Analysis
-
max time kernel
48s -
max time network
184s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
19-05-2024 22:04
Static task
static1
Behavioral task
behavioral1
Sample
402099e936e9ce58a39e8c5b7f288711f8c03d39bfba4f10323477f7f697a777.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
402099e936e9ce58a39e8c5b7f288711f8c03d39bfba4f10323477f7f697a777.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
402099e936e9ce58a39e8c5b7f288711f8c03d39bfba4f10323477f7f697a777.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
402099e936e9ce58a39e8c5b7f288711f8c03d39bfba4f10323477f7f697a777.apk
-
Size
563KB
-
MD5
d30fe7c78c8a89517e19ed4ad6b19fdd
-
SHA1
dd07e18f2b5e70ca81dcabbf9de9724b93360917
-
SHA256
402099e936e9ce58a39e8c5b7f288711f8c03d39bfba4f10323477f7f697a777
-
SHA512
dc6ce1996ab40608eb080fd0ba925df5ff67bca1f2b9ccea4d2aac0c29a708751cfc6345bd43bbb8efe1bcb45a165af8f0131b57ef16fe458aec8e3acd1e51c7
-
SSDEEP
12288:SDQqwzmhYAjyf11QUH3McJsRohAqZ/3GlhjEjdUVQ9yFhsdIvz0:SJwuJ+/QUH3McJnAqBK1EjapsdIvY
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
Processes:
com.spacex.mmobiledescription ioc process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.spacex.mmobile -
Prevents application removal 1 TTPs 1 IoCs
Application may abuse the framework's APIs to prevent removal.
Processes:
com.spacex.mmobiledescription ioc process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.spacex.mmobile -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
com.spacex.mmobiledescription ioc process Framework service call android.app.IActivityManager.setServiceForeground com.spacex.mmobile -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Requests enabling of the accessibility settings. 1 IoCs
Processes:
com.spacex.mmobiledescription ioc process Intent action android.settings.ACCESSIBILITY_SETTINGS com.spacex.mmobile -
Acquires the wake lock 1 IoCs
Processes:
com.spacex.mmobiledescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.spacex.mmobile -
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
Processes:
com.spacex.mmobiledescription ioc process Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS com.spacex.mmobile
Processes
-
com.spacex.mmobile1⤵
- Makes use of the framework's Accessibility service
- Prevents application removal
- Removes its main activity from the application launcher
- Makes use of the framework's foreground persistence service
- Requests enabling of the accessibility settings.
- Acquires the wake lock
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4618
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Foreground Persistence
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8B
MD56fe4b941d6d110c7d4f3029561e5cf6a
SHA142491f9ca5a1a72d125fbd2d5a1f20e394ede923
SHA256922c0dd92792dfd75488b27de620e2b1ad66a5e4bb38892671ec2421100f7945
SHA51235d80b058c851facf658a80835e6e0264999c12ee2eb0471b65049458d8eabf3270258e2821de210324d27787ee3e2ad7a4773fc48d0135d7b7d7a3f7f2d1285
-
Filesize
508B
MD502dfdda9302874d7e041994fe11ba307
SHA18348c24f5edf9f0193f362c483c83a7807fa3c40
SHA256a85cf46a39a20dc04557f47f5084a517b87cfad4599d28a7c59518e6c1c23857
SHA512df51c5a819ed9689ba866d5add070f116b90910af95a0921297dbf132d75da877d1a327685c614ff59af46fb1d523fa6f609669a3f5690f775dd8fdea91e8364
-
Filesize
1KB
MD51a432b2d71f14a8a4e315998cc4dc57f
SHA1639e426e34ea33bb573589cc6539abeef86cedde
SHA256d140d359138329c9a613a19f6552efa9182b63a87e7ec1d5e814cc7bf1b7e98c
SHA5124c8b22fdcd85c46a0087aa40e49b8a4ebc0f8195a7bfcf31049db315c495406b9d557c67c80e364df6031c2a6106a636e2a1f47af1f58d1ffed25fb6405f3387