503ea875c6a93f7e221436915faa2d2bffa512d2b803f0802f5dd4e408a641b7

Analysis

max time kernel
150s
max time network
157s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
22-01-2024 21:56

Target

ready.apk
Size

672KB
MD5

5b0003f522d2d02eba7eb4e854069222
SHA1

f8b9a8b89fad9cbcdc2ed502cf8bdc797bd2082e
SHA256

503ea875c6a93f7e221436915faa2d2bffa512d2b803f0802f5dd4e408a641b7
SHA512

df05d01017cd9a1cbb4fb6a6410d3f740c2b5474f84052bd760fc9a1d68129b4d8e2948618c62bcaf1cdb497429b8249d74e289c6413119b0b4ca3eaa06196c6
SSDEEP

12288:Iwlbo9GgLRBWItYYyow7HCgI4joWbZ/vXbQKS+WGZ6Rq21ZgO75UeM:IwlfglBWItYYjwjCgI4jl/vXbQtFUGNS

Score

8^/10

Makes use of the framework's Accessibility service 3 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

Processes:

handheldse1.occupations.aside

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	handheldse1.occupations.aside
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	handheldse1.occupations.aside
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	handheldse1.occupations.aside

Removes its main activity from the application launcher 1 IoCs
stealth trojan

Processes:

handheldse1.occupations.aside

pid process

4277 handheldse1.occupations.aside
Requests enabling of the accessibility settings. 1 IoCs

Processes:

handheldse1.occupations.aside

description ioc process

Intent action android.settings.ACCESSIBILITY_SETTINGS handheldse1.occupations.aside
Acquires the wake lock 1 IoCs

Processes:

handheldse1.occupations.aside

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock handheldse1.occupations.aside
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
evasion

Processes:

handheldse1.occupations.aside

description ioc process

Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS handheldse1.occupations.aside

pid	process
4277	handheldse1.occupations.aside

description	ioc	process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	handheldse1.occupations.aside

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	handheldse1.occupations.aside

description	ioc	process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	handheldse1.occupations.aside

/storage/emulated/0/Config/sys/apps/log/log-2024-01-22.txt
Filesize
12B

MD5
a9256f55737b655c8cff95418411997c

SHA1
d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24

SHA256
bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412

SHA512
10d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-01-22.txt
Filesize
24B

MD5
2b8d7b8040eeac850da29089d676474d

SHA1
a9b9990809658c2c59a45f00827307c8e319f2e7

SHA256
3a58158381a9621646342db5553ca01fdd0d9b7e1475c47469aa85658eca9e8c

SHA512
94cf560ecff1c6328fb64e5ec394a689424131712c6bbe0dcdf5793f97b850e808cea4d41edf4c7b8bc95e51e5f4fed56a7acec1e2f98b59e8428d2d253c8724

Download Submit