e976a0373b75ab36f419de387c8224e3ee30ece717ffff1573298c50e92ea080

Analysis

max time kernel
1081652s
max time network
157s
platform
android_x64
resource
android-x64-arm64-20230831-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20230831-enlocale:en-usos:android-11-x64system
submitted
13-10-2023 04:00

Target

cbba07cac36c13850c1c0898d00bfbd0.apk
Size

3.8MB
MD5

cbba07cac36c13850c1c0898d00bfbd0
SHA1

5a4dc213d4cf6461d8a5ac1c8b49dd5fefdca459
SHA256

5e18b2f454ef7536d3301f72a53ced7827d0032eb479aeca1001095df9eefda4
SHA512

fecfad88630c519e0ed3aa9efc6a6303151fa742477959b97390d5fee665c65ca045fae81d826425987ed30bd19939a60612db048bf9107c91e1a5687e15841e
SSDEEP

98304:aup12jvFp+CQNaI87791LehbimzTzBtTA0tQasb5G:aup6QNy+NzjrQG

Score

8^/10

banker evasion

Makes use of the framework's Accessibility service. 1 IoCs

Processes:

missing.sold.suspended

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	missing.sold.suspended

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
banker

Processes:

missing.sold.suspended

description ioc process

Framework service call android.content.pm.IPackageManager.getInstalledApplications missing.sold.suspended
Acquires the wake lock. 1 IoCs

Processes:

missing.sold.suspended

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock missing.sold.suspended
Removes a system notification. 1 IoCs
evasion

Processes:

missing.sold.suspended

description ioc process

Framework service call android.app.INotificationManager.cancelNotificationWithTag missing.sold.suspended

description	ioc	process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	missing.sold.suspended

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	missing.sold.suspended

description	ioc	process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	missing.sold.suspended

/storage/emulated/0/Config/sys/apps/log/log-2023-10-18.txt

Filesize
29B

MD5
ece45f8623243feea4df6c2fe45b36e1

SHA1
ef24e005271d92ed255e24a40a15d94b0d5f6bd3

SHA256
e011b2d4119782d41972729f76497925f6f503f6b87dbf8363a50d5134ff39a2

SHA512
86e5a142bb1c4607af14414558fca4711e9a043842aef5add7229d2b49a640d43d62383729edd60869f26e2ad28218d48228303e358b56038267d8bdaf6353da

Download Submit