Overview

overview

8

Static

static

6

6cdcb5f901...c7.apk

android-9-x86

8

6cdcb5f901...c7.apk

android-10-x64

8

6cdcb5f901...c7.apk

android-11-x64

8

Analysis

  • max time kernel
    152s
  • max time network
    162s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240221-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
  • submitted
    17/04/2024, 22:05

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    6cdcb5f901b60311b05acff5a5e1ac9891ded28be68b1a8700c49225e3491ac7.apk

  • Size

    108KB

  • MD5

    9e5d676d139da14a866acd2efb3f4f15

  • SHA1

    325f1b7d0d6e88279ad627defcd3e572d1a6915c

  • SHA256

    6cdcb5f901b60311b05acff5a5e1ac9891ded28be68b1a8700c49225e3491ac7

  • SHA512

    d66c791c9bbddfc44581bded4ed1acc9a4447984e006dcf4cd94e903cd64004530ec065168cecb7ebf282ab6c3f514387b35aa04f3371a7f7ec211432ca63dee

  • SSDEEP

    3072:WI8S36F3cWXftSjpRR6Q6b+IgiTN4aChnMH:9RqF3hS1S+PNFMH

Score
8/10
collectionevasionpersistence

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Loads dropped Dex/Jar 1 TTPs 24 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Requests enabling of the accessibility settings. 1 IoCs
  • Acquires the wake lock 1 IoCs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion

Processes

  • qrbc.dmxij.ftau
    1⤵
    • Makes use of the framework's Accessibility service
    • Loads dropped Dex/Jar
    • Makes use of the framework's foreground persistence service
    • Requests enabling of the accessibility settings.
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4468

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/user/0/qrbc.dmxij.ftau/[email protected]
          Filesize

          149KB

          MD5

          e145e2614c4048608ca4c5a556386ce3

          SHA1

          d97761f6735996d51df27b06f5585b7a5a77edbe

          SHA256

          d0d4976d6b46c10e22c80483ec9212b1e16a006719bc91c06c62cf3ea4dd8f0d

          SHA512

          0325bd724fe68908b007a3240a837ccf4b7460de3b1f404fd4498a9ce28008e1fe94ada531d3e8554348b475718668f0d623cb855a216a313af097716857dd60

          Download Submit

        • /data/user/0/qrbc.dmxij.ftau/[email protected]
          Filesize

          161KB

          MD5

          567e42e357f5501f41aedca9bb4af742

          SHA1

          6ffa58427328516a8c06abbb6cf87a6926ca7842

          SHA256

          dba9bcf4ed18afc5d3c799e98bdbc399129dad575bf1528aa0c77fafcd6c8625

          SHA512

          533b6ac888b1401f5cbc41271510732f6cf816c0873373af69944990cd9e9f17577db846f7d6d9e1088c432c88136ccb50588638987ceb581939e6c6d89d1bdf

          Download Submit

        • /data/user/0/qrbc.dmxij.ftau/files/Factory/Plugins/classes1.dex
          Filesize

          33KB

          MD5

          4580a419140c6c33a9529891bef48988

          SHA1

          d39bff3388d7f38a56af7bb7d2678fc04503630f

          SHA256

          431b7f40bb0a0cbd18f65e9cd4236a0aed6966584dceb07dcee4e7089d569c5d

          SHA512

          9baf16c66dc81df77cb133135f281f97b85769c64acf8718e8ef9bfbca3281f0b35eae5500c9c838f21e3b203c32203d42bc3d3fff4ef8723b0789cef3c1e11c

          Download Submit

        • /data/user/0/qrbc.dmxij.ftau/files/Factory/Plugins/classes2.dex
          Filesize

          31KB

          MD5

          0af34c5e5a44c1e694e7721364d593b9

          SHA1

          cf5b6fb5535c84c57fa74d0905c5c90a3a1782dd

          SHA256

          478c30737f9f70d714b41c8ebe0331ef702af1e840a6507650edeb58d14b2af4

          SHA512

          1cf5f885e427c51f9df7da0e193c51852830ffb2fc5999e1d3c9408373f4b1a0753fbe078ffaade0f024e51f1d109a2e1f57af18b694a6e25d14f8608e502557

          Download Submit

        • /data/user/0/qrbc.dmxij.ftau/files/Factory/Plugins/classes3.dex
          Filesize

          67KB

          MD5

          699db3dff24e016474236b48f271be47

          SHA1

          4a13a12175e0927a6d2c52f3276e3d556df9971a

          SHA256

          8dec0ca9a3624786e82eb9a563f4e01a46e6e22ea2c433b345f023289ad1d6e4

          SHA512

          7ac9791c379face285c1eb221eb9161c87a2dc5d3c004743f673735f04472fb35c75d1c73d35329b41223c4c95aabd9fcd8280ad7a42a95b06ed1ce887d69032

          Download Submit

        • /data/user/0/qrbc.dmxij.ftau/files/Factory/Plugins/classes4.dex
          Filesize

          28KB

          MD5

          a752b63bad0ae30b637934b8722b2f0d

          SHA1

          0fc1a130456af8d32a7ee31c6e33a2ef8b4eabf2

          SHA256

          82bece2c85d0bde5aa77bfea081c5582b079d67c896d97790cad6350e5fd1b53

          SHA512

          c5d943db5d0f3d28bf3ca18d66d8568ed69c0d59c6ab08a0953d1a855eb98d42253163f8881e5a7ab73f98b0deb527007034536b18c26bdf45fa69cdc878d148

          Download Submit

        • /data/user/0/qrbc.dmxij.ftau/files/Factory/Plugins/oat/nwhd.cur.prof
          Filesize

          131B

          MD5

          b026d1b5d01ea1eb1c3c7d98e9224628

          SHA1

          4fef14c3bfaea0d860ba41ee398346ec05035bee

          SHA256

          a4da77894e589200cfd8292869a015c7409ede8fb41e47c6a3cd38ac84386e4d

          SHA512

          7624ed6ac1c4d7980e3cb3a6544eb03f0ee7dad8934d893e99a48c5e4438d1dc2e37a3f170265ae9283703565061f8c149df95310a43c140e5014c93826be8fa

          Download Submit