545e1638a22602271762ce27fac8d4493b2b80b5b5de5abe256cb2934864c782

Analysis

max time kernel
152s
max time network
159s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
27/03/2024, 09:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

19e74d9f5649e9180b2b32b95c654e7fe448d989a44c15c9b3c245fa3150df5a.apk
Size

4.5MB
MD5

f0fffd3459637546cf65cff79da1bde7
SHA1

49aae3372d8d63be7b2adf057739429cbebf861b
SHA256

19e74d9f5649e9180b2b32b95c654e7fe448d989a44c15c9b3c245fa3150df5a
SHA512

8a182ca9c9e780a9e0df6c80ca1ab36f89d84312196e7985ae7ac2fc624ba80163514042e610e50548d8c861239633efe20ebe0bf60daffc45430f9e8b855425
SSDEEP

98304:u9hinlhin6Vhinahinx1hin6hinshinUhinxIeZ9o2mH9krEXw:ubCzC6DC8CxjCcCyCKCxN9pmH9kIXw

Score

8^/10

collection evasion persistence

Malware Config

Signatures

Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion

Input Injection

T1516

Screen Capture

T1513

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.snbaco.newapp
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.snbaco.newapp

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.snbaco.newapp

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.snbaco.newapp

com.snbaco.newapp
1⤵
- Makes use of the framework's Accessibility service
- Makes use of the framework's foreground persistence service
- Acquires the wake lock
PID:4455

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Input Injection

T1516

Credential Access

Discovery

Lateral Movement

Collection

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.snbaco.newapp/cache/1

Filesize
309B

MD5
cad0d927c3585c0e21688980f14315a6

SHA1
17c76f4c6fe4bc006c3d5b9e6a5d4a37d8db2041

SHA256
4e5ab1c0cb9c537b3b4f64f1e7477151971ae9d53df6ae0c4404c9a8f824f44c

SHA512
c42000b1e16bfa2d316fd626f4d7ceab1c985e7257ed68bb3bcfa68f7356bc6e4bd125b09b0952a189aa522234d6fc1c56feac5a842cc1f7b8ae3c278dda697e

Download Submit
/data/user/0/com.snbaco.newapp/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/user/0/com.snbaco.newapp/files/db.db

Filesize
40KB

MD5
0f846d61a922fcd3852c7241f99dc9bc

SHA1
2198433f3a500dcf88048096d0dbdb9f26b7ce47

SHA256
39ced8a590d3e71780b7d787db9b98065d9cd7a9f987dda085fb837a012cff8d

SHA512
d2380af9ad7c68ffdca1745f6dc3f747cc5ff5622ad1c6a1b1af79267c8d3d1f28fe6e01c435797a77309ec31ce085a3c6866503b01bc9850f679ffb34ea3c08

Download Submit
/data/user/0/com.snbaco.newapp/files/loading.gif

Filesize
121KB

MD5
7b38720a0352dffa26411726c72dd2b0

SHA1
b15e687f42abcdc12427f146a3115ef2259211f8

SHA256
2013f490d45638cada331b3474ed65b9a43cec60da773accc98332e58c06336d

SHA512
0df28f87da4f9beb3ca8c108f54021a2a1a1434771abbb5ba67a2736097f2287b05e5220a33e92c42ee13ecae1144714a422b986763712794f69e65bc44c83e3

Download Submit
/data/user/0/com.snbaco.newapp/files/txtscreensize.txt

Filesize
11B

MD5
1b65c10c6215685f9d621d797f911373

SHA1
cc50aaed5cd521a62ec8cf9fe0413153ec90f265

SHA256
2230c2b2787663a054c47450ecd1718f0296853ad768b8e5d306ecb912685e89

SHA512
5a9139f295dbe384b1584eff5c11f3f86759232f7b661b75f27fe92b996b4cdc0552e315f79b26f5f2c1f91756d9ae04cf0c3675b6172e91a3d373b9b314496f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads