Analysis
-
max time kernel
309s -
max time network
311s -
platform
android_x64 -
resource
android-x64-20240221-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system -
submitted
31-03-2024 13:42
Behavioral task
behavioral1
Sample
ready.apk
Resource
android-x64-20240221-en
Behavioral task
behavioral2
Sample
ready.apk
Resource
android-x64-arm64-20240221-en
General
-
Target
ready.apk
-
Size
57.5MB
-
MD5
b85c789a80b3f6bd5910c4aed1c01716
-
SHA1
563e68b24deb3f8bb6dff3c46cc861a48ea2bc73
-
SHA256
7e575c15d833e5a86c3a8f15a184ab75ded1cbfd62fc564758d5a2afe5f2b9a3
-
SHA512
897fc624d30d212b23ee61c8a47bbac741e466d7efe56116c8a9d4cd99dcbab40ff0f17254517710fdf2055a0a767dc6b12e4c962d1e3f1370c2a7bb174301e9
-
SSDEEP
1572864:ebmKR/R2InCUVZbWEB7e0Uyxr8a3MAPfSbJ77m6x5:eXR2jU36DRyJOLbp7m6j
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 2 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
flashing.downloaded.lockdescription ioc process Framework service call android.app.IActivityManager.setServiceForeground flashing.downloaded.lock -
Acquires the wake lock 1 IoCs
Processes:
flashing.downloaded.lockdescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock flashing.downloaded.lock -
Declares services with permission to bind to the system 2 IoCs
Processes:
description ioc Required by remote views services to bind with the system. Allows apps to share and display views across different processes. android.permission.BIND_REMOTEVIEWS Required by telecom connection services to bind with the system. Allows apps to manage phone call aspects such as call setup and notifications. android.permission.BIND_TELECOM_CONNECTION_SERVICE -
Requests dangerous framework permissions 20 IoCs
Processes:
description ioc Allows an application to access any geographic locations persisted in the user's shared collection. android.permission.ACCESS_MEDIA_LOCATION Allows an application to read image or video files from external storage that a user has selected via the permission prompt photo picker. android.permission.READ_MEDIA_VISUAL_USER_SELECTED Allows an application to read video files from external storage. android.permission.READ_MEDIA_VIDEO Allows an application to read image files from external storage. android.permission.READ_MEDIA_IMAGES Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION Allows an application to read the user's contacts data. android.permission.READ_CONTACTS Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION Allows an application to access any geographic locations persisted in the user's shared collection. android.permission.ACCESS_MEDIA_LOCATION Required to be able to access the camera device. android.permission.CAMERA Allows an app to post notifications. android.permission.POST_NOTIFICATIONS Allows an application to record audio. android.permission.RECORD_AUDIO Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE Allows an application to read the user's calendar data. android.permission.READ_CALENDAR Allows an application to write the user's calendar data. android.permission.WRITE_CALENDAR Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW Required to be able to connect to paired Bluetooth devices. android.permission.BLUETOOTH_CONNECT Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/storage/emulated/0/.base.apkFilesize
56.8MB
MD58c5a8a5543509a20f79de96ac53fe4e5
SHA16a58abfecf85940811517d6b44a2abeb4b4514dc
SHA256eb19c045b8a70e71e69c8773a96656ed17f6ff4ab8fd3d1e2d4f3cbc0ccc4b54
SHA512523bc59e9acea6907fc57ab26b019b9fbd9e138f708aabc8fd4d5585f24e0a45ae7a877dadc22c51e24a863a849f4f4d29e4b8f36a9ee6eb22e2a852117dbdcf
-
/storage/emulated/0/Config/sys/apps/log/log-2024-03-31.txtFilesize
25B
MD5ba30336bf53d54ed3c0ea69dd545de8c
SHA1ce99c6724c75b93b7448e2d9fac16ca702a5711f
SHA2562d6988fb5afdaafc4e33fa1f71d6f10c95ab5a49a8ec820add5b13eef05439af
SHA512eea34ca526e03349e746d3687ea660b4748f0174fe2ffdb65161e232e08630b345e03329614852ce881a71362ba68575e9dd08fa361a416e5b2fb231e21a0a3e
-
/storage/emulated/0/Config/sys/apps/log/log-2024-03-31.txtFilesize
49B
MD5cd3e28d48bc8c0bfde13cd584676abd0
SHA1775268ac94a14d568889eb9a1463244d1ba21eb6
SHA256bffd3571b59e19f616a92d0ea578996ea97b9168a761e01585347dd4b7d73329
SHA5128a900edab725a6ebdac958d149f314448155d3e01c62d813cbc5139adf39fdc96879965b5b3465119924a6ce394c303f8b74f9a1e3fb4ce33c180897555dfac8
-
/storage/emulated/0/Config/sys/apps/log/log-2024-03-31.txtFilesize
25B
MD5fd8ed43ac31bbf329c395582c15753cd
SHA13c76ee3fa79dde645c0447d6b23d6f435efb3b72
SHA256049d51bf61bf26d7b9e55391560cc23ec59d2240453ac81b87f2e81153b0fcaf
SHA51277bb10d1eeeea15fc35f7232af698c951d3f47a5fff56682bbc32f6bea9ebecc997d89ed88c6dff9c226c09446261f184ecbac9697f95799753d73a71e6c4d37
-
/storage/emulated/0/Config/sys/apps/log/log-2024-03-31.txtFilesize
126B
MD500a978be5a30a3c85a164d02a2e76db3
SHA1cfc1bc7dbf0ea45483555abfddcf7c1b54e6a10b
SHA2568914c839a7b83f4d8dc1060e93c184e9cdfe7a902dc2aff57fe100ab475a8e3a
SHA512d037ef43cff3118a5f59f331c6aa54918ce093cc63d6b85d4181eb8eab99380202037df87b3b244ad619e29e40747d14bb00524632e17d1bcf245efa34188aed