Analysis

  • max time kernel
    1794s
  • max time network
    1801s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240229-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240229-enlocale:en-usos:android-13-x64system
  • submitted
    05-05-2024 19:53

General

  • Target

    GCQOFN.apk

  • Size

    2.0MB

  • MD5

    91e7f991651aadb0bba46ee9385b46ae

  • SHA1

    ea2e2434143f42a0f450e9b41e538a9cdd119937

  • SHA256

    28431e848e6560ad8fc37e3fdba704548af3977e8ec9c9b5cc877955455f993e

  • SHA512

    7a1a05ac4ba6d65588d0012df7be29df04a7e06763814133f21d275d00b8857a5cc356e694aaea7c63dc14f226d6e328008912156924e0ab65dea2a7c19d7af4

  • SSDEEP

    49152:Z73fx7xKnOWUTO4Kq3nfOAzvnc21zgeFTplk:NxxKnWvKUnrzv11zgOk

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Requests enabling of the accessibility settings. 1 IoCs
  • Tries to add a device administrator. 2 TTPs 1 IoCs
  • Acquires the wake lock 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 30 IoCs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

Processes

  • com.example.dat.a8andoserverx
    1⤵
    • Makes use of the framework's foreground persistence service
    • Requests enabling of the accessibility settings.
    • Tries to add a device administrator.
    • Acquires the wake lock
    • Checks if the internet connection is available
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4262

Network

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads