Analysis
-
max time kernel
151s -
max time network
157s -
platform
android_x64 -
resource
android-x64-20231215-en -
resource tags
androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system -
submitted
22-01-2024 21:56
Behavioral task
behavioral1
Sample
ready.apk
Resource
android-x86-arm-20231215-en
Behavioral task
behavioral2
Sample
ready.apk
Resource
android-x64-20231215-en
General
-
Target
ready.apk
-
Size
672KB
-
MD5
5b0003f522d2d02eba7eb4e854069222
-
SHA1
f8b9a8b89fad9cbcdc2ed502cf8bdc797bd2082e
-
SHA256
503ea875c6a93f7e221436915faa2d2bffa512d2b803f0802f5dd4e408a641b7
-
SHA512
df05d01017cd9a1cbb4fb6a6410d3f740c2b5474f84052bd760fc9a1d68129b4d8e2948618c62bcaf1cdb497429b8249d74e289c6413119b0b4ca3eaa06196c6
-
SSDEEP
12288:Iwlbo9GgLRBWItYYyow7HCgI4joWbZ/vXbQKS+WGZ6Rq21ZgO75UeM:IwlfglBWItYYjwjCgI4jl/vXbQtFUGNS
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
Processes:
handheldse1.occupations.asidedescription ioc process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId handheldse1.occupations.aside Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText handheldse1.occupations.aside Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId handheldse1.occupations.aside -
Processes:
handheldse1.occupations.asidepid process 4997 handheldse1.occupations.aside -
Acquires the wake lock 1 IoCs
Processes:
handheldse1.occupations.asidedescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock handheldse1.occupations.aside
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/storage/emulated/0/Config/sys/apps/log/log-2024-01-22.txtFilesize
12B
MD5a9256f55737b655c8cff95418411997c
SHA1d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24
SHA256bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412
SHA51210d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574
-
/storage/emulated/0/Config/sys/apps/log/log-2024-01-22.txtFilesize
36B
MD52515885c24e452431dc83ba42db61fb2
SHA17ab54d62a1287ba425c23f8c7eb9ac591a29a9c0
SHA2562df9c7a7ad6c9512c4694866f69a1ee66429800caabacf8d926e3ae229976c9c
SHA512a9936bce00ff35bb514da0ca4a14a38ac1098b05e4e68309bc15dc41cf002c60a97917325b7f5ed11c55e3dad26d7162bf52f43bebdc0c728e9cd9aca8737309
-
/storage/emulated/0/Config/sys/apps/log/log-2024-01-22.txtFilesize
24B
MD5989fbeb199a41f374cc40b871564ad6a
SHA186abf1d8d094b23cbb000bf181b5610b81527dbd
SHA25631a95b039f17f58c81f906829df093de833c5181ddeead47253ec9532044561d
SHA512228a359b5b1ddabec0079902c6db4f29d9b1dc241ca7c6aecc1b6e06b36a79e88aceaa127f7bb5904bfcc87468bb0daa3e5f506199a84bc6c2d247b31d321edf