Analysis
-
max time kernel
169s -
max time network
181s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
19-05-2024 22:04
Static task
static1
Behavioral task
behavioral1
Sample
402099e936e9ce58a39e8c5b7f288711f8c03d39bfba4f10323477f7f697a777.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
402099e936e9ce58a39e8c5b7f288711f8c03d39bfba4f10323477f7f697a777.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
402099e936e9ce58a39e8c5b7f288711f8c03d39bfba4f10323477f7f697a777.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
402099e936e9ce58a39e8c5b7f288711f8c03d39bfba4f10323477f7f697a777.apk
-
Size
563KB
-
MD5
d30fe7c78c8a89517e19ed4ad6b19fdd
-
SHA1
dd07e18f2b5e70ca81dcabbf9de9724b93360917
-
SHA256
402099e936e9ce58a39e8c5b7f288711f8c03d39bfba4f10323477f7f697a777
-
SHA512
dc6ce1996ab40608eb080fd0ba925df5ff67bca1f2b9ccea4d2aac0c29a708751cfc6345bd43bbb8efe1bcb45a165af8f0131b57ef16fe458aec8e3acd1e51c7
-
SSDEEP
12288:SDQqwzmhYAjyf11QUH3McJsRohAqZ/3GlhjEjdUVQ9yFhsdIvz0:SJwuJ+/QUH3McJnAqBK1EjapsdIvY
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
Processes:
com.spacex.mmobiledescription ioc process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.spacex.mmobile -
Prevents application removal 1 TTPs 1 IoCs
Application may abuse the framework's APIs to prevent removal.
Processes:
com.spacex.mmobiledescription ioc process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.spacex.mmobile -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
com.spacex.mmobiledescription ioc process Framework service call android.app.IActivityManager.setServiceForeground com.spacex.mmobile -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.spacex.mmobiledescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.spacex.mmobile -
Requests enabling of the accessibility settings. 1 IoCs
Processes:
com.spacex.mmobiledescription ioc process Intent action android.settings.ACCESSIBILITY_SETTINGS com.spacex.mmobile -
Acquires the wake lock 1 IoCs
Processes:
com.spacex.mmobiledescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.spacex.mmobile -
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
Processes:
com.spacex.mmobiledescription ioc process Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS com.spacex.mmobile
Processes
-
com.spacex.mmobile1⤵
- Makes use of the framework's Accessibility service
- Prevents application removal
- Removes its main activity from the application launcher
- Makes use of the framework's foreground persistence service
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Requests enabling of the accessibility settings.
- Acquires the wake lock
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4246
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Foreground Persistence
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
24B
MD54d5a48292f29cc6a75c6d2751c5235b1
SHA10f0a956c2eae1fe88ffa0c1e453249c5248bda2f
SHA25603d692172837703b224e166184df3c2f38d1d380750de95043bd4511b618fbdb
SHA512596ddf6ec2a43fa2967208093cee51b91567a430a45ec7f987f69729e4149ff84be15f92f69bc7ae5bd1de59550e442928f248f6161664cacf81676cf101f550
-
Filesize
8B
MD58f1505402158af487c864c20d084a33d
SHA1182737449d0c2299bf0d1706d47bc1c52aeb6420
SHA256e9b6b79802538f23c951808c945b323e2ca1e92129d854111fac675598a61d2a
SHA51299d239b26387f5ce6874582db9655fbb966bc8e3c3ce552fbd2ac5f9dfd9705b96eeff03a15266cc4f4126f0e92c2eda4ba841fa7b4ed599a2dff54d421cd9d6
-
Filesize
508B
MD502dfdda9302874d7e041994fe11ba307
SHA18348c24f5edf9f0193f362c483c83a7807fa3c40
SHA256a85cf46a39a20dc04557f47f5084a517b87cfad4599d28a7c59518e6c1c23857
SHA512df51c5a819ed9689ba866d5add070f116b90910af95a0921297dbf132d75da877d1a327685c614ff59af46fb1d523fa6f609669a3f5690f775dd8fdea91e8364
-
Filesize
1KB
MD5006b1dc43d7569af6c3c2bcc293757f9
SHA17fb046e881d8f47cdb9a04394e0ad937964fd7e4
SHA256fe2ae33aca4b7b53bcbf2d03fe9290a94ed5ec637dbfa7ebdb9cd5c3a5141069
SHA512c13bf4568b0c14d3dd76ee5875bd10b294de7de3e26914753033f605eddebfc1762e2137a0590e4f9eaddbc499ec732b6c5955152029f11c0967aa722111a7db