Overview

overview

8

Static

static

6

953003f273...9b.apk

 

953003f273...9b.apk

android-10-x64

8

953003f273...9b.apk

android-11-x64

8

Analysis

  • max time kernel
    2445097s
  • max time network
    149s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231215-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
  • submitted
    20/12/2023, 08:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    953003f273f3896aa738e90269366da6d510fe33724712a10471ec9b496fde9b.apk

  • Size

    2.7MB

  • MD5

    aef22255be7749e9638470e7a1a54d62

  • SHA1

    f70a221ed4d27f99935eff00084256c6381dd408

  • SHA256

    953003f273f3896aa738e90269366da6d510fe33724712a10471ec9b496fde9b

  • SHA512

    2cbdfcc798a78a7363ec99783b3484393aca2e6f14ccfe75e08a6053bc7bdb12d621a95c5bc1edba198a458b1cdc7fbf856284fe95c6f6bde3fb2b6f87ee666b

  • SSDEEP

    49152://UfXySOWuYslgWeLU2N8V91qN/dXQilkoTx2K6leV4Wsbl22y+DPk:/QClWu1vA/xQilkMxd8bl223Dk

Score
8/10
evasionstealthtrojan

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 4 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests enabling of the accessibility settings. 1 IoCs
  • Acquires the wake lock 1 IoCs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs
    evasion

Processes

  • kifkiureqrhbeynpygqmqu.qxftfolgrfhgfmxknlsmbcwnr.phcmzyhjdudoj
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:4602

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/kifkiureqrhbeynpygqmqu.qxftfolgrfhgfmxknlsmbcwnr.phcmzyhjdudoj/app_DynamicOptDex/hIlRZT.json
    Filesize

    1.3MB

    MD5

    6b72ceb5fb2329fae8de2e6aa06e7c00

    SHA1

    eb1f68b848fe2a293d4574b579be022d916aa6b0

    SHA256

    0dbd95d0c56d6702ffd2c4a59b45cf47d27b55851fd080250bcec96bd1842c4a

    SHA512

    771d14c41b16718dfcdfd8cad72cad494de141f6cc14a482891aa404583452e8682cb359e3d8551c565f605a73fc8e37316fdca2a5ea502aa691574d7a8aa32b

    Download Submit

  • /data/user/0/kifkiureqrhbeynpygqmqu.qxftfolgrfhgfmxknlsmbcwnr.phcmzyhjdudoj/app_DynamicOptDex/hIlRZT.json
    Filesize

    1.3MB

    MD5

    06d69a4430a6a0d256d207624e2943b1

    SHA1

    b0b07f36b0bb706eb7f850e007e16ffd88fc7315

    SHA256

    716bb6129dcda904d057fdcd79ab338bc463a52f7466ed53ed2b9ac7e2f78244

    SHA512

    6dde91f290b45edbc646de270371bf3313701a5f54e0891c4aa26d90b79c2d0cefea4a099ad11647e97fac2f3ab80a9aa3b45c8f5d1b0eb81c84da91e5328160

    Download Submit