9a8a1f2f57dca02d518021ab4603e8c5a5e4a606ee9f6ff8cee27a8d0f0c203c

Analysis

max time kernel
516831s
max time network
161s
platform
android_x64
resource
android-x64-20230831-en
resource tags

androidarch:x64arch:x86image:android-x64-20230831-enlocale:en-usos:android-10-x64system
submitted
11-10-2023 08:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ready.apk
Size

15.3MB
MD5

e5a89bcae0c0e5e6cd3bec30e11fd3f9
SHA1

7cf72572ac3e6643a011dcda04043e6fdbc198c7
SHA256

9a8a1f2f57dca02d518021ab4603e8c5a5e4a606ee9f6ff8cee27a8d0f0c203c
SHA512

392f4497e18c7322c2e9c2b1acce252c240f5f30348a5e35bd92ce257c62676b2af0655128da88f5e32b3cd25531ba058c980b75a5e8211377cec15bfd46909e
SSDEEP

24576:BDiwlfglBWItYYjwjCgI4hgN42HwaxGNA7R:dCTO87N4GwaxnF

Score

8^/10

evasion stealth trojan

Malware Config

Signatures

Makes use of the framework's Accessibility service. 3 IoCs

Processes:

fruitf8.accessibility.spoken

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	fruitf8.accessibility.spoken
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	fruitf8.accessibility.spoken
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	fruitf8.accessibility.spoken

Removes its main activity from the application launcher 1 IoCs
stealth trojan

Processes:

fruitf8.accessibility.spoken

pid process

4976 fruitf8.accessibility.spoken
Acquires the wake lock. 1 IoCs

Processes:

fruitf8.accessibility.spoken

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock fruitf8.accessibility.spoken
Removes a system notification. 1 IoCs
evasion

Processes:

fruitf8.accessibility.spoken

description ioc process

Framework service call android.app.INotificationManager.cancelNotificationWithTag fruitf8.accessibility.spoken

pid	process
4976	fruitf8.accessibility.spoken

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	fruitf8.accessibility.spoken

description	ioc	process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	fruitf8.accessibility.spoken

fruitf8.accessibility.spoken
1⤵
- Makes use of the framework's Accessibility service.
- Removes its main activity from the application launcher
- Acquires the wake lock.
- Removes a system notification.
PID:4976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/Config/sys/apps/log/log-2023-10-11.txt

Filesize
12B

MD5
a9256f55737b655c8cff95418411997c

SHA1
d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24

SHA256
bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412

SHA512
10d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2023-10-11.txt

Filesize
12B

MD5
a9256f55737b655c8cff95418411997c

SHA1
d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24

SHA256
bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412

SHA512
10d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2023-10-11.txt

Filesize
12B

MD5
a9256f55737b655c8cff95418411997c

SHA1
d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24

SHA256
bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412

SHA512
10d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2023-10-11.txt

Filesize
24B

MD5
588a58857e1360eb0c100f8f2012711e

SHA1
2e3b2ae2c366e910552d8e9b5b7875e31fdcb8d2

SHA256
05e7156d086ca39a584f9769b08904d6e5b47b5c44c84e23b025fe100df0c9bf

SHA512
6954534f2eef037ac2d197bdc1734c3ebfe5350cbaff81993d0bddc8485ccdf82812c5e248107f6ad3bad3e3b7a105369aeb9ff92101671bcbe67ff91e04088b

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2023-10-11.txt

Filesize
275B

MD5
32aed9e50345f9d10137c180fbbcbc63

SHA1
39b9a9a75aa797aeaee8697231f4c3fdbc058d8d

SHA256
79444b768b507cdc4ea82bf4a6caf8b33041d31a85011cc316df0e6700919dae

SHA512
4723dc3da1c59683c765d63f751f470bc26ccb67c04f4638615fe1e3028c798aa30721631d491866b78f48bd8376754f7c4a33815265547bd2e019973f2bf7b0

Download Submit