805bce32df90c1e05ec5d86137115f75e2ec8665e3f3098439acf9e33ff0ee42

Analysis

max time kernel
2427653s
max time network
150s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
20/12/2023, 03:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

805bce32df90c1e05ec5d86137115f75e2ec8665e3f3098439acf9e33ff0ee42.apk
Size

145KB
MD5

657082dd0b1d7f36ef409b8fab26579b
SHA1

082af750a859714ce6d559f2a60aa40718436bb0
SHA256

805bce32df90c1e05ec5d86137115f75e2ec8665e3f3098439acf9e33ff0ee42
SHA512

29bfda1a9598abfd44fc8fa5d9c33e6fe2cf29761349f56d5156c3ab37a68815fc2e6e15bf186944b13a886616314ca32d9ea16f6cb6be15027ae74c1365b0df
SSDEEP

3072:RnDcEgy7IuX5xrtXxTOQC2OhS94/x5VTvkdEeKfZAiq:h9r7B5OhXJ5pAtgq

Score

8^/10

stealth trojan

Malware Config

Signatures

Makes use of the framework's Accessibility service 2 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	acy.avsihcujlhameorwdhctculvpsluuxuzyddwhqp.euppywigoielikpkfncxbiazulrdkzj
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	acy.avsihcujlhameorwdhctculvpsluuxuzyddwhqp.euppywigoielikpkfncxbiazulrdkzj

Removes its main activity from the application launcher 1 IoCs

stealth trojan

pid	Process
4197	acy.avsihcujlhameorwdhctculvpsluuxuzyddwhqp.euppywigoielikpkfncxbiazulrdkzj

Requests enabling of the accessibility settings. 1 IoCs

description	ioc	Process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	acy.avsihcujlhameorwdhctculvpsluuxuzyddwhqp.euppywigoielikpkfncxbiazulrdkzj

Reads information about phone network operator.

acy.avsihcujlhameorwdhctculvpsluuxuzyddwhqp.euppywigoielikpkfncxbiazulrdkzj
1⤵
- Makes use of the framework's Accessibility service
- Removes its main activity from the application launcher
- Requests enabling of the accessibility settings.
PID:4197

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/acy.avsihcujlhameorwdhctculvpsluuxuzyddwhqp.euppywigoielikpkfncxbiazulrdkzjdhgyjr/databases/init.db

Filesize
24KB

MD5
b49243e688558238565e58f39d077063

SHA1
9077df1e2f6df2fdc125b205000981ea84a636bd

SHA256
9dc71ec384f0b8cf449d9cab48020fd6af5909ccce0fe1607dcd97f16489f8c7

SHA512
b9b5428ace9ee70afe8b754ccd216f93f081fe75e6bedf46cf0ed87809c1c34933f7d41d71f90a3ececea0a1b066154d2036e558ca97e8c0fc5b3053a9d7648c

Download Submit
/data/data/acy.avsihcujlhameorwdhctculvpsluuxuzyddwhqp.euppywigoielikpkfncxbiazulrdkzjdhgyjr/databases/init.db

Filesize
16KB

MD5
9d1a1601a3d34de7adae69990baea6dc

SHA1
73bddbd3d98a1abfaa7c66912436532c699d0ff1

SHA256
809891321844fc6f4d11376c9d29ec0a116696b1e50af5351effbfaada429f0a

SHA512
e35c22bf38aed4728b628165be2ff7e0be4a2cb1b8a775785fe2632962d370bebfddb5e66da648de0d627d965e8de64b7c8bace45f3c8ae783dbb357800bdb60

Download Submit
/data/data/acy.avsihcujlhameorwdhctculvpsluuxuzyddwhqp.euppywigoielikpkfncxbiazulrdkzjdhgyjr/databases/init.db-journal

Filesize
512B

MD5
4f775fd5761acb67aa007fab45d60489

SHA1
b656cb6f7bf6b8bf23f19e5c128eaaabb71a1313

SHA256
eba25db0344eebcd2ed93254d7921439f215a213bf9f041653693023e1542e18

SHA512
2e9438a38182a476ff038c260ddc28126cb19d0f090fae37dc82e65863c018d674095be02fd981948395edf4229b3e767a1f7b3424c0a78d6cd513d64392240e

Download Submit
/data/data/acy.avsihcujlhameorwdhctculvpsluuxuzyddwhqp.euppywigoielikpkfncxbiazulrdkzjdhgyjr/databases/init.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/acy.avsihcujlhameorwdhctculvpsluuxuzyddwhqp.euppywigoielikpkfncxbiazulrdkzjdhgyjr/databases/init.db-wal

Filesize
36KB

MD5
0a3d624242c9a10533318775e42be0aa

SHA1
41e064ff2d125ef0193162016c11b0f559016179

SHA256
a8a6dfc81d340750591299c07d618fa5157ba8ddf0b0a91d56f2aa5002986a23

SHA512
439c802afbf03a45701b10e76e8076f907956d5764e70b34bceb283fec2ae338f58e6e9d4c338ebdd6e9c2d112c6070005555a9094a495c4f2d7bbdb069ae412

Download Submit
/data/data/acy.avsihcujlhameorwdhctculvpsluuxuzyddwhqp.euppywigoielikpkfncxbiazulrdkzjdhgyjr/databases/init.db-wal

Filesize
40KB

MD5
7be3e393134ca0a5b3df162494e50dd8

SHA1
a661764a64f9a699f198880f67ad267d5b17686f

SHA256
4c4c7b2fc3dbf388367f628f484fef3bb60c5a20235d4c4b9edbd489b3a2ccff

SHA512
cc4ee7324c1ce47370a52cdc770a72cf76882edaa06277e85c8d123af1880a7768c68973be41623f2913a0db139c43c8986fa2fe05931650e0bafb2f53b04458

Download Submit
/data/data/acy.avsihcujlhameorwdhctculvpsluuxuzyddwhqp.euppywigoielikpkfncxbiazulrdkzjdhgyjr/databases/init.db-wal

Filesize
4KB

MD5
478fdf4c911155692d7d11d9f25e2e8a

SHA1
bfb6b642cda347e6bd18c2956bb73f96667babf6

SHA256
b05bcec4e50bbec43bf3caec41f943cfaacac6b31eb5c505545c33790f90cbd3

SHA512
0be1a212228e3667ca307f3641586ab7d57532a6f795293867b35cb932bae2a035bf8b7eaa9adc47d4c63297de49119ee68653831135e020a199f4244054f31c

Download Submit