Analysis
-
max time kernel
150s -
max time network
157s -
platform
android_x64 -
resource
android-33-x64-arm64-20240229-en -
resource tags
androidarch:arm64arch:x64image:android-33-x64-arm64-20240229-enlocale:en-usos:android-13-x64system -
submitted
28-03-2024 11:03
Behavioral task
behavioral1
Sample
ready.apk
Resource
android-33-x64-arm64-20240229-en
General
-
Target
ready.apk
-
Size
6.2MB
-
MD5
d2316e41b2734a84b1fb6ff9ec1f68eb
-
SHA1
45ed65afdeed4784f2c18fc7c6d286cad64c7c47
-
SHA256
25dde97099c25b3d6cecc60bdcc5b9354db721effcf60206ff767d8982173fc6
-
SHA512
c9d813072354d695299346a4f1e6dc2b542e2f4ad31b35ea4f37b477a11e46d908884f75f3b92e4aacb287dcf2fc8642295cfd5044afdf9148ff69bb52905098
-
SSDEEP
12288:/9KPUwAGI6GQNXpf2GiY5oyMSt+mW7WhDxQdTWdx21XQrzpMUIh6yXlHNhsodYeC:TtGRGm2OGEWah17xGXzphLH5dYRePcfx
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 2 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
Processes:
racing.whilst.assumeddescription ioc process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText racing.whilst.assumed Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId racing.whilst.assumed Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId racing.whilst.assumed -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs 1 IoCs
Processes:
racing.whilst.assumeddescription ioc process Framework service call android.content.pm.IPackageManager.getInstalledApplications racing.whilst.assumed -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
racing.whilst.assumeddescription ioc process Framework service call android.app.IActivityManager.setServiceForeground racing.whilst.assumed -
Requests enabling of the accessibility settings. 1 IoCs
Processes:
racing.whilst.assumeddescription ioc process Intent action android.settings.ACCESSIBILITY_SETTINGS racing.whilst.assumed -
Acquires the wake lock 1 IoCs
Processes:
racing.whilst.assumeddescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock racing.whilst.assumed -
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
Processes:
racing.whilst.assumeddescription ioc process Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS racing.whilst.assumed
Processes
-
racing.whilst.assumed1⤵
- Makes use of the framework's Accessibility service
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Makes use of the framework's foreground persistence service
- Requests enabling of the accessibility settings.
- Acquires the wake lock
- Requests disabling of battery optimizations (often used to enable hiding in the background).
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/storage/emulated/0/Config/sys/apps/log/log-2024-03-28.txtFilesize
25B
MD5ba30336bf53d54ed3c0ea69dd545de8c
SHA1ce99c6724c75b93b7448e2d9fac16ca702a5711f
SHA2562d6988fb5afdaafc4e33fa1f71d6f10c95ab5a49a8ec820add5b13eef05439af
SHA512eea34ca526e03349e746d3687ea660b4748f0174fe2ffdb65161e232e08630b345e03329614852ce881a71362ba68575e9dd08fa361a416e5b2fb231e21a0a3e
-
/storage/emulated/0/Config/sys/apps/log/log-2024-03-28.txtFilesize
21B
MD590b6e366f2935174aa88d0b112738e02
SHA1887a94010b325bbebd7eef751a9168a0965d89b2
SHA25682c9959a31bb3fcd399485379a33e87394507c772d1f3dfd88da56f52d67f7d6
SHA512d4c98129ae0852020b7d7acfdd22421046c3596f56fd764be9b586024651e2115ec74145ded16e52ed1c05e854cf2eea1631f3158b65f095d7f26d57147a6511
-
/storage/emulated/0/Config/sys/apps/log/log-2024-03-28.txtFilesize
21B
MD5f11fb792965a4f96894b6dd287fe5782
SHA1a28b18cfbcd6b8d092822873cc2bdf2b9ddefa8c
SHA2561b36d711b95249053f396709031403390e3dcdd55850afb8317aad885ef19f54
SHA512cb67ada73eb845423e3f059b3b77db0100969179972f1b71e8d381437e977bb686546d527630514fadedaa11ef73d2d3ea7fd6a8c21b58698517339b01eefc93
-
/storage/emulated/0/Config/sys/apps/log/log-2024-03-28.txtFilesize
21B
MD540fcf48a4ecdb632240619eb756772ce
SHA183706b0dcc3ff8032962dcd0d73a36ba65dd6f30
SHA256d153cc76e9f7a12c26dbe0d197285a77fc8efeed1b1f3d35c25ba386711b5c80
SHA5124757ed0904a24ed77c8c2dca9be96f084cebc54a93c43eb0eb27545aba7e58916abb0b639254d90ebffea1e760b85d0a0fe53ada28194734748116475dd9829b
-
/storage/emulated/0/Config/sys/apps/log/log-2024-03-28.txtFilesize
669B
MD53330934759530da803df98ba65e0546f
SHA1d9e26631a0d02e4af435970b9ec58408ecd6b492
SHA25616548e1c541cb398912e3072c91d4f9bde3ce5c7565beb1deaa0fbbc68f77ae5
SHA5122fb7e5e2361ee7ed120e017dc0f6a6601dad47b9e48a05a77eb783f1cb33a0e22340e51c17f46e94a9eb0ba902b04d34efa4040a9b0625aab29a78368ea9ddbc