Analysis
-
max time kernel
179s -
max time network
186s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system -
submitted
23-05-2024 22:01
Static task
static1
Behavioral task
behavioral1
Sample
3e9001834c024f61b4c313b339b82a05c2ed85dc89ea3c2f8e3237d115e84a3c.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
3e9001834c024f61b4c313b339b82a05c2ed85dc89ea3c2f8e3237d115e84a3c.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
3e9001834c024f61b4c313b339b82a05c2ed85dc89ea3c2f8e3237d115e84a3c.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
3e9001834c024f61b4c313b339b82a05c2ed85dc89ea3c2f8e3237d115e84a3c.apk
-
Size
555KB
-
MD5
851dd05eaba655e36a7f16b1a92bdd54
-
SHA1
535bd9bb221dadb8c80405372ff5b823635d892f
-
SHA256
3e9001834c024f61b4c313b339b82a05c2ed85dc89ea3c2f8e3237d115e84a3c
-
SHA512
b8dc6984bb563352e55023102814135a48d4bf581af47f0d29434f1da63a08d106ac5c3e9f3b386bf013d64bfb97df9f4f2008c32f2bbb834caf647fbf906feb
-
SSDEEP
12288:vuRIjz7XY0gQrJKc3MoonGlhjEjdUc6jRASsUgTXTb/zClV:vuRQvNgsJKWMoaK1EjV61Aqy//zClV
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
Processes:
com.spacex.mmobiledescription ioc process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.spacex.mmobile -
Prevents application removal 1 TTPs 1 IoCs
Application may abuse the framework's APIs to prevent removal.
Processes:
com.spacex.mmobiledescription ioc process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.spacex.mmobile -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.spacex.mmobiledescription ioc process File opened for read /proc/cpuinfo com.spacex.mmobile -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
com.spacex.mmobiledescription ioc process File opened for read /proc/meminfo com.spacex.mmobile -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
com.spacex.mmobiledescription ioc process Framework service call android.app.IActivityManager.setServiceForeground com.spacex.mmobile -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
com.spacex.mmobiledescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.spacex.mmobile -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.spacex.mmobiledescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.spacex.mmobile -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.spacex.mmobiledescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.spacex.mmobile -
Acquires the wake lock 1 IoCs
Processes:
com.spacex.mmobiledescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.spacex.mmobile
Processes
-
com.spacex.mmobile1⤵
- Makes use of the framework's Accessibility service
- Prevents application removal
- Checks CPU information
- Checks memory information
- Makes use of the framework's foreground persistence service
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
PID:5250
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Foreground Persistence
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
24B
MD5bd8d52256082a3d9ba803c5f01afdb2f
SHA122f77c2186f8a606b056545e7b57f14f8a4aa1eb
SHA256b559aea2303dd6314c6d4caab66c0d9551359c04c8edfe9a1c61c6a6bda88a56
SHA5125e861786580b82aaff0bc2761b92d450a12c612b4b6bb66724087fa9a2f910391026d935b31346df39414e4343e7542b71d9991805962ada64787829c7d50363
-
Filesize
8B
MD56876ac9f516002d1d8810f38b320bf43
SHA12c0e5ed9e1ef1c6ff638268ca1fbe5a4eadfdb52
SHA256f1a813819f8aa4495d5ec8b08924787a1355ee688f5f546724d5dcf14abc97d3
SHA512d90325113d76a6efcb4e61bfb77d780afb3ca1748d48c1cc08718cb91bab8773f19e040b21178c3a58458a008ef2630eb538344d62d2c51626c0c8c9a4765e1c
-
Filesize
626B
MD5eac1a0e01779adb5a4ef2b3e3d22bea3
SHA1f60f39062094d1b045de3483d6d94e2644e887ff
SHA25697ce187e3a40c9d618ce0a1ff70e8abca17d47b0cef8c58887669d1201bcb574
SHA51284044638119bd76df4e6c42a0a6eff1dfec5a47a8ee5b61ffcfdcb275e0545f1d62a214499a8b6daaa0ccedfd06b6a9eef124e0337141e9b90a60aad684cd1cd
-
Filesize
1KB
MD5fa32db3f7389842769d0f545b862c90c
SHA1ecbaf6d1d291728262726fc5f8a051a633bac460
SHA256ff89d3b322ea22d37a1b74bd689be8aa32b1aaf379a790e4b88a098ccbed3ef3
SHA51257224c5e75fb766cb9bf3fc26956fddc464e1899e1e6ee3828064d3e4eb0d058296d712d60d2c2d1feb73a60b027e36cb9a5d98fb9e3422ecb11420efd426579
-
Filesize
1KB
MD51a1c82727dc878089df70258ba7ea200
SHA14bcc9b43709a580109f7afa7ff2d8dac550cda22
SHA2567920314f3a9b2ee9e4004aba3ef07f015a22c8044cc0aadcd11597af46a93d5e
SHA5120a57ee3cdbd380b8edaa0874cad82cab45c11df0abc60cbff58a0c110dc490882ebe9a295467614267f07feba3ec0a06de84eb421d26064cd7620eba8686867f
-
Filesize
1KB
MD568e7f15e9f5c3341ca32df6d6474bf7e
SHA149fd9478715914ff0af7210680ca9e6e44e9711e
SHA256c7dbb16b33cde4d789841da9eeeab730e64371a6d79086ec179d8a3bd2126426
SHA51237290fb8a78826353f61ddd989e4bc921c598cb744af52ebf4bdddb897840b4358f5f9b4ba1ab1e772f14ca2016b58bfb7271758309ce28899addfe35688187c