Analysis
-
max time kernel
48s -
max time network
184s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system -
submitted
19-05-2024 22:04
Static task
static1
Behavioral task
behavioral1
Sample
402099e936e9ce58a39e8c5b7f288711f8c03d39bfba4f10323477f7f697a777.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
402099e936e9ce58a39e8c5b7f288711f8c03d39bfba4f10323477f7f697a777.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
402099e936e9ce58a39e8c5b7f288711f8c03d39bfba4f10323477f7f697a777.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
402099e936e9ce58a39e8c5b7f288711f8c03d39bfba4f10323477f7f697a777.apk
-
Size
563KB
-
MD5
d30fe7c78c8a89517e19ed4ad6b19fdd
-
SHA1
dd07e18f2b5e70ca81dcabbf9de9724b93360917
-
SHA256
402099e936e9ce58a39e8c5b7f288711f8c03d39bfba4f10323477f7f697a777
-
SHA512
dc6ce1996ab40608eb080fd0ba925df5ff67bca1f2b9ccea4d2aac0c29a708751cfc6345bd43bbb8efe1bcb45a165af8f0131b57ef16fe458aec8e3acd1e51c7
-
SSDEEP
12288:SDQqwzmhYAjyf11QUH3McJsRohAqZ/3GlhjEjdUVQ9yFhsdIvz0:SJwuJ+/QUH3McJnAqBK1EjapsdIvY
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
Processes:
com.spacex.mmobiledescription ioc process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.spacex.mmobile -
Prevents application removal 1 TTPs 1 IoCs
Application may abuse the framework's APIs to prevent removal.
Processes:
com.spacex.mmobiledescription ioc process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.spacex.mmobile -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
com.spacex.mmobiledescription ioc process Framework service call android.app.IActivityManager.setServiceForeground com.spacex.mmobile -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.spacex.mmobiledescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.spacex.mmobile -
Acquires the wake lock 1 IoCs
Processes:
com.spacex.mmobiledescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.spacex.mmobile
Processes
-
com.spacex.mmobile1⤵
- Makes use of the framework's Accessibility service
- Prevents application removal
- Removes its main activity from the application launcher
- Makes use of the framework's foreground persistence service
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
PID:5140
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Foreground Persistence
1Hide Artifacts
1Suppress Application Icon
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
24B
MD5ef0d6faaf9e6691639b4f5b8bde383ed
SHA13f4f262957f0ef6dc4a6d5fe450c7f8b47e6a2a8
SHA25602f9b6e8868dfbe5ae56664e3c27fc4c00c89a306225c8fd99b919a20c48670b
SHA512c6bb288d33325cd376c47143dcb6fe349b2db2beaaa266deb9412e1923d046ac765aee392007388acb08631a4bb5e4c1eb5039916deff4fdbf9a6c560b227eac
-
Filesize
8B
MD503eebd020cafef17fb00db73abb8f035
SHA1ae33808dceb2ccc9caa0abd5981f9fe0f5e79a66
SHA2563f93b7e142d0e2ca91b65b2c6d6d38c301be1c175325b16201029e04ec683ec4
SHA512a4faf999814bc8d0e5af1b28d311317e1f634aaef405aa6ff270a436c5c928c1145465ef462d65a506639f1a78c9570d82d9aa063ead1caf3f2300daddef5efc
-
Filesize
508B
MD502dfdda9302874d7e041994fe11ba307
SHA18348c24f5edf9f0193f362c483c83a7807fa3c40
SHA256a85cf46a39a20dc04557f47f5084a517b87cfad4599d28a7c59518e6c1c23857
SHA512df51c5a819ed9689ba866d5add070f116b90910af95a0921297dbf132d75da877d1a327685c614ff59af46fb1d523fa6f609669a3f5690f775dd8fdea91e8364
-
Filesize
1KB
MD547b45599bbea5c6d2170d26ac82d4c08
SHA11de4633edd26eff1dbb7b72749a5f0551c7cf588
SHA256978218ae72ee70094280f6733375e296a41cf450ed8bfb9bd69f8f6ce289e85d
SHA5125eb2d23895e9b668426ba6b8e4348b1d537efd76e27745ad917d99ea88cae4a714f13b6774f2b51332fe5acd5a31bc12c56ad54e7c393000fbff1f11493404fc