d6157f0e95d779e71313b68616c0b55330ab639d39e4e142e51ef1cd957fabd9

Resubmissions

06-12-2023 12:47

231206-pz878sdb7t 10

05-12-2023 11:01

231205-m4lavsah93 10

Analysis

max time kernel
967390s
max time network
212s
platform
android_x86
resource
android-x86-arm-20231023-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231023-enlocale:en-usos:android-9-x86system
submitted
05-12-2023 11:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ready.apk
Size

8.6MB
MD5

63e1a96e44c538e64c4101b3efa06def
SHA1

a96e35c5c6a11cc74e29af2d2d52438868ab6021
SHA256

d6157f0e95d779e71313b68616c0b55330ab639d39e4e142e51ef1cd957fabd9
SHA512

b6cace864a2162a94c7229b7bffbe6fd4950f63f58f23978052ed1b96ca1395b8c578e0d4ff76ed877183f68a1fca72201c77a12d42ed429aed13fbf165498f2
SSDEEP

98304:wWekjTjdiEunideI1N2mzDzB4TG0tcsfCCB:wWjvFBzeNOCB

Score

8^/10

evasion

Malware Config

Signatures

Makes use of the framework's Accessibility service. 3 IoCs

Processes:

diploma.situated.ceiling

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	diploma.situated.ceiling
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	diploma.situated.ceiling
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	diploma.situated.ceiling

Acquires the wake lock. 1 IoCs

Processes:

diploma.situated.ceiling

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock diploma.situated.ceiling
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
evasion

Processes:

diploma.situated.ceiling

description ioc process

Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS diploma.situated.ceiling
Removes a system notification. 1 IoCs
evasion

Processes:

diploma.situated.ceiling

description ioc process

Framework service call android.app.INotificationManager.cancelNotificationWithTag diploma.situated.ceiling

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	diploma.situated.ceiling

description	ioc	process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	diploma.situated.ceiling

description	ioc	process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	diploma.situated.ceiling

diploma.situated.ceiling
1⤵
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Removes a system notification.
PID:4260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/Config/sys/apps/log/log-2023-12-05.txt
Filesize
53B

MD5
3bf7cf538ec7caa655b3867a6cef6af6

SHA1
ad8f260e8020a387bae89ff5c5697ee6d9626f28

SHA256
f59c01e7c2d80cfbf0258bde1a34c279c6482be670c0966cac098f5f66f844a9

SHA512
911ede096265f8feabcf0a76bffb502f95008992b82a2ef0605d47532e37634d6691d22c61ae962ca60bd4210e6e440099678d9f8f1c3b814d24f03bfa2deabc

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2023-12-05.txt
Filesize
21B

MD5
40fcf48a4ecdb632240619eb756772ce

SHA1
83706b0dcc3ff8032962dcd0d73a36ba65dd6f30

SHA256
d153cc76e9f7a12c26dbe0d197285a77fc8efeed1b1f3d35c25ba386711b5c80

SHA512
4757ed0904a24ed77c8c2dca9be96f084cebc54a93c43eb0eb27545aba7e58916abb0b639254d90ebffea1e760b85d0a0fe53ada28194734748116475dd9829b

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2023-12-05.txt
Filesize
57B

MD5
a9ec0c42a43c72d73c499e5c17ccbb8b

SHA1
731652fbfe61eac3fdb4b9d3e2eaa010848a0906

SHA256
6c5309ce3f31c9af3288b0de3305b7f5ddee97be60ca4ac1184f3c334480c05b

SHA512
5f8ed24a51f68cfa0627aceb9190d3a7febaee61bd5a89898ab113ddaa7ce2a41f129a28c4e200d5e5e4ddff7a483abc0393dc38e870782caf1c46d2ec0df2e3

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2023-12-05.txt
Filesize
57B

MD5
a9ec0c42a43c72d73c499e5c17ccbb8b

SHA1
731652fbfe61eac3fdb4b9d3e2eaa010848a0906

SHA256
6c5309ce3f31c9af3288b0de3305b7f5ddee97be60ca4ac1184f3c334480c05b

SHA512
5f8ed24a51f68cfa0627aceb9190d3a7febaee61bd5a89898ab113ddaa7ce2a41f129a28c4e200d5e5e4ddff7a483abc0393dc38e870782caf1c46d2ec0df2e3

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2023-12-05.txt
Filesize
827B

MD5
c7cead8aa005fe37a9d5ef6819b6c4d7

SHA1
51315f027f6a9b4c6e76c60cbacf0c0ed97a7e18

SHA256
15d054864139d1a08c0d8b8eb8e8568c32ed59af68bc3b1054769ebdbf66a594

SHA512
d48686e70b4a967bd87404c94d4628250f7759a7dfb33e09e90db5dfaa36603ebdc703720b704545c00e61290160deb1f479be5d14274f027772a7cb5307a1fb

Download Submit