518c491f6ee55b6842a425

Resubmissions

06-10-2023 18:08

231006-wq5l1seh6y 10

06-10-2023 18:01

231006-wl3lvsgh87 10

Analysis

max time kernel
103330s
max time network
115s
platform
android_x86
resource
android-x86-arm-20230831-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20230831-enlocale:en-usos:android-9-x86system
submitted
06-10-2023 18:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

55710744002873ae31cf9d9b2480b765acb5a2ced1518c491f6ee55b6842a425.apk
Size

2.0MB
MD5

c88a7aea7a624e26209ca49b84bb19c4
SHA1

e11bf9286e0fb73370edaff2ca89518f18cb65cf
SHA256

55710744002873ae31cf9d9b2480b765acb5a2ced1518c491f6ee55b6842a425
SHA512

245a2e6055a226f460c0276e55a59a23ace11ab63fa00e611366721a6277eea9ac5e6b44079b0c221874fc042bcfd252125df302fa39780e8e2e430adaa585d7
SSDEEP

12288:WolF2l+3jED0va6H1RFQEyuz4Zy7Ir9ZZpRlKLA+gAlj6Z:Woa96pQE6Z8+9ZZXslj6Z

Score

8^/10

evasion stealth trojan

Malware Config

Signatures

Makes use of the framework's Accessibility service. 2 IoCs

Processes:

jane.extras.equations

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	jane.extras.equations
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	jane.extras.equations

Removes its main activity from the application launcher 1 IoCs
stealth trojan

Processes:

jane.extras.equations

pid process

4196 jane.extras.equations
Acquires the wake lock. 1 IoCs

Processes:

jane.extras.equations

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock jane.extras.equations
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
evasion

Processes:

jane.extras.equations

description ioc process

Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS jane.extras.equations
Removes a system notification. 1 IoCs
evasion

Processes:

jane.extras.equations

description ioc process

Framework service call android.app.INotificationManager.cancelNotificationWithTag jane.extras.equations

pid	process
4196	jane.extras.equations

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	jane.extras.equations

description	ioc	process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	jane.extras.equations

description	ioc	process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	jane.extras.equations

jane.extras.equations
1⤵
- Makes use of the framework's Accessibility service.
- Removes its main activity from the application launcher
- Acquires the wake lock.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Removes a system notification.
PID:4196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/Config/sys/apps/log/log-2023-10-06.txt

Filesize
37B

MD5
c5800455f22fb3853f8de2c86d73d738

SHA1
8f448e3d2995c8450addd8e204f0334bfdefb996

SHA256
c3b4b3fa9c0b26bb9dc8731137f0ddda022c2a896451c7a6f67891e9301a47f1

SHA512
dc8b514c1c745870c6b44ea675b209465dcdc286f49c50f5c4d2b07c062ce3b3c73b3ce70717785ee8f16ef1068aeea62c8fc2de677dadf49fd8fa6616a904ac

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2023-10-06.txt

Filesize
37B

MD5
c5800455f22fb3853f8de2c86d73d738

SHA1
8f448e3d2995c8450addd8e204f0334bfdefb996

SHA256
c3b4b3fa9c0b26bb9dc8731137f0ddda022c2a896451c7a6f67891e9301a47f1

SHA512
dc8b514c1c745870c6b44ea675b209465dcdc286f49c50f5c4d2b07c062ce3b3c73b3ce70717785ee8f16ef1068aeea62c8fc2de677dadf49fd8fa6616a904ac

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2023-10-06.txt

Filesize
37B

MD5
c5800455f22fb3853f8de2c86d73d738

SHA1
8f448e3d2995c8450addd8e204f0334bfdefb996

SHA256
c3b4b3fa9c0b26bb9dc8731137f0ddda022c2a896451c7a6f67891e9301a47f1

SHA512
dc8b514c1c745870c6b44ea675b209465dcdc286f49c50f5c4d2b07c062ce3b3c73b3ce70717785ee8f16ef1068aeea62c8fc2de677dadf49fd8fa6616a904ac

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2023-10-06.txt

Filesize
25B

MD5
ba30336bf53d54ed3c0ea69dd545de8c

SHA1
ce99c6724c75b93b7448e2d9fac16ca702a5711f

SHA256
2d6988fb5afdaafc4e33fa1f71d6f10c95ab5a49a8ec820add5b13eef05439af

SHA512
eea34ca526e03349e746d3687ea660b4748f0174fe2ffdb65161e232e08630b345e03329614852ce881a71362ba68575e9dd08fa361a416e5b2fb231e21a0a3e

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2023-10-06.txt

Filesize
288B

MD5
c43c1dfae332409fbb441d3c7e01a128

SHA1
6bf962d7ee8ad2cc813bf0c78e44777dd28b950e

SHA256
be262fd1f30f3ee2ee44582d25db507804257aac05ec49d76f5778768b4ae018

SHA512
bb1b697c9c0b748bc31b8c4eeebd20cba11ff01ab0d0431d1f32add74bf860749a0d203171c36ce59476c4db0bee3091bb11dd22982d4b91bc403eddbdad2f50

Download Submit