Analysis

  • max time kernel
    48s
  • max time network
    184s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240514-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
  • submitted
    19-05-2024 22:04

General

  • Target

    402099e936e9ce58a39e8c5b7f288711f8c03d39bfba4f10323477f7f697a777.apk

  • Size

    563KB

  • MD5

    d30fe7c78c8a89517e19ed4ad6b19fdd

  • SHA1

    dd07e18f2b5e70ca81dcabbf9de9724b93360917

  • SHA256

    402099e936e9ce58a39e8c5b7f288711f8c03d39bfba4f10323477f7f697a777

  • SHA512

    dc6ce1996ab40608eb080fd0ba925df5ff67bca1f2b9ccea4d2aac0c29a708751cfc6345bd43bbb8efe1bcb45a165af8f0131b57ef16fe458aec8e3acd1e51c7

  • SSDEEP

    12288:SDQqwzmhYAjyf11QUH3McJsRohAqZ/3GlhjEjdUVQ9yFhsdIvz0:SJwuJ+/QUH3McJnAqBK1EjapsdIvY

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Prevents application removal 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to prevent removal.

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
  • Requests enabling of the accessibility settings. 1 IoCs
  • Acquires the wake lock 1 IoCs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

Processes

  • com.spacex.mmobile
    1⤵
    • Makes use of the framework's Accessibility service
    • Prevents application removal
    • Removes its main activity from the application launcher
    • Makes use of the framework's foreground persistence service
    • Requests enabling of the accessibility settings.
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4618

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.spacex.mmobile/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

    Filesize

    8B

    MD5

    6fe4b941d6d110c7d4f3029561e5cf6a

    SHA1

    42491f9ca5a1a72d125fbd2d5a1f20e394ede923

    SHA256

    922c0dd92792dfd75488b27de620e2b1ad66a5e4bb38892671ec2421100f7945

    SHA512

    35d80b058c851facf658a80835e6e0264999c12ee2eb0471b65049458d8eabf3270258e2821de210324d27787ee3e2ad7a4773fc48d0135d7b7d7a3f7f2d1285

  • /data/misc/profiles/cur/0/com.spacex.mmobile/primary.prof

    Filesize

    508B

    MD5

    02dfdda9302874d7e041994fe11ba307

    SHA1

    8348c24f5edf9f0193f362c483c83a7807fa3c40

    SHA256

    a85cf46a39a20dc04557f47f5084a517b87cfad4599d28a7c59518e6c1c23857

    SHA512

    df51c5a819ed9689ba866d5add070f116b90910af95a0921297dbf132d75da877d1a327685c614ff59af46fb1d523fa6f609669a3f5690f775dd8fdea91e8364

  • /data/misc/profiles/cur/0/com.spacex.mmobile/primary.prof

    Filesize

    1KB

    MD5

    1a432b2d71f14a8a4e315998cc4dc57f

    SHA1

    639e426e34ea33bb573589cc6539abeef86cedde

    SHA256

    d140d359138329c9a613a19f6552efa9182b63a87e7ec1d5e814cc7bf1b7e98c

    SHA512

    4c8b22fdcd85c46a0087aa40e49b8a4ebc0f8195a7bfcf31049db315c495406b9d557c67c80e364df6031c2a6106a636e2a1f47af1f58d1ffed25fb6405f3387