1e7db2759852e04e2cbe3b68e7490489f561b46cd693e2fceb4a61c15a732b9d

Analysis

max time kernel
149s
max time network
138s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
29/04/2024, 05:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Gta.apk
Size

720KB
MD5

6b4a2a223eadda8e24b39456dfc51e71
SHA1

ad4cf20ad940ea309fbe8688407c4e4790ef2f3d
SHA256

1e7db2759852e04e2cbe3b68e7490489f561b46cd693e2fceb4a61c15a732b9d
SHA512

7d0585d3423b1e6a4f3f96201267debd05f36b720040c51e740dc1cc819c9458ac674b6bea402261956408a08d0503a39c8354f1e816141c8005c155bea0986e
SSDEEP

12288:/btZ7ieCoVBaUt+aLMwyJH9xwBZMIg4z/usT3cgtN0Fj2C6M6Rq21lgxStWD2t:/5cIVsaKZ9xwoIg4z/HT3SFjJ6MGNWLk

Score

8^/10

collection credential_access discovery evasion persistence

Malware Config

Signatures

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.semi.translator

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.semi.translator

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.semi.translator

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.semi.translator

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.semi.translator

com.semi.translator
1⤵
- Makes use of the framework's Accessibility service
- Checks CPU information
- Checks memory information
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4236

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/Config/sys/apps/log/log-MjAyNC0wNC0yOQ== .txt

Filesize
32B

MD5
46bf0bbf0abc12118b576f676f78ec6a

SHA1
d1eaf7ef1de95dfedb7da171a2723770c41eea9f

SHA256
4de2fb57ffb12fd8d9cf3a5b359e2524ac94604e69067e5ef93c3bd35d4da801

SHA512
b2976a751a7ba9fa9a698cee5f3c319cdc774f39a953a86ea671856863fd9e84e1b72f4aa1107c4466399fc55522015ea0b36453b2c152a5b2d4623ff43bb12d

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-MjAyNC0wNC0yOQ== .txt

Filesize
24B

MD5
6d2305ffd70dc5c3757147426ecc7d2f

SHA1
695312859c08fe33aa5158a2860b8af9b485b132

SHA256
5a7a6422c077bccd091b7894a5efefcb680da0dbb09cb0d440b60f98f9f27b67

SHA512
6d67fbb57a06d966a70897277db9599996fef51ab8d7b600f14c02b94a7e76d080eeb30040f9ca6442b17f0508f8cc165467bf0def6bc4ecfacc6c157ed39a8a

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-MjAyNC0wNC0yOQ== .txt

Filesize
24B

MD5
29c9a7f7fd7bfc854dcea30683ef40a1

SHA1
64edc693130136957bd9053b5eee651912df6b9a

SHA256
4e732bb8a01846ab7501f5847889eeb8b359acbc3ce5fc71d53a47d2a9ae0b6e

SHA512
85285cef04719745b3bd622d158a8b718ee4d8c9e8ca29bb2e2891cf9547d48dc0c1b7430f90c53da8a478c2e36dd77e0910c7c5b668ba160fcfda6e31033900

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads