9a8a1f2f57dca02d518021ab4603e8c5a5e4a606ee9f6ff8cee27a8d0f0c203c

Analysis

max time kernel
516845s
max time network
150s
platform
android_x86
resource
android-x86-arm-20230831-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20230831-enlocale:en-usos:android-9-x86system
submitted
11-10-2023 08:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ready.apk
Size

15.3MB
MD5

e5a89bcae0c0e5e6cd3bec30e11fd3f9
SHA1

7cf72572ac3e6643a011dcda04043e6fdbc198c7
SHA256

9a8a1f2f57dca02d518021ab4603e8c5a5e4a606ee9f6ff8cee27a8d0f0c203c
SHA512

392f4497e18c7322c2e9c2b1acce252c240f5f30348a5e35bd92ce257c62676b2af0655128da88f5e32b3cd25531ba058c980b75a5e8211377cec15bfd46909e
SSDEEP

24576:BDiwlfglBWItYYjwjCgI4hgN42HwaxGNA7R:dCTO87N4GwaxnF

Score

8^/10

evasion stealth trojan

Malware Config

Signatures

Makes use of the framework's Accessibility service. 3 IoCs

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	fruitf8.accessibility.spoken
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	fruitf8.accessibility.spoken
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	fruitf8.accessibility.spoken

Removes its main activity from the application launcher 1 IoCs

stealth trojan

pid	Process
4166	fruitf8.accessibility.spoken

Acquires the wake lock. 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	fruitf8.accessibility.spoken

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs

evasion

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	fruitf8.accessibility.spoken

Removes a system notification. 1 IoCs

evasion

description	ioc	Process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	fruitf8.accessibility.spoken

fruitf8.accessibility.spoken
1⤵
- Makes use of the framework's Accessibility service.
- Removes its main activity from the application launcher
- Acquires the wake lock.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Removes a system notification.
PID:4166

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/Config/sys/apps/log/log-2023-10-11.txt

Filesize
12B

MD5
a9256f55737b655c8cff95418411997c

SHA1
d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24

SHA256
bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412

SHA512
10d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2023-10-11.txt

Filesize
12B

MD5
a9256f55737b655c8cff95418411997c

SHA1
d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24

SHA256
bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412

SHA512
10d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2023-10-11.txt

Filesize
12B

MD5
a9256f55737b655c8cff95418411997c

SHA1
d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24

SHA256
bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412

SHA512
10d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2023-10-11.txt

Filesize
24B

MD5
588a58857e1360eb0c100f8f2012711e

SHA1
2e3b2ae2c366e910552d8e9b5b7875e31fdcb8d2

SHA256
05e7156d086ca39a584f9769b08904d6e5b47b5c44c84e23b025fe100df0c9bf

SHA512
6954534f2eef037ac2d197bdc1734c3ebfe5350cbaff81993d0bddc8485ccdf82812c5e248107f6ad3bad3e3b7a105369aeb9ff92101671bcbe67ff91e04088b

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2023-10-11.txt

Filesize
275B

MD5
e91e531adb2cbd3323f3316aadc649ee

SHA1
872e9ac1533ae9d54c0e442a1ffae49675c96879

SHA256
00d50916f29b36406b567487ba75dc1aaacac8b5fe2aa24ee72ed1f7fd6b8fdf

SHA512
9bd6b712209e33ffaa3d004ab8626ed96936cc5c135a5218496091c372be8d862279202a5209877d768096e9f381769b33207cf6c15729d5fa601d71043a9392

Download Submit