7f462387a033f6bc4956c1d7d93ded7989594370f5b43864a98452872bd1410a

Analysis

max time kernel
132s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
23-05-2024 22:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7f462387a033f6bc4956c1d7d93ded7989594370f5b43864a98452872bd1410a.apk
Size

2.2MB
MD5

f27c853c9837498a21cdd0df6f13a3da
SHA1

a03e8ce1eb3a07d48f078c1d20b2fc65d62e136c
SHA256

7f462387a033f6bc4956c1d7d93ded7989594370f5b43864a98452872bd1410a
SHA512

4667453f4d5286247761a56bdbc0096ebb50802def4d620a584435e861d4192c5e2f6ca5282f7425ff924415152712a2e5dad6a991974d5b4315928b5a9c5428
SSDEEP

24576:pAFClMQsICbjS4Nt+L12nkNPbCnsV57AmOIw15Ki8MjvNjiXJmcI4HwkAdFMpdH1:aFClMQvb4mxqoPCya5R8M7RuQaQ+sjC

Score

8^/10

collection credential_access evasion

Malware Config

Signatures

Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

Processes:

org.zzzz.aaa

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	org.zzzz.aaa
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	org.zzzz.aaa

org.zzzz.aaa
1⤵
- Makes use of the framework's Accessibility service
PID:4326

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/org.zzzz.aaa/files/profileInstalled

Filesize
24B

MD5
8c929a21995a39db75a8e6a71b8b1e6b

SHA1
84719358d27171ae8bd0abb4dde09beaa9717b65

SHA256
ba6f7f895170dfa72c41eb24ebafc36ca9ec9a89fd03356b697de597ed7cd23a

SHA512
0405313db7bf7640d767f9a209bb6fe6cf87360e6a00d8131cf2c214fd87034200b81d7bab3f959f11191c009d72840769a3901219e250b39742d5ddf118fbf4

Download Submit
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
579f2ee83221dc8eb6b46d45d75524a4

SHA1
915e175be0ffb9f258faceade190369ff5255ff4

SHA256
650ef30492c79396e0c26403822f216e0f19a87140966cf2c8e7f449001264c1

SHA512
59fe3338e751ca822b7d3c05b1f2d4f32839644d7d562fa64a3972a50399112ad74229b8995df19418c232dabc326373d7090b14bc87f0d2391c09fd12341a5e

Download Submit
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof

Filesize
1KB

MD5
c5410007912e083bffefd5b76e40224d

SHA1
1d43645fd076f75df13f430b5441d028778fbfa0

SHA256
cb770f333013f854842d25c5b29b8ad849d7a3b2352244d29814e2e2c3f678dd

SHA512
10d320eeed77d581b088966c620a3b9d45b2249782988469857ef42a352bbc2d183a18adefcb79725b58bb9d24e63e0096d32ebc8c6612e96ff32712b9ea43b9

Download Submit
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof

Filesize
2KB

MD5
cd3365aefae0b2920a5b10f33d3b90f2

SHA1
ce33563e19f85ef8f952182da2d606bbf364b47c

SHA256
a9f681cdf74ae3d09d290b1328452cb15e48e7f4b9df96646ddf992a4c6a389b

SHA512
a4654c29f30fee01807189c7ed2571bbac1c4ed94ef6324964fbf6da5180162cd1646c31b8a636ab63fbabc437f8cd814d23b3043c3fea8d9bcafee5dd43907a

Download Submit