f5d84a3bd44d1511e00a67ae1c79f2076dc8972dc11c616d6130dc4eba0e3555

General

Target

ready.apk
Size

53.6MB
MD5

e29997bcbd59a9299134bb762959fa4c
SHA1

2b27ce92fe1c8baf7332805bcb2cf923b491cac2
SHA256

f5d84a3bd44d1511e00a67ae1c79f2076dc8972dc11c616d6130dc4eba0e3555
SHA512

70df8550eedf6bfbb35a038f87fa2fa3837f8789d3b7384c2320f823e58fee8e5d84fb28839645d81c078dd64bf67d6c10a06df9d80d9b74430cfa481fd56ae4
SSDEEP

1572864:NmKR/R2InCUVZbWEB7e0Uyxr8a3MAPfSbJ77m6xu:1R2jU36DRyJOLbp7m6o

Score

8^/10

collection evasion persistence

Malware Config

Signatures

Makes use of the framework's Accessibility service 2 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion

Input Injection

T1516

Screen Capture

T1513

Processes:

splash.app.main

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	splash.app.main

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

Foreground Persistence
T1541

Processes:

splash.app.main

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground splash.app.main

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	splash.app.main

Declares services with permission to bind to the system 2 IoCs

Processes:

description	ioc
Required by remote views services to bind with the system. Allows apps to share and display views across different processes.	android.permission.BIND_REMOTEVIEWS
Required by telecom connection services to bind with the system. Allows apps to manage phone call aspects such as call setup and notifications.	android.permission.BIND_TELECOM_CONNECTION_SERVICE

Requests dangerous framework permissions 20 IoCs

Processes:

description	ioc
Allows an application to access any geographic locations persisted in the user's shared collection.	android.permission.ACCESS_MEDIA_LOCATION
Allows an application to read image or video files from external storage that a user has selected via the permission prompt photo picker.	android.permission.READ_MEDIA_VISUAL_USER_SELECTED
Allows an application to read video files from external storage.	android.permission.READ_MEDIA_VIDEO
Allows an application to read image files from external storage.	android.permission.READ_MEDIA_IMAGES
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to write the user's contacts data.	android.permission.WRITE_CONTACTS
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an application to access any geographic locations persisted in the user's shared collection.	android.permission.ACCESS_MEDIA_LOCATION
Required to be able to access the camera device.	android.permission.CAMERA
Allows an app to post notifications.	android.permission.POST_NOTIFICATIONS
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to read the user's calendar data.	android.permission.READ_CALENDAR
Allows an application to write the user's calendar data.	android.permission.WRITE_CALENDAR
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Required to be able to connect to paired Bluetooth devices.	android.permission.BLUETOOTH_CONNECT
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE

splash.app.main
1⤵
- Makes use of the framework's Accessibility service
- Makes use of the framework's foreground persistence service
PID:4324

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

1

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

Input Injection

Credential Access

Discovery

Lateral Movement

Collection

Screen Capture

1

T1513

Command and Control

Exfiltration

Impact

Input Injection

1

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/.base.apk
Filesize
56.8MB

MD5
8c5a8a5543509a20f79de96ac53fe4e5

SHA1
6a58abfecf85940811517d6b44a2abeb4b4514dc

SHA256
eb19c045b8a70e71e69c8773a96656ed17f6ff4ab8fd3d1e2d4f3cbc0ccc4b54

SHA512
523bc59e9acea6907fc57ab26b019b9fbd9e138f708aabc8fd4d5585f24e0a45ae7a877dadc22c51e24a863a849f4f4d29e4b8f36a9ee6eb22e2a852117dbdcf

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-MjAyNC0wMy0zMQ== .txt
Filesize
32B

MD5
6a98507dc1c0cbea05e87ca99fb1812b

SHA1
397835cc53bdd5103aa960ffb8c9be8f5da2d231

SHA256
65d5b84d9221bf950f3618cc329414eed3ebb75bd4da6b8402fdc794ca32eca8

SHA512
b50439e84849c2faeb8ae50aeff702e279c30c0ef9b58d140275c4704b3e09c1a035d3ef500f513991703932f29de21ff4be65b4567cab66196207da64fae87c

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-MjAyNC0wMy0zMQ== .txt
Filesize
48B

MD5
cbbfd3af2fe82654f4a0b79f873dfaf5

SHA1
44237a1e9aac88d0b9c6deba1eec8eafce0709e2

SHA256
df687743943bebd4c48a41e1dbe7426b8e2f99d930a2abfc8bd3848c4e2ed660

SHA512
94f137d8033661934a66cc2219a1e99e63d2a81eebb09f703bd233bf459b5172c9c2b2afc29e59bab4ea33e4841a3c235397678c6cd32074180574aea37aed02

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-MjAyNC0wMy0zMQ== .txt
Filesize
24B

MD5
19e9022a0237abfcb41de0da45b6cdc8

SHA1
cfcb8500f6e281eb42e54dbf472cc05fefdf55ac

SHA256
6a3ed19be60f504848d404f19e7c3dc35b0e2d623fab204e02d6aa93acc0c4c3

SHA512
bd02400d5f3f91054f1bf60ccc35457d6f3d83fccae18b3fbbe22b81c5fa86e430d2886685a6a7777c5714d25b16499be31ce86097e64d3b878c04d89dd2aec6

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-MjAyNC0wMy0zMQ== .txt
Filesize
401B

MD5
ad2ab7f708e5ebc48e030e04eaae74b1

SHA1
343a2d8c3b6582088b5ce4bb1cfdef9de21ade21

SHA256
2a84676a29e2509df386d65793593012bba673063cea4d2dd528c0190414d562

SHA512
ae1c8859e587809e70d6a839f696bebd0a2c7b1c79992ca82de206cc97a03f8cad989a85f6e51769bba1cbe94dfacf91edc3c190fa55a8cdcdbbbc789d631347

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads