9b65728a2ec1be34bef7136e23ea795efa2532c247e179e2ecea84062f24269d

Analysis

max time kernel
91s
max time network
154s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
10/04/2024, 12:55 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9b65728a2ec1be34bef7136e23ea795efa2532c247e179e2ecea84062f24269d.apk
Size

9.8MB
MD5

ed43605e6d85c7eab473c30ec1b2271a
SHA1

a294ff5e954649bce9032b19a461216f6a1c92d3
SHA256

9b65728a2ec1be34bef7136e23ea795efa2532c247e179e2ecea84062f24269d
SHA512

21998c95516bb100ba89fdf9b345779593dae574c74b7fff16cb99754bcaf5c5cbde52be40655fb5382c9ee80ffa78050e6bccc5390e98fa77f5ed50d6adeb57
SSDEEP

196608:XA4uN1meZWhGOteVVqJbNsROw67ek7JANidV5zmnT3N:XA4un6deWb2Rrqek3uDN

Score

8^/10

collection evasion

Malware Config

Signatures

Makes use of the framework's Accessibility service 2 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion

Input Injection

T1516

Screen Capture

T1513

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.example.chatapplication

com.example.chatapplication
1⤵
- Makes use of the framework's Accessibility service
PID:5107

Network

DNS

ssl.google-analytics.com

Remote address:

1.1.1.1:53

Request

ssl.google-analytics.com

IN A

Response

ssl.google-analytics.com

IN A

216.58.201.104
DNS

ssl.google-analytics.com

Remote address:

1.1.1.1:53

Request

ssl.google-analytics.com

IN A
DNS

android.apis.google.com

Remote address:

1.1.1.1:53

Request

android.apis.google.com

IN A

Response

android.apis.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

142.250.187.206

216.58.201.104:443

ssl.google-analytics.com

tls

1.3kB
6.1kB
9
9
142.250.200.46:443

tls, https

857 B
40 B
1
1
142.250.187.206:443

android.apis.google.com

tls

4.8kB
8.9kB
16
23
216.58.212.228:443

tls, https

430 B
40 B
2
1
216.58.212.228:443

www.google.com

tls

8.5kB
8.5kB
25
34

224.0.0.251:5353

3.7kB
11
1.1.1.1:53

ssl.google-analytics.com

dns

140 B
86 B
2
1

DNS Request

ssl.google-analytics.com

DNS Request

ssl.google-analytics.com

DNS Response

216.58.201.104
1.1.1.1:53

android.apis.google.com

dns

69 B
109 B
1
1

DNS Request

android.apis.google.com

DNS Response

142.250.187.206

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Discovery

Lateral Movement

Collection

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.example.chatapplication/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.example.chatapplication/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
7090a7d20625c51fa3e8b8a6530ae02e

SHA1
4dcc056dd9d26dedec54486c4945699a1fc9f1b6

SHA256
f8207d8480fe21478aa432a9734b8142ede933a7f66c5dc538cd1fb32001c281

SHA512
430d74d6b5ec967acd677ace6cc44a662bd824eaf1ee8440d9ad2d8efeca8e44504de47897ada21e8c5ab7ced16ce08450d471a94176218e286fa2b94ff49b3f

Download Submit
/data/data/com.example.chatapplication/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.example.chatapplication/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
bedb5dae95c098dd8dbe460ea020a099

SHA1
125c2af38ef793f4d516f3d5b7cb42a1e51a272d

SHA256
1129f99a75bf0f5eeb1dd7e34547de4b02a2bb871bbbd0ff7ee4f539b64c20b4

SHA512
6d2c78b370ffc132bd71f06de90c7830be9a7ee3eb759adebed65c242ac833be451d241533741df207c383a484e558ba28c41e068171ce3008c7eb3a7fa5d307

Download Submit
/data/data/com.example.chatapplication/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
92b69d5ff4448c969dacd949c0db2989

SHA1
987af3dd717a11453d1894371575bf6e502ad0b3

SHA256
1654096b99a5a4313398cf058baba295f2368d14c9c10e869413eaa64799c925

SHA512
fd04183437ab629bc99532ff09c1f61a010a0c1fdfcf9c01fa5a8c38510e2503f5d63dc0dd828a4847307aff8d55b029ba758030f3f60b0732d8a8b368889871

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.