Overview

overview

10

Static

static

10

123.apk

android-9-x86

8

123.apk

android-10-x64

8

123.apk

android-11-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    22/04/2024, 15:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    123.apk

  • Size

    728KB

  • MD5

    ed50ee1a0d62659e47d3a2c96d41ed70

  • SHA1

    30763093d9f89e4e888d14fb82084d503e9c6588

  • SHA256

    ce2a872bd0c05cf4b0dc890b84f83ce44ce7cfd51be1e5b06c520c342de56bb8

  • SHA512

    b8377ad2d3d2018052e110467aeba736115704c3f8287b939a86d2cedd642ca02069817546156d86da80cda8f40dc97235f6758376bf09928181ade64981a8da

  • SSDEEP

    12288:0ylrYHLbPr19trCNhGUd1w154JMGRiusT3cgtN0Frm/6Rq21OgHsWVfrVQsZtWDq:0owpjeNhzd1wmPAHT3SFrm/GNLfjQbN0

Score
8/10
collectioncredential_accessdiscoveryevasionpersistencestealthtrojan

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Requests enabling of the accessibility settings. 1 IoCs
  • Acquires the wake lock 1 IoCs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion

Processes

  • com.appser.verapp
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Checks CPU information
    • Checks memory information
    • Makes use of the framework's foreground persistence service
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Requests enabling of the accessibility settings.
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4248

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/Config/sys/apps/log/log-2024-04-22.txt
    Filesize

    24B

    MD5

    838e4d37ab5381226b80669f53b6cdf8

    SHA1

    bd3abf77a889bb815309a466b8513565822dcc71

    SHA256

    fc6f55e7c3453eb232c72dbbb79e66872efdcaa5c26f23421e08b0e5e7ebfc1e

    SHA512

    40072caf9331b2ba507a29df33666bca9dcb9369a37414a701893265a45db99ce0e4c4d2e04080ec5e315a854d11f18a42854d5912d63c807602deab22a1c091

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-04-22.txt
    Filesize

    20B

    MD5

    10912098551035eda31247c3874768dc

    SHA1

    be92f15c841834098fa79d5d8f24a3c6312e281d

    SHA256

    2c933e5483805e094032598e3013cdd0fefb8f6fcfb846104a5177348d88328e

    SHA512

    90301e3cd5c454ce8b2051471966e3d64190318cd8d99710ad257fb8b22826d6e51db55e73a29af61a027ee4aa7b7ba57a418192dfc37b26e790158f87ea7a68

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-04-22.txt
    Filesize

    20B

    MD5

    50a7bebf1e8745a1ae446156a38f8d43

    SHA1

    7bfd95c0385184c27a167c94ec34c339c5fe3aea

    SHA256

    7108981be72a47a7cb20a3eeb0823b5cbefe35fcc2ba2fbebc164178435b72a8

    SHA512

    e04dead96ad3247aa3cb860c58464723356ed77dca48b4491797923b46c46caa56aab75f2a7d4ea40201c5003bf7777081b58c54f8ea93c9a6dc096de9657fa2

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-04-22.txt
    Filesize

    36B

    MD5

    44abbff4966121dce248678525d33bea

    SHA1

    bc3259c60f8bdad0e950f4f960cd895a1c007769

    SHA256

    42cfbc29439b1ba6ce656d375cf28baf58dfe183bc7395970971ac9de3504faa

    SHA512

    300b446925a137c5c5501df53fa6d0550481bc6da8bbe0b2449d3caca0e37032b918e7ae87a45f717d0dbecfe65239f492b89fc2e77b49c6beb0ce3dd545c5b2

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-04-22.txt
    Filesize

    271B

    MD5

    97bdb975f203cb21d852103282a0f8bd

    SHA1

    7aa600df007627b2267381764442746a7221056a

    SHA256

    fdff2994efd5a31208ed41a159e8cb8ce9d89be7a1a0a77840d97ef987d2b74a

    SHA512

    ded8c9b6aac1a47c128e2561ed99ea278875d226ce47bedd7f58faa33389be1da5aa92216cf5ee0167c0b6aadc19af4074ee1ffa1f5d96ab54118aa0e0c68b04

    Download Submit