Overview

overview

8

Static

static

6

05B5E5C3F1...F3.apk

android-9-x86

8

05B5E5C3F1...F3.apk

android-10-x64

8

05B5E5C3F1...F3.apk

android-11-x64

8

Analysis

  • max time kernel
    47s
  • max time network
    155s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240221-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
  • submitted
    18/03/2024, 19:17

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    05B5E5C3F137413DA8E304B141F464BDAE154B91B08F97BFBC4A840785517BF3.apk

  • Size

    2.6MB

  • MD5

    6b9d7d6258ab2c06167a43cbff62c6f8

  • SHA1

    f16ff8419308676ac32baeecfe9143acc9f2ee61

  • SHA256

    05b5e5c3f137413da8e304b141f464bdae154b91b08f97bfbc4a840785517bf3

  • SHA512

    f383c5cd1162afc331b3babb1328d1574a19708660ffe5860994ccd9a718cce8c1a750a3cdc26d0f86b61b21c78e1fffdd7f7bbafff9b0f4801bc64fce0996a1

  • SSDEEP

    49152:GL41pQ71qEfLow2UZD93yJQJ5GYFGpSUE0EOiLfeJfdJRrv2tfW:GLXpqEfLow2WwQuY8pLMOjJVJZvSW

Score
8/10
collectionevasionstealthtrojan

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 4 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Requests enabling of the accessibility settings. 1 IoCs
  • Acquires the wake lock 1 IoCs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs
    evasion

Processes

  • gcfscmmtue.mdzrsksczphmec.syq
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:4589

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/user/0/gcfscmmtue.mdzrsksczphmec.syq/app_DynamicOptDex/Ty.json
          Filesize

          1.2MB

          MD5

          ea11806d4e52273389604a95aeaac08b

          SHA1

          93aad8c0bf7f5b45bfa01ae3884fd2f18cfc6dcd

          SHA256

          ca5bc46f3207ae52f3d376bb5dca487a49971bfa9104e0cc563f6dd17b61cdf5

          SHA512

          831f7e137f6bc8b675c542befac649d2285bd0039f6f71ec5dc2ba577336bd3e07f431981e9c3511e5d915336c04499ad57347dec7bf3fe92c7c3c17f6d50560

          Download Submit

        • /data/user/0/gcfscmmtue.mdzrsksczphmec.syq/app_DynamicOptDex/Ty.json
          Filesize

          1.2MB

          MD5

          bfeb9b6b08a33a0bbf30e0e47fa8eae4

          SHA1

          0e5bb4270e74345f9a55e2add08a6398d664400e

          SHA256

          c4e55128978e1489253330c53625fe91a8515184dc1cb626df7414548f7ee7e6

          SHA512

          f3f9f1da177458d20e8d4840898aa3f2226f12090ba752721a9f5597822dee5d51ef4e0e21e125a6e2cffd76ad37909b8b405d138212257fd73211072715693a

          Download Submit

        • /data/user/0/gcfscmmtue.mdzrsksczphmec.syq/app_DynamicOptDex/oat/Ty.json.cur.prof
          Filesize

          242B

          MD5

          1b5531cbd78683b1d057eceabe920ede

          SHA1

          6b32aae67feb5130734923db12c1876ebf7ef1b3

          SHA256

          5fdaabd80b98539b60016435606f3d5c2120cfa5a42ebf4439d4d3636527a44f

          SHA512

          36da92e71942f581f23f519adb83a75a16a2c1f5479e5dec898e81aab94c66ccc58f72ae2044a190bf38994886d60a786827f393f8d22faf444692ff4bf87e84

          Download Submit