Analysis
-
max time kernel
301s -
max time network
309s -
platform
android_x64 -
resource
android-x64-arm64-20240221-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system -
submitted
31-03-2024 13:57
Behavioral task
behavioral1
Sample
xxx.apk
Resource
android-x64-20240221-en
Behavioral task
behavioral2
Sample
xxx.apk
Resource
android-x64-arm64-20240221-en
Behavioral task
behavioral3
Sample
xxx.apk
Resource
android-33-x64-arm64-20240229-en
General
-
Target
xxx.apk
-
Size
4.4MB
-
MD5
609002651a476451a876d70bb2113a3a
-
SHA1
cfd3ca670e09ab76978c21c6d7abf71337ec7edb
-
SHA256
18ebf26a49e2d0781470fd6a2afc8f7f47d480f939ac0fceaaf0d534f0564bf1
-
SHA512
26003a86728567d644f4bca36d8aeec7071d2e0f19320ae527e2ea3b18a108681fca53e5768d56add41f2d7f8c54fe5183569f0887cb4cc2236d14025d15b300
-
SSDEEP
98304:kyYLJNrab3QPKcZE50+9Q4mzQzBjTQ0t4EHY9W:kyYL/ejwvE6+9gzs73F
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 2 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
com.whh.premiumdescription ioc process Framework service call android.app.IActivityManager.setServiceForeground com.whh.premium -
Requests enabling of the accessibility settings. 1 IoCs
Processes:
com.whh.premiumdescription ioc process Intent action android.settings.ACCESSIBILITY_SETTINGS com.whh.premium -
Acquires the wake lock 1 IoCs
Processes:
com.whh.premiumdescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.whh.premium
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/storage/emulated/0/Config/sys/apps/log/log-2024-03-31.txtFilesize
13B
MD5de2c41a51ee9246eb1708f65b511add0
SHA12f442d634c8a18760a232c8829d4b5d74a52f074
SHA256ad2d914ca347cd1930e32f21c6d5448c34104bea181b93abc85ec518985653ab
SHA5127cdfbd001594503644e9ed80ae852f90ef9e841a8382e2eec6979e149a2c400a3b83055d205b4d1d66e1600e5127482932d5127eb5800d35a4ee5673fe34d84a
-
/storage/emulated/0/Config/sys/apps/log/log-2024-03-31.txtFilesize
17B
MD5ca7d8ac6124e1626f1c6412913414831
SHA1f953af9a378db943f9584b381e146233c5d0fbb9
SHA2560af366b2556fb64ce7226d6e0bc722d0d8a65f10e2fd6df678fa3c9137131dbe
SHA5121b615d2e9556a060ea21115a4fdd036a5cd29071ce22f5b55e49f7184a7d78aee6cb5cc7ddcf2f44e6860796cb327de0c37faf957d433c04360551342164b1d9
-
/storage/emulated/0/Config/sys/apps/log/log-2024-03-31.txtFilesize
94B
MD53853562775362ba1a7b8f551b8978753
SHA1c2fada066718ce03c48348d1e630c4f57aa156fc
SHA25650b1c996dea5b9e6e81829e23d8929d9ec46c77a3e1324836e443fe768e6f3dc
SHA51260c76533611c8213c80192fc6acc954320799335f765b69fb259d5563b04016922c87778ec1d11b2e4bca7043a6cd5e0a0870e65b0c55ef73ef02e108b67e192