Analysis
-
max time kernel
306s -
max time network
312s -
platform
android_x64 -
resource
android-x64-20240221-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system -
submitted
31-03-2024 14:52
Behavioral task
behavioral1
Sample
ready.apk
Resource
android-x64-20240221-en
Behavioral task
behavioral2
Sample
ready.apk
Resource
android-x64-arm64-20240221-en
Behavioral task
behavioral3
Sample
ready.apk
Resource
android-33-x64-arm64-20240229-en
Behavioral task
behavioral4
Sample
ready.apk
Resource
android-x86-arm-20240221-en
General
-
Target
ready.apk
-
Size
53.6MB
-
MD5
e29997bcbd59a9299134bb762959fa4c
-
SHA1
2b27ce92fe1c8baf7332805bcb2cf923b491cac2
-
SHA256
f5d84a3bd44d1511e00a67ae1c79f2076dc8972dc11c616d6130dc4eba0e3555
-
SHA512
70df8550eedf6bfbb35a038f87fa2fa3837f8789d3b7384c2320f823e58fee8e5d84fb28839645d81c078dd64bf67d6c10a06df9d80d9b74430cfa481fd56ae4
-
SSDEEP
1572864:NmKR/R2InCUVZbWEB7e0Uyxr8a3MAPfSbJ77m6xu:1R2jU36DRyJOLbp7m6o
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 2 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
splash.app.maindescription ioc process Framework service call android.app.IActivityManager.setServiceForeground splash.app.main -
Declares services with permission to bind to the system 2 IoCs
Processes:
description ioc Required by remote views services to bind with the system. Allows apps to share and display views across different processes. android.permission.BIND_REMOTEVIEWS Required by telecom connection services to bind with the system. Allows apps to manage phone call aspects such as call setup and notifications. android.permission.BIND_TELECOM_CONNECTION_SERVICE -
Requests dangerous framework permissions 20 IoCs
Processes:
description ioc Allows an application to access any geographic locations persisted in the user's shared collection. android.permission.ACCESS_MEDIA_LOCATION Allows an application to read image or video files from external storage that a user has selected via the permission prompt photo picker. android.permission.READ_MEDIA_VISUAL_USER_SELECTED Allows an application to read video files from external storage. android.permission.READ_MEDIA_VIDEO Allows an application to read image files from external storage. android.permission.READ_MEDIA_IMAGES Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION Allows an application to read the user's contacts data. android.permission.READ_CONTACTS Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION Allows an application to access any geographic locations persisted in the user's shared collection. android.permission.ACCESS_MEDIA_LOCATION Required to be able to access the camera device. android.permission.CAMERA Allows an app to post notifications. android.permission.POST_NOTIFICATIONS Allows an application to record audio. android.permission.RECORD_AUDIO Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE Allows an application to read the user's calendar data. android.permission.READ_CALENDAR Allows an application to write the user's calendar data. android.permission.WRITE_CALENDAR Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW Required to be able to connect to paired Bluetooth devices. android.permission.BLUETOOTH_CONNECT Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/storage/emulated/0/.base.apkFilesize
56.8MB
MD58c5a8a5543509a20f79de96ac53fe4e5
SHA16a58abfecf85940811517d6b44a2abeb4b4514dc
SHA256eb19c045b8a70e71e69c8773a96656ed17f6ff4ab8fd3d1e2d4f3cbc0ccc4b54
SHA512523bc59e9acea6907fc57ab26b019b9fbd9e138f708aabc8fd4d5585f24e0a45ae7a877dadc22c51e24a863a849f4f4d29e4b8f36a9ee6eb22e2a852117dbdcf
-
/storage/emulated/0/Config/sys/apps/log/log-MjAyNC0wMy0zMQ== .txtFilesize
32B
MD56a98507dc1c0cbea05e87ca99fb1812b
SHA1397835cc53bdd5103aa960ffb8c9be8f5da2d231
SHA25665d5b84d9221bf950f3618cc329414eed3ebb75bd4da6b8402fdc794ca32eca8
SHA512b50439e84849c2faeb8ae50aeff702e279c30c0ef9b58d140275c4704b3e09c1a035d3ef500f513991703932f29de21ff4be65b4567cab66196207da64fae87c
-
/storage/emulated/0/Config/sys/apps/log/log-MjAyNC0wMy0zMQ== .txtFilesize
56B
MD52fb93db2c80b2c3693ee27601124467c
SHA1f115776af843bf6ab195babcb2ebd8f0e63899fc
SHA256ddf3a61f655c3421d43065a6942847f9950c068d3afabd799ddbf68bda39e61b
SHA512c419f43dd6afc72d4896458416fecaed16b4dbd559e20b7bd9d19f378c42423415766ddb02ad4c5bbd0d341b97d8e0493a99bc1e85902809822aa7e73a9a8db4
-
/storage/emulated/0/Config/sys/apps/log/log-MjAyNC0wMy0zMQ== .txtFilesize
36B
MD52c4f8abe2dfd2f2e33ed0528665794dd
SHA15c9c068f805d55ea7b13c021f54dfbe71e07454b
SHA256ea2dff6d7036d8ed0f98f8a85b0bf377df05ca058a4e1b061007f36ed7122da3
SHA5126d4659a8cc48d4444b42b3a812392971e80409ac35032aaf1ee2e14bff82b6034c75eb364798aa1a56d961816038f7b615aaebb851643c50dcb79e157a645f54
-
/storage/emulated/0/Config/sys/apps/log/log-MjAyNC0wMy0zMQ== .txtFilesize
20B
MD56517749f1bbb71259067623498b5b282
SHA1a6d9677172333f7ec67d2ea8173b7b9b4959a3d4
SHA256c20b6a646d477001d042d80b3bf8fb66674dd2bbdd9ccbcbb6681502bfcf1bc2
SHA51237e556e90d4671eb629ab7c20a88a6c830da485d4087ec97cdf09fa827718550cdb0b8ca11bdac4585442a44586a82b338ecd6ee0f1178ce70a06a2cd2415cf2
-
/storage/emulated/0/Config/sys/apps/log/log-MjAyNC0wMy0zMQ== .txtFilesize
125B
MD5baf5f38f6c34ced9c900aa4c76e4f86b
SHA17ebdbcf971d608d78bc085b1284172a839054dd0
SHA256e27f1f1b43c3e4af7847826214e84f81174a5eb6fc14ff7d70ff2abfc37f8734
SHA5129ca4e264ca0320e7963d9b55bc3527971c7b7270fadd99235f338ec11ae632dc5c9f8b1dc75e05da2e43b6c46768ae06769518cd7acda8280ffd4520be040e07