Analysis
-
max time kernel
443875s -
max time network
157s -
platform
android_x64 -
resource
android-x64-20231023.1-en -
resource tags
androidarch:x64arch:x86image:android-x64-20231023.1-enlocale:en-usos:android-10-x64system -
submitted
29-11-2023 09:40
Behavioral task
behavioral1
Sample
1st Mall v8.8.apk
Resource
android-x86-arm-20231023-en
Behavioral task
behavioral2
Sample
1st Mall v8.8.apk
Resource
android-x64-20231023.1-en
General
-
Target
1st Mall v8.8.apk
-
Size
20.8MB
-
MD5
9ad5aac3f171ff14172b19a73eeced34
-
SHA1
75508a751b36de5ca9d9648e2b88cc0167f452a6
-
SHA256
969ec0828fa2e80ba7dee9458932fa895eff6f20e629d6a576920e6f038ed2c1
-
SHA512
213438da9c57b0418737a5c7d504910aea5992a7aa629420ee5bbb5668903b8f7536b4505f1732ba9b7d269d4952b451a25abb13fed8a25b3d634e201a5fbff1
-
SSDEEP
49152:06jjgiKHUw7hPdlovtdIP5neIr9we1SCuhHmErDem:Bg1HUw3loFixGFem
Malware Config
Signatures
-
Makes use of the framework's Accessibility service. 2 IoCs
Processes:
telescope.essays.precisiondescription ioc process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId telescope.essays.precision Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId telescope.essays.precision -
Processes:
telescope.essays.precisionpid process 5054 telescope.essays.precision -
Acquires the wake lock. 1 IoCs
Processes:
telescope.essays.precisiondescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock telescope.essays.precision -
Removes a system notification. 1 IoCs
Processes:
telescope.essays.precisiondescription ioc process Framework service call android.app.INotificationManager.cancelNotificationWithTag telescope.essays.precision
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/storage/emulated/0/Config/sys/apps/log/log-2023-11-29.txtFilesize
29B
MD58398f9685db92ef32b358d39b8df1047
SHA1a1531e795775c3ea86a5e007e7e2df5aa025567f
SHA256ec95da19463ef809a63980f82489be34710e889f23f7adf06707ec698eeb4dde
SHA512ea8c4142a67d70cc234c50059f6dd597d9505d6f57749ac0ed04e5f342eeb028232c60ee33974373e1d63f82dc5b264cc55a00126380a972f14c49855efad1a7
-
/storage/emulated/0/Config/sys/apps/log/log-2023-11-29.txtFilesize
29B
MD58398f9685db92ef32b358d39b8df1047
SHA1a1531e795775c3ea86a5e007e7e2df5aa025567f
SHA256ec95da19463ef809a63980f82489be34710e889f23f7adf06707ec698eeb4dde
SHA512ea8c4142a67d70cc234c50059f6dd597d9505d6f57749ac0ed04e5f342eeb028232c60ee33974373e1d63f82dc5b264cc55a00126380a972f14c49855efad1a7
-
/storage/emulated/0/Config/sys/apps/log/log-2023-11-29.txtFilesize
29B
MD58398f9685db92ef32b358d39b8df1047
SHA1a1531e795775c3ea86a5e007e7e2df5aa025567f
SHA256ec95da19463ef809a63980f82489be34710e889f23f7adf06707ec698eeb4dde
SHA512ea8c4142a67d70cc234c50059f6dd597d9505d6f57749ac0ed04e5f342eeb028232c60ee33974373e1d63f82dc5b264cc55a00126380a972f14c49855efad1a7
-
/storage/emulated/0/Config/sys/apps/log/log-2023-11-29.txtFilesize
25B
MD5ba30336bf53d54ed3c0ea69dd545de8c
SHA1ce99c6724c75b93b7448e2d9fac16ca702a5711f
SHA2562d6988fb5afdaafc4e33fa1f71d6f10c95ab5a49a8ec820add5b13eef05439af
SHA512eea34ca526e03349e746d3687ea660b4748f0174fe2ffdb65161e232e08630b345e03329614852ce881a71362ba68575e9dd08fa361a416e5b2fb231e21a0a3e
-
/storage/emulated/0/Config/sys/apps/log/log-2023-11-29.txtFilesize
284B
MD550de593f6c7b7b647a382038e52df8b8
SHA1f1ed97c9c63e1b99c176a01b3346dce463fb9e02
SHA25640e002f570855ed964e117b8c9b71b1135116ded7a7e00366b544b702e139a40
SHA5121c89e8ccaf6005ba057e4e7eb6c41da3685098b5e8d428837912416b09a151631e7883187a087daf8b25d1c2cd7dc4556bf3f51b3599b8db4697189ed690b017