Analysis

  • max time kernel
    48s
  • max time network
    184s
  • platform
    android_x64
  • resource
    android-x64-20240514-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
  • submitted
    19-05-2024 22:04

General

  • Target

    402099e936e9ce58a39e8c5b7f288711f8c03d39bfba4f10323477f7f697a777.apk

  • Size

    563KB

  • MD5

    d30fe7c78c8a89517e19ed4ad6b19fdd

  • SHA1

    dd07e18f2b5e70ca81dcabbf9de9724b93360917

  • SHA256

    402099e936e9ce58a39e8c5b7f288711f8c03d39bfba4f10323477f7f697a777

  • SHA512

    dc6ce1996ab40608eb080fd0ba925df5ff67bca1f2b9ccea4d2aac0c29a708751cfc6345bd43bbb8efe1bcb45a165af8f0131b57ef16fe458aec8e3acd1e51c7

  • SSDEEP

    12288:SDQqwzmhYAjyf11QUH3McJsRohAqZ/3GlhjEjdUVQ9yFhsdIvz0:SJwuJ+/QUH3McJnAqBK1EjapsdIvY

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Prevents application removal 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to prevent removal.

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Acquires the wake lock 1 IoCs

Processes

  • com.spacex.mmobile
    1⤵
    • Makes use of the framework's Accessibility service
    • Prevents application removal
    • Removes its main activity from the application launcher
    • Makes use of the framework's foreground persistence service
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Acquires the wake lock
    PID:5140

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.spacex.mmobile/files/profileInstalled

    Filesize

    24B

    MD5

    ef0d6faaf9e6691639b4f5b8bde383ed

    SHA1

    3f4f262957f0ef6dc4a6d5fe450c7f8b47e6a2a8

    SHA256

    02f9b6e8868dfbe5ae56664e3c27fc4c00c89a306225c8fd99b919a20c48670b

    SHA512

    c6bb288d33325cd376c47143dcb6fe349b2db2beaaa266deb9412e1923d046ac765aee392007388acb08631a4bb5e4c1eb5039916deff4fdbf9a6c560b227eac

  • /data/data/com.spacex.mmobile/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

    Filesize

    8B

    MD5

    03eebd020cafef17fb00db73abb8f035

    SHA1

    ae33808dceb2ccc9caa0abd5981f9fe0f5e79a66

    SHA256

    3f93b7e142d0e2ca91b65b2c6d6d38c301be1c175325b16201029e04ec683ec4

    SHA512

    a4faf999814bc8d0e5af1b28d311317e1f634aaef405aa6ff270a436c5c928c1145465ef462d65a506639f1a78c9570d82d9aa063ead1caf3f2300daddef5efc

  • /data/misc/profiles/cur/0/com.spacex.mmobile/primary.prof

    Filesize

    508B

    MD5

    02dfdda9302874d7e041994fe11ba307

    SHA1

    8348c24f5edf9f0193f362c483c83a7807fa3c40

    SHA256

    a85cf46a39a20dc04557f47f5084a517b87cfad4599d28a7c59518e6c1c23857

    SHA512

    df51c5a819ed9689ba866d5add070f116b90910af95a0921297dbf132d75da877d1a327685c614ff59af46fb1d523fa6f609669a3f5690f775dd8fdea91e8364

  • /data/misc/profiles/cur/0/com.spacex.mmobile/primary.prof

    Filesize

    1KB

    MD5

    47b45599bbea5c6d2170d26ac82d4c08

    SHA1

    1de4633edd26eff1dbb7b72749a5f0551c7cf588

    SHA256

    978218ae72ee70094280f6733375e296a41cf450ed8bfb9bd69f8f6ce289e85d

    SHA512

    5eb2d23895e9b668426ba6b8e4348b1d537efd76e27745ad917d99ea88cae4a714f13b6774f2b51332fe5acd5a31bc12c56ad54e7c393000fbff1f11493404fc