Analysis
-
max time kernel
61s -
max time network
134s -
platform
android_x86 -
resource
android-x86-arm-20240221-en -
resource tags
-
submitted
17/04/2024, 22:05
General
-
Target
6cdcb5f901b60311b05acff5a5e1ac9891ded28be68b1a8700c49225e3491ac7.apk
-
Size
108KB
-
MD5
9e5d676d139da14a866acd2efb3f4f15
-
SHA1
325f1b7d0d6e88279ad627defcd3e572d1a6915c
-
SHA256
6cdcb5f901b60311b05acff5a5e1ac9891ded28be68b1a8700c49225e3491ac7
-
SHA512
d66c791c9bbddfc44581bded4ed1acc9a4447984e006dcf4cd94e903cd64004530ec065168cecb7ebf282ab6c3f514387b35aa04f3371a7f7ec211432ca63dee
-
SSDEEP
3072:WI8S36F3cWXftSjpRR6Q6b+IgiTN4aChnMH:9RqF3hS1S+PNFMH
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 2 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Loads dropped Dex/Jar 1 TTPs 24 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Requests enabling of the accessibility settings. 1 IoCs
-
Acquires the wake lock 1 IoCs
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
Processes
-
qrbc.dmxij.ftau1⤵
- Makes use of the framework's Accessibility service
- Loads dropped Dex/Jar
- Makes use of the framework's foreground persistence service
- Requests enabling of the accessibility settings.
- Acquires the wake lock
- Requests disabling of battery optimizations (often used to enable hiding in the background).
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
33KB
MD54580a419140c6c33a9529891bef48988
SHA1d39bff3388d7f38a56af7bb7d2678fc04503630f
SHA256431b7f40bb0a0cbd18f65e9cd4236a0aed6966584dceb07dcee4e7089d569c5d
SHA5129baf16c66dc81df77cb133135f281f97b85769c64acf8718e8ef9bfbca3281f0b35eae5500c9c838f21e3b203c32203d42bc3d3fff4ef8723b0789cef3c1e11c
-
Filesize
31KB
MD50af34c5e5a44c1e694e7721364d593b9
SHA1cf5b6fb5535c84c57fa74d0905c5c90a3a1782dd
SHA256478c30737f9f70d714b41c8ebe0331ef702af1e840a6507650edeb58d14b2af4
SHA5121cf5f885e427c51f9df7da0e193c51852830ffb2fc5999e1d3c9408373f4b1a0753fbe078ffaade0f024e51f1d109a2e1f57af18b694a6e25d14f8608e502557
-
Filesize
67KB
MD5699db3dff24e016474236b48f271be47
SHA14a13a12175e0927a6d2c52f3276e3d556df9971a
SHA2568dec0ca9a3624786e82eb9a563f4e01a46e6e22ea2c433b345f023289ad1d6e4
SHA5127ac9791c379face285c1eb221eb9161c87a2dc5d3c004743f673735f04472fb35c75d1c73d35329b41223c4c95aabd9fcd8280ad7a42a95b06ed1ce887d69032
-
Filesize
28KB
MD5a752b63bad0ae30b637934b8722b2f0d
SHA10fc1a130456af8d32a7ee31c6e33a2ef8b4eabf2
SHA25682bece2c85d0bde5aa77bfea081c5582b079d67c896d97790cad6350e5fd1b53
SHA512c5d943db5d0f3d28bf3ca18d66d8568ed69c0d59c6ab08a0953d1a855eb98d42253163f8881e5a7ab73f98b0deb527007034536b18c26bdf45fa69cdc878d148
-
Filesize
109B
MD55adcec6d47c1b6f5e78d4ee7f985426c
SHA1549f310faffa677c1ff9bdde8e17adb24b5893f0
SHA256a6032f8f6d4c0731af467adbb79a70eb745390d871e3936bb74b3a32dd6ac7fc
SHA5121e863b55c3a6dac764d88968c8105e4c6af65186b47238fc8cc47fdc9e31810f4ada67af8005b0a73f8a2106ce3b290a3ed9be9e0878a852128c8b4ffa42d970
-
Filesize
149KB
MD5e145e2614c4048608ca4c5a556386ce3
SHA1d97761f6735996d51df27b06f5585b7a5a77edbe
SHA256d0d4976d6b46c10e22c80483ec9212b1e16a006719bc91c06c62cf3ea4dd8f0d
SHA5120325bd724fe68908b007a3240a837ccf4b7460de3b1f404fd4498a9ce28008e1fe94ada531d3e8554348b475718668f0d623cb855a216a313af097716857dd60
-
Filesize
161KB
MD5567e42e357f5501f41aedca9bb4af742
SHA16ffa58427328516a8c06abbb6cf87a6926ca7842
SHA256dba9bcf4ed18afc5d3c799e98bdbc399129dad575bf1528aa0c77fafcd6c8625
SHA512533b6ac888b1401f5cbc41271510732f6cf816c0873373af69944990cd9e9f17577db846f7d6d9e1088c432c88136ccb50588638987ceb581939e6c6d89d1bdf