Overview

overview

10

Static

static

6

a68281c334...b5.apk

android-9-x86

10

a68281c334...b5.apk

android-10-x64

10

a68281c334...b5.apk

android-11-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    160s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240221-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
  • submitted
    01-05-2024 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a68281c33408fd04d6ff24bbaa2df6935ada43d1d6e73189a8194ba3fbd527b5.apk

  • Size

    2.8MB

  • MD5

    a10c88c3486329a3677ea4bb80e2284b

  • SHA1

    be03b6866607b54f05a5661325660f7a5161dbc3

  • SHA256

    a68281c33408fd04d6ff24bbaa2df6935ada43d1d6e73189a8194ba3fbd527b5

  • SHA512

    a1bd58587c3ed5b31ffe891ed32a32a3b88d1b61160ef52681f0013c6a67d5ad7a54489a4ece012fa0c03283f7b931c2168fa7f7ccbed995e5793dd6bdc6814a

  • SSDEEP

    49152:iTIBfxPaeHGCSMaWZSWrqFZ9/oCpM+zfzXdQAxRVujyJS+T0q7qfQyR+6ttrRw:iT+fxPaeH0B1VrGiRVUyw54yE

Score
10/10
hookcollectioncredential_accessdiscoveryevasionimpactinfostealerpersistenceratstealthtrojan

Malware Config

Extracted

Family

hook

C2

http://176.100.42.11:3434

AES_key

Signatures

Processes

  • com.wirigacetoze.yuwazu
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Checks CPU information
    • Checks memory information
    • Loads dropped Dex/Jar
    • Makes use of the framework's foreground persistence service
    • Obtains sensitive information copied to the device clipboard
    • Queries information about running processes on the device
    • Queries the mobile country code (MCC)
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4426

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Hide Artifacts

2
T1628

Suppress Application Icon

1
T1628.001

User Evasion

1
T1628.002

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Process Discovery

1
T1424

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.wirigacetoze.yuwazu/app_DynamicOptDex/PKYxWX.json
    Filesize

    705KB

    MD5

    758f2306a80b4f1fb18ebb52abf5694d

    SHA1

    dc006c95d0ccb09c1c6ec9da72ce32ec8299f7fa

    SHA256

    9067c8538c67eaee28346cec3e222f39ed32bb9e08e7b22d12962516f61a9222

    SHA512

    fcf5f1c5fae54337ea32c95b544358bb6cc380e02ac37e12331d94c1f483744216dd81e1cd80c63f0fb2f36b3c6361e35e510474f8fd8e55438639e7ba051267

    Download Submit

  • /data/user/0/com.wirigacetoze.yuwazu/app_DynamicOptDex/PKYxWX.json
    Filesize

    705KB

    MD5

    df058f1ae6a32a19f50a213fa8774804

    SHA1

    ee6ee53975b57756fd86bb6bffe83ae8d581e252

    SHA256

    3a18c67faf537283e187310614d6acef46c4392f7a33520da3419dfb1633b8a2

    SHA512

    afd9502c7f29e3ce97b4888aabd33d24443dcbf38b87c03a27c634fdce74c700d10b4c5788db4eb27ab2808e4f6fee862ad2f5b50277adde96575a2168b8e3cc

    Download Submit

  • /data/user/0/com.wirigacetoze.yuwazu/app_DynamicOptDex/PKYxWX.json
    Filesize

    1.5MB

    MD5

    625f582689b89479997507f9805e6f4a

    SHA1

    0f98b131a7ab157d319c4cbc0443cb3726993706

    SHA256

    7ee6e8208623447487d48a3a0d476826e470718baf81cbac74eef2f4d50499ff

    SHA512

    3d1d36de17e37d5861d9a83de01b0b3b9509c41b3f1cf1954b404e149a65cc37fd209a458140e7877795c9448d61d050051b615d461bdb53d32a57b6fc322211

    Download Submit

  • /data/user/0/com.wirigacetoze.yuwazu/app_DynamicOptDex/oat/PKYxWX.json.cur.prof
    Filesize

    2KB

    MD5

    6216b7c8db106d2b80dcfc0486138573

    SHA1

    30d09be3817b67308395e7078670c4bf4bf34c82

    SHA256

    503fd34c1acf9ac6edb1df909a59c564ddfbcd931900ba846921c732f44366d6

    SHA512

    9ef5a68e4af1d5bde2759cdd04a425bf540223d0b0411e2cdd3d6fbf14fe2c5300cc0228d910151601d5b3d8527fcc3977a7a6f4df2897abdf6480b4d4270276

    Download Submit

  • /data/user/0/com.wirigacetoze.yuwazu/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    7e858c4054eb00fcddc653a04e5cd1c6

    SHA1

    2e056bf31a8d78df136f02a62afeeca77f4faccf

    SHA256

    9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

    SHA512

    d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

    Download Submit

  • /data/user/0/com.wirigacetoze.yuwazu/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    9e132310f390d2885daa2c038db745c5

    SHA1

    17da5aa9fce595ccbc76550be8c2a025c7071f47

    SHA256

    406466da10b1c7cc13fd62095c37d1fff88ca3d1367a89969e3dbcb4b4c928f4

    SHA512

    e8a51c76c13dbfa4f523ac8fa6ded3336c9a5ecc9fc8f2c086fb09e07964977154ce3ed89cb4eecf053aa74ff73244fa0b1e2ed1036a9b3eca60a1d56e969997

    Download Submit

  • /data/user/0/com.wirigacetoze.yuwazu/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/user/0/com.wirigacetoze.yuwazu/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    83a98156fb930f1c3654bd16d6139406

    SHA1

    0fd712516e84d4a5aa96f280097114057b906124

    SHA256

    c5b472ab190237615b41258405f8d2e92e8614e0539575c824ef344a2a9a3cb1

    SHA512

    5c734fe4c04758b2b912ed1f9c53b5bee656ccba754be51311b63e6ddf202eb4d0ebbed5bbfc3b64dc23cffcc28487cb4ac838419ba8be23f1fda862dec17458

    Download Submit

  • /data/user/0/com.wirigacetoze.yuwazu/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    03d98ee08d908748307ac5686b5bb9cc

    SHA1

    cc691de8b4f7128456dd02cbd14b5cc9a39fd0ad

    SHA256

    30eab360be0079cce172cc9315c13274f1dbb78bdffb685616c5c8ce6e020ff9

    SHA512

    e243eb342aaababeb21b881f59d43c95a91babd893bfc467356bdbc76d0db41aa7b2597e03527d199cb7ff823aa65812bdbccf82de545484ee6719f2a38bfd61

    Download Submit

  • /data/user/0/com.wirigacetoze.yuwazu/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    31339cd6734f183bebc84aa6643128fd

    SHA1

    98729a589b101bda460eeb2d8d0f6462c8815b86

    SHA256

    6bffe9f8fcbb188d816d97fee594b281b5b2fb2e8bee1cc803ee8dc5843fc51d

    SHA512

    d99241bdbfeab48c46e33ed1de4e35183f45bd3815d427e0844c8484afb00c47accd9fe7f41ef599d928a358da14b5b40a3252489b8e2eeb0c6fb40f63795578

    Download Submit