67430833f94c8062f52b0619ef12e5ee531c314f3f0bf46a73d5a7b98693565f

Analysis

max time kernel
2105172s
max time network
144s
platform
android_x86
resource
android-x86-arm-20231023-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231023-enlocale:en-usos:android-9-x86system
submitted
29-10-2023 22:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67430833f94c8062f52b0619ef12e5ee531c314f3f0bf46a73d5a7b98693565f.apk
Size

4.6MB
MD5

3c41c4c9bfce2d80e6223f5347d55f56
SHA1

c373286a8da3e59d03c53a67b25482bd7e271766
SHA256

67430833f94c8062f52b0619ef12e5ee531c314f3f0bf46a73d5a7b98693565f
SHA512

968d3f8fca53950d19406f958be4f63529edf14b2055eaa56cefcb254a85d6e3263e92dc1053b9b223b1b950ca1f626b5573b39aef8a94c6360f90d2cc3deb4e
SSDEEP

98304:DvfYCMfBYdBovPtpZW+W+uDuvEEJ/3wKibsr/HGWKXc/r/uZ9lbh9tIH:83fSc0+W+uDI91//HGWQZ9lV9SH

Score

8^/10

evasion stealth trojan

Malware Config

Signatures

Makes use of the framework's Accessibility service. 3 IoCs

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.joinhoney.honeyandroid
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.joinhoney.honeyandroid
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.joinhoney.honeyandroid

Removes its main activity from the application launcher 8 IoCs

stealth trojan

pid	Process
4333	com.joinhoney.honeyandroid
4333	com.joinhoney.honeyandroid
4333	com.joinhoney.honeyandroid
4333	com.joinhoney.honeyandroid
4333	com.joinhoney.honeyandroid
4333	com.joinhoney.honeyandroid
4333	com.joinhoney.honeyandroid
4333	com.joinhoney.honeyandroid

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.joinhoney.honeyandroid/app_DynamicOptDex/LmRrjjACo.json	4333	com.joinhoney.honeyandroid

Reads information about phone network operator.

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs

evasion

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.joinhoney.honeyandroid

Removes a system notification. 1 IoCs

evasion

description	ioc	Process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	com.joinhoney.honeyandroid

com.joinhoney.honeyandroid
1⤵
- Makes use of the framework's Accessibility service.
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Removes a system notification.
PID:4333

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.joinhoney.honeyandroid/app_DynamicOptDex/LmRrjjACo.json

Filesize
573KB

MD5
363d356cec6c707ea4dae1df711339ea

SHA1
0624f06891a8a70bd6d16aa3649fe0770dc107d3

SHA256
ac028d4f0f88ad01d406830e4acdfac62627e3f7c29c489903ea262fada8d4de

SHA512
d64f6e3451acb0b113a7c7f3c691044237068a8a8697e1bee265ea0be52699fdd4c622454a936d50a9f08509bd1ffbc125dcd4efe75bd7d7d5fc5b6d3a2f182b

Download Submit
/data/data/com.joinhoney.honeyandroid/app_DynamicOptDex/LmRrjjACo.json

Filesize
573KB

MD5
510c86c35726dcdeedc656d64ad0537d

SHA1
dbbac669ced41485c64ffb619dbdea0104297c76

SHA256
35abdf7c89f2b187c484eda16d18942d7afecd2730d894c8badc9590673ad999

SHA512
7bef7f5f156737046c4cd20f22672f929f36235457e35bce463ba57e0586f8f90ec08a22f751491ad7900094bb7f8400fb4515ecc557286ae4abbfef25048d2c

Download Submit
/data/data/com.joinhoney.honeyandroid/app_DynamicOptDex/oat/LmRrjjACo.json.cur.prof

Filesize
403B

MD5
92bbf0cd6bfe235743fc6a18eb79b335

SHA1
4893a884de19d98d7fe7f58c4bda6e81884a4b3a

SHA256
9f425a0fcff28b3be15ccaa190d4927b8acd10b684d2ca0cd03e11f776701d45

SHA512
4d40a531be7ea40a816d0e03742abd2cafc62aff08ffc5cc8b76843db70ad0f31788f433dcfaedab477791e00cd9aa0c04f457c3a67fd366e979807e8973d668

Download Submit
/data/user/0/com.joinhoney.honeyandroid/app_DynamicOptDex/LmRrjjACo.json

Filesize
634KB

MD5
58ba52bf98d823ce20663b9a5dda16c3

SHA1
66151ee0c403dbc854846a97bc133c6cea5caf10

SHA256
87064019a322cbb8952e7f7660b5a292444f944a89deb9fdc075ae6a789440fe

SHA512
21e1e7eef0550230d8a10a0759e2eb8cc2ce0b8a1d8f14a59c8b4e364a20c8c3dac9ceabde24248773a776da158df644da6c976f84e5da5b3df8f3c68b191767

Download Submit