3d7e75e7edc14082c043dc563164e4366822650e57af234a99bde69cdc354fa3

Analysis

max time kernel
788166s
max time network
155s
platform
android_x64
resource
android-x64-arm64-20230831-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20230831-enlocale:en-usos:android-11-x64system
submitted
14-10-2023 02:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Youtube Lite Premium.apk
Size

3.7MB
MD5

c1f84911c2769d6c7f70d874451aa79b
SHA1

1b82ebb0fb5f30d4254086ba629b165dc0c460a8
SHA256

3d7e75e7edc14082c043dc563164e4366822650e57af234a99bde69cdc354fa3
SHA512

d408c08c59c20dfaa7c014d39a2b863fc4d2c5dfa06ce61be8245d649d1e2c5d689b2419ae3f3923da321eba063e06307b541b51647706a45365df3eb26227bc
SSDEEP

49152:joVN3rWUJBXlQEwXZLadDr6TczB4oI0WmzOzdGGHQTOafUzYqR0cgQImrikc/Iy9:j/MXezpWdft94oI0WmzOzBwTM0tQI9f

Score

8^/10

banker evasion stealth trojan

Malware Config

Signatures

Makes use of the framework's Accessibility service. 1 IoCs

Processes:

eng.swim.sequences

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	eng.swim.sequences

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
banker

Processes:

eng.swim.sequences

description ioc process

Framework service call android.content.pm.IPackageManager.getInstalledApplications eng.swim.sequences
Removes its main activity from the application launcher 1 IoCs
stealth trojan

Processes:

eng.swim.sequences

pid process

4525 eng.swim.sequences
Acquires the wake lock. 1 IoCs

Processes:

eng.swim.sequences

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock eng.swim.sequences
Tries to add a device administrator. 1 IoCs

Processes:

eng.swim.sequences

description ioc process

Intent action android.app.action.ADD_DEVICE_ADMIN eng.swim.sequences
Removes a system notification. 1 IoCs
evasion

Processes:

eng.swim.sequences

description ioc process

Framework service call android.app.INotificationManager.cancelNotificationWithTag eng.swim.sequences

description	ioc	process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	eng.swim.sequences

pid	process
4525	eng.swim.sequences

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	eng.swim.sequences

description	ioc	process
Intent action	android.app.action.ADD_DEVICE_ADMIN	eng.swim.sequences

description	ioc	process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	eng.swim.sequences

eng.swim.sequences
1⤵
- Makes use of the framework's Accessibility service.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
- Removes its main activity from the application launcher
- Acquires the wake lock.
- Tries to add a device administrator.
- Removes a system notification.
PID:4525

getprop ro.miui.ui.version.name
2⤵
PID:4629

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/Config/sys/apps/log/log-2023-10-14.txt

Filesize
29B

MD5
ece45f8623243feea4df6c2fe45b36e1

SHA1
ef24e005271d92ed255e24a40a15d94b0d5f6bd3

SHA256
e011b2d4119782d41972729f76497925f6f503f6b87dbf8363a50d5134ff39a2

SHA512
86e5a142bb1c4607af14414558fca4711e9a043842aef5add7229d2b49a640d43d62383729edd60869f26e2ad28218d48228303e358b56038267d8bdaf6353da

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2023-10-14.txt

Filesize
37B

MD5
d813352605d9b78bf3df990793920f41

SHA1
cf8bf9c9300ec0c8adc31aaa90d5b5c100af604f

SHA256
b1ee488766841db49f503d75f926d70c6cc5fdbcffc8d1e87b6bfaf2684cdbac

SHA512
b28a4e9f1ae61570e873289a38a1ef72fb5412d75817b89e17af238744906f126f751485e33eeebb55de29ecc16d648fe783bebcc76fc1d514f11ba71fed52cf

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2023-10-14.txt

Filesize
41B

MD5
cac26c59b7f84456b8e30178e0fca3e2

SHA1
73bb94b74ff6c9b4b42732e5a14c09bd65b7cf4f

SHA256
b3e1fc19049bd934f40123caecac727229eb43fa4dc7c0174f8743291ebeb608

SHA512
3af77a61921e49b8c8a2866275161480605154beed9a12e1252c87bdba08a373e7ac2328880f2a09b5e74b98282c718cbf651ac6e7ab60e7f48e4850911de7f9

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2023-10-14.txt

Filesize
25B

MD5
ba30336bf53d54ed3c0ea69dd545de8c

SHA1
ce99c6724c75b93b7448e2d9fac16ca702a5711f

SHA256
2d6988fb5afdaafc4e33fa1f71d6f10c95ab5a49a8ec820add5b13eef05439af

SHA512
eea34ca526e03349e746d3687ea660b4748f0174fe2ffdb65161e232e08630b345e03329614852ce881a71362ba68575e9dd08fa361a416e5b2fb231e21a0a3e

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2023-10-14.txt

Filesize
57B

MD5
3af69119804d1d999d56d230338ffd36

SHA1
69350826205583c8acc385ee0a6e3fc2673ee2ca

SHA256
10994862cb263ab6b1e4428cc24cc9c585458fc67544fe0f5dfea81a5a7a115c

SHA512
4a41b19d28f637b397d9dff225621694c44c750a9bd65f3e6ad5d3b9acf0d118910ddf53d4618213f9e14c61e0fb154f33f2747dd3b8d50459990767f42fc8cb

Download Submit