7f462387a033f6bc4956c1d7d93ded7989594370f5b43864a98452872bd1410a

Analysis

max time kernel
23s
max time network
164s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
23-05-2024 22:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7f462387a033f6bc4956c1d7d93ded7989594370f5b43864a98452872bd1410a.apk
Size

2.2MB
MD5

f27c853c9837498a21cdd0df6f13a3da
SHA1

a03e8ce1eb3a07d48f078c1d20b2fc65d62e136c
SHA256

7f462387a033f6bc4956c1d7d93ded7989594370f5b43864a98452872bd1410a
SHA512

4667453f4d5286247761a56bdbc0096ebb50802def4d620a584435e861d4192c5e2f6ca5282f7425ff924415152712a2e5dad6a991974d5b4315928b5a9c5428
SSDEEP

24576:pAFClMQsICbjS4Nt+L12nkNPbCnsV57AmOIw15Ki8MjvNjiXJmcI4HwkAdFMpdH1:aFClMQvb4mxqoPCya5R8M7RuQaQ+sjC

Score

8^/10

collection credential_access evasion

Malware Config

Signatures

Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

Processes:

org.zzzz.aaa

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	org.zzzz.aaa
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	org.zzzz.aaa

org.zzzz.aaa
1⤵
- Makes use of the framework's Accessibility service
PID:5213

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/org.zzzz.aaa/files/profileInstalled
Filesize
24B

MD5
59c2f3f0f54e4bb8e03639654ba4dd6f

SHA1
fe6cc81587fff239552dd77fd3128023001af404

SHA256
8c4cd6a4d74cb7924bc2629a4bd395be8632fae63d93bd22cba62586075aaa55

SHA512
138878067d134136b298fe4e005a8ef5ef24750706fd531b5a559f2b1e82053f743710b708c40bbde48df63a626c50e5241dce51ea32c8c8e2e9cc9578a951fd

Download Submit
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
Filesize
8B

MD5
0d8df447f84a2d316015ea9e8da24bcb

SHA1
a66c47108e20cdf32341058e42a70804f4ee63b0

SHA256
99afa37bffdd6c0daec6bfca0b08a45d4c4ac404658f21a60f92fb34086639a3

SHA512
66525a9b8ff18d25f861fe134f5f13ec71d6c98597f95dcb2e34f32ebcde31cc2d61836e1c1a8a2e51f883848d590e8c8c78ed4de18e9c226db8aeaa69c9162c

Download Submit
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
Filesize
1KB

MD5
c5410007912e083bffefd5b76e40224d

SHA1
1d43645fd076f75df13f430b5441d028778fbfa0

SHA256
cb770f333013f854842d25c5b29b8ad849d7a3b2352244d29814e2e2c3f678dd

SHA512
10d320eeed77d581b088966c620a3b9d45b2249782988469857ef42a352bbc2d183a18adefcb79725b58bb9d24e63e0096d32ebc8c6612e96ff32712b9ea43b9

Download Submit