Analysis
-
max time kernel
153s -
max time network
143s -
platform
android_x64 -
resource
android-x64-arm64-20240221-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system -
submitted
30-04-2024 22:01
Behavioral task
behavioral1
Sample
b44418f7d4ed2879ec9e3ea38ff483226b98547920df33ec59589cd92dd26556.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
b44418f7d4ed2879ec9e3ea38ff483226b98547920df33ec59589cd92dd26556.apk
Resource
android-x64-20240221-en
Behavioral task
behavioral3
Sample
b44418f7d4ed2879ec9e3ea38ff483226b98547920df33ec59589cd92dd26556.apk
Resource
android-x64-arm64-20240221-en
General
-
Target
b44418f7d4ed2879ec9e3ea38ff483226b98547920df33ec59589cd92dd26556.apk
-
Size
760KB
-
MD5
e22b4b25203e833480be0b3216563d29
-
SHA1
8c457e5565e468e383135de6c917e1e209043dff
-
SHA256
b44418f7d4ed2879ec9e3ea38ff483226b98547920df33ec59589cd92dd26556
-
SHA512
e7cadb690bb51a073b660e4ed929ed368bcab2767fb91b1e9266da4faa93f0f4dac056bd28901a9793cdc810406f32c4aef977af928df092cde6e5f1d4e9b139
-
SSDEEP
12288:ykYArmga1a8LdecdOcc0Ft5WmpYshXZPbGwidNpgDP:ykYia1a6ecRc0Ft5WmD9idNpGP
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
cmf0.c3b5bm90zq.patchdescription ioc process Framework service call android.app.IActivityManager.setServiceForeground cmf0.c3b5bm90zq.patch -
Requests enabling of the accessibility settings. 1 IoCs
Processes:
cmf0.c3b5bm90zq.patchdescription ioc process Intent action android.settings.ACCESSIBILITY_SETTINGS cmf0.c3b5bm90zq.patch -
Tries to add a device administrator. 2 TTPs 1 IoCs