a2f0430bebf1a55da1d7aab31021a90b49290df5bead76ee49f27ee37bd1e03a | Triage

Analysis

max time kernel
174s
max time network
150s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
21-05-2024 05:51

Sharing

Report Analysis Logs

General

Target

daemon.apk
Size

5.1MB
MD5

0443d4fc2d9ad56f9a8411ede1198d34
SHA1

38075a13e881690a7d8733710cc557556edf36cb
SHA256

ed61b5068e0af65cb3a53036e04672b1bc409e4c16019711e259023e9a928473
SHA512

188c04c3286c5bb3a7a0c23918d5527465ea26ed85eabdeede3fc54aa711f20b6abb21d359dfce547b3f384c90d58cf7c32c7235b287b73710c39f2816b72866
SSDEEP

98304:em29MwwcRrnSN+2GRfYJWO+fDkL+Ey1qe6SsYO:e37weRfpO0D43Y6SZO

Score

8^/10

collection credential_access evasion

Malware Config

Signatures

Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Processes:

com.android.aliveservices

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.android.aliveservices
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.android.aliveservices

com.android.aliveservices
1⤵
- Makes use of the framework's Accessibility service
PID:4313

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.android.aliveservices/files/mmkv/KaClientKv
Filesize
4KB

MD5
620f0b67a91f7f74151bc5be745b7110

SHA1
1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

SHA256
ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

SHA512
2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

Download Submit