Overview

overview

8

Static

static

6

8e9b27cc54...83.apk

android-9-x86

8

8e9b27cc54...83.apk

android-10-x64

8

8e9b27cc54...83.apk

android-11-x64

8

Analysis

  • max time kernel
    172s
  • max time network
    181s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240514-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
  • submitted
    14-05-2024 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8e9b27cc54ffa056a203371a86c8e27dac6ed4fa7be8bc2b6f1fc1d591a7df83.apk

  • Size

    116KB

  • MD5

    b933e9192a92011eaf3c146be52c28ee

  • SHA1

    a6696713b7e99c4ce51510f18f22b7da81438ba2

  • SHA256

    8e9b27cc54ffa056a203371a86c8e27dac6ed4fa7be8bc2b6f1fc1d591a7df83

  • SHA512

    477aafec5e1b708b22b6558594c2c35fb2fb70774130197ee8b5813fe0a5cbc3a9b499742d26352f3eb6c014d95c5ca3e03cb1f52fd1c7ffa71b52902e9937d5

  • SSDEEP

    3072:VjXlQPLcr1II8by7xgOynwKx8cjm1HeyL:LQPLcnjxEnlXjcFL

Score
8/10
collectioncredential_accessevasionpersistence

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Prevents application removal 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to prevent removal.

    evasion
  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Requests enabling of the accessibility settings. 1 IoCs
  • Acquires the wake lock 1 IoCs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion

Processes

  • fuqd.ychua.fcej
    1⤵
    • Makes use of the framework's Accessibility service
    • Prevents application removal
    • Loads dropped Dex/Jar
    • Makes use of the framework's foreground persistence service
    • Requests enabling of the accessibility settings.
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4621

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/fuqd.ychua.fcej/[email protected]
    Filesize

    171KB

    MD5

    41e3c934cea82234e9621e09cbbc50fe

    SHA1

    4a10dc6583755a0aa9cdc536f736fe72e5b4668e

    SHA256

    f3d5773496372f55681c84b1a28cbd528f2421e8b1920a15a31314f7f0678846

    SHA512

    3a3c853c1dcefdf5112d0461c783758efaaa4876ddb37231228fc77611c45b02624d171e383d087d1169cf5fefca18cc689065bcbd979966ea6d96aaa8a299d0

    Download Submit

  • /data/user/0/fuqd.ychua.fcej/files/Factory/Plugins/oat/buic.dex.cur.prof
    Filesize

    173B

    MD5

    54998c5264cb30f76f8c50a89950c419

    SHA1

    49698d8188f82dab89f6a9f2cd91161812981a96

    SHA256

    cf91f23b46ee74dfa75d80256dd9b08bc5bdab18532947f1e705a2f1791ad63b

    SHA512

    af25e8900818b2329975f378e935abaf8f41a2d2654d163c912568346a92e6c1785e1d14adb7fb768845510fe4fe7e53aa5f5d244d687c71578fb45b1c0c882a

    Download Submit

  • /data/user/0/fuqd.ychua.fcej/oat/x86_64/[email protected]
    Filesize

    397B

    MD5

    6b7f05b2fdbbb93f0ac40b9bf8985f30

    SHA1

    9e84cda7e02cad0a8497ff60dce3403764a1a28c

    SHA256

    960177f5b1c56df450da54b3a9322e2ca06e1b028b0ff48273861865a4996e64

    SHA512

    773abef8afec7e7040dee552864d28ef32e2296f1ed6e5637c5736b3dd81889b15b91ce1a2f69b7ff21ac35c6034dad607f8e8c6a452a6f3ac69f92541235531

    Download Submit