Analysis
-
max time kernel
150s -
max time network
158s -
platform
android_x64 -
resource
android-x64-arm64-20240221-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system -
submitted
04-03-2024 22:04
Static task
static1
Behavioral task
behavioral1
Sample
391688b3696d7f32178588e823448e7cf6a630fdde040690006da8aa0805d916.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
391688b3696d7f32178588e823448e7cf6a630fdde040690006da8aa0805d916.apk
Resource
android-x64-20240221-en
General
-
Target
391688b3696d7f32178588e823448e7cf6a630fdde040690006da8aa0805d916.apk
-
Size
876KB
-
MD5
b47a082ef718144474a7e3e0238d2f5a
-
SHA1
78a37bbccf8dbc370567d7b1a60e5aee4c4be470
-
SHA256
391688b3696d7f32178588e823448e7cf6a630fdde040690006da8aa0805d916
-
SHA512
5123e1b414c6bf2da6700dde60f30f22f5413960f06b58e5b4646cad245c8a543f5c62c1b12534e95652233630c5e11e789c0381f0bc44f19517f8da034248f4
-
SSDEEP
24576:t+waQq/iVbIaKy257IJNwaiwZO6Dp+QnrHU64H:tkX/iV8L89CsHNc
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs 6 IoCs
description ioc Process Framework service call android.content.pm.IPackageManager.getInstalledApplications com.android.support.Lanucher:cproc Framework service call android.content.pm.IPackageManager.getInstalledApplications com.android.support.Lanucher:cproc Framework service call android.content.pm.IPackageManager.getInstalledApplications com.android.support.Lanucher:cproc Framework service call android.content.pm.IPackageManager.getInstalledApplications com.android.support.Lanucher:cproc Framework service call android.content.pm.IPackageManager.getInstalledApplications com.android.support.Lanucher:cproc Framework service call android.content.pm.IPackageManager.getInstalledApplications com.android.support.Lanucher -
pid Process 4594 com.android.support.Lanucher -
Reads the contacts stored on the device. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://com.android.contacts/contacts com.android.support.Lanucher:cproc -
Requests enabling of the accessibility settings. 5 IoCs
description ioc Process Intent action android.settings.ACCESSIBILITY_SETTINGS com.android.support.Lanucher:cproc Intent action android.settings.ACCESSIBILITY_SETTINGS com.android.support.Lanucher:cproc Intent action android.settings.ACCESSIBILITY_SETTINGS com.android.support.Lanucher:cproc Intent action android.settings.ACCESSIBILITY_SETTINGS com.android.support.Lanucher:cproc Intent action android.settings.ACCESSIBILITY_SETTINGS com.android.support.Lanucher:cproc -
Uses Crypto APIs (Might try to encrypt user data) 5 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.android.support.Lanucher:cproc Framework API call javax.crypto.Cipher.doFinal com.android.support.Lanucher:cproc Framework API call javax.crypto.Cipher.doFinal com.android.support.Lanucher:cproc Framework API call javax.crypto.Cipher.doFinal com.android.support.Lanucher:cproc Framework API call javax.crypto.Cipher.doFinal com.android.support.Lanucher:cproc
Processes
-
com.android.support.Lanucher1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Removes its main activity from the application launcher
PID:4594
-
com.android.support.Lanucher:cproc1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Reads the contacts stored on the device.
- Requests enabling of the accessibility settings.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4634
-
com.android.support.Lanucher:cproc1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Requests enabling of the accessibility settings.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4916
-
com.android.support.Lanucher:cproc1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Requests enabling of the accessibility settings.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4961
-
com.android.support.Lanucher:cproc1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Requests enabling of the accessibility settings.
- Uses Crypto APIs (Might try to encrypt user data)
PID:5049
-
com.android.support.Lanucher:cproc1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Requests enabling of the accessibility settings.
- Uses Crypto APIs (Might try to encrypt user data)
PID:5097