Analysis
-
max time kernel
150s -
max time network
154s -
platform
android_x86 -
resource
android-x86-arm-20240221-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system -
submitted
04-03-2024 22:02
Static task
static1
Behavioral task
behavioral1
Sample
959e5aa88f89fdf3e17dbc882776c232a94736bd1d3f581ee739fb7699165b7f.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
959e5aa88f89fdf3e17dbc882776c232a94736bd1d3f581ee739fb7699165b7f.apk
Resource
android-x64-20240221-en
General
-
Target
959e5aa88f89fdf3e17dbc882776c232a94736bd1d3f581ee739fb7699165b7f.apk
-
Size
806KB
-
MD5
3b35fa556f2a76f4d43d5bbf2478f3dc
-
SHA1
dea834907f7cdf9f4360758412ac252f3da0020c
-
SHA256
959e5aa88f89fdf3e17dbc882776c232a94736bd1d3f581ee739fb7699165b7f
-
SHA512
ac13dd9a4a840f21b15b95f7a876e9dd4ca1d114f1fc8f5e7c93137c72808de1732fd861e5fc7ca21063e9e0df308ea115ef023a0cefd2280552f1a95af794ff
-
SSDEEP
24576:j2V+65aGU4YULhAd1gRabg04IR6y3QLtnxz+P:j2V+iYULmURaM04I9qvzK
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs 2 IoCs
description ioc Process Framework service call android.content.pm.IPackageManager.getInstalledApplications khjjhkghkg.yulyuuyklyuky Framework service call android.content.pm.IPackageManager.getInstalledApplications khjjhkghkg.yulyuuyklyuky:cproc -
pid Process 4229 khjjhkghkg.yulyuuyklyuky -
Reads the contacts stored on the device. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://com.android.contacts/contacts khjjhkghkg.yulyuuyklyuky:cproc -
Requests enabling of the accessibility settings. 1 IoCs
description ioc Process Intent action android.settings.ACCESSIBILITY_SETTINGS khjjhkghkg.yulyuuyklyuky:cproc -
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal khjjhkghkg.yulyuuyklyuky:cproc
Processes
-
khjjhkghkg.yulyuuyklyuky1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Removes its main activity from the application launcher
PID:4229
-
khjjhkghkg.yulyuuyklyuky:cproc1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Reads the contacts stored on the device.
- Requests enabling of the accessibility settings.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4263