Overview

overview

8

Static

static

6

3e9001834c...3c.apk

android-9-x86

8

3e9001834c...3c.apk

android-10-x64

8

3e9001834c...3c.apk

android-11-x64

1

Analysis

  • max time kernel
    179s
  • max time network
    186s
  • platform
    android_x64
  • resource
    android-x64-20240514-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
  • submitted
    23-05-2024 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3e9001834c024f61b4c313b339b82a05c2ed85dc89ea3c2f8e3237d115e84a3c.apk

  • Size

    555KB

  • MD5

    851dd05eaba655e36a7f16b1a92bdd54

  • SHA1

    535bd9bb221dadb8c80405372ff5b823635d892f

  • SHA256

    3e9001834c024f61b4c313b339b82a05c2ed85dc89ea3c2f8e3237d115e84a3c

  • SHA512

    b8dc6984bb563352e55023102814135a48d4bf581af47f0d29434f1da63a08d106ac5c3e9f3b386bf013d64bfb97df9f4f2008c32f2bbb834caf647fbf906feb

  • SSDEEP

    12288:vuRIjz7XY0gQrJKc3MoonGlhjEjdUc6jRASsUgTXTb/zClV:vuRQvNgsJKWMoaK1EjV61Aqy//zClV

Score
8/10
collectioncredential_accessdiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Prevents application removal 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to prevent removal.

    evasion
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Acquires the wake lock 1 IoCs

Processes

  • com.spacex.mmobile
    1⤵
    • Makes use of the framework's Accessibility service
    • Prevents application removal
    • Checks CPU information
    • Checks memory information
    • Makes use of the framework's foreground persistence service
    • Obtains sensitive information copied to the device clipboard
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Acquires the wake lock
    PID:5250

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

1
T1541

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

System Information Discovery

2
T1426

System Network Configuration Discovery

1
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.spacex.mmobile/files/profileInstalled
    Filesize

    24B

    MD5

    bd8d52256082a3d9ba803c5f01afdb2f

    SHA1

    22f77c2186f8a606b056545e7b57f14f8a4aa1eb

    SHA256

    b559aea2303dd6314c6d4caab66c0d9551359c04c8edfe9a1c61c6a6bda88a56

    SHA512

    5e861786580b82aaff0bc2761b92d450a12c612b4b6bb66724087fa9a2f910391026d935b31346df39414e4343e7542b71d9991805962ada64787829c7d50363

    Download Submit

  • /data/data/com.spacex.mmobile/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
    Filesize

    8B

    MD5

    6876ac9f516002d1d8810f38b320bf43

    SHA1

    2c0e5ed9e1ef1c6ff638268ca1fbe5a4eadfdb52

    SHA256

    f1a813819f8aa4495d5ec8b08924787a1355ee688f5f546724d5dcf14abc97d3

    SHA512

    d90325113d76a6efcb4e61bfb77d780afb3ca1748d48c1cc08718cb91bab8773f19e040b21178c3a58458a008ef2630eb538344d62d2c51626c0c8c9a4765e1c

    Download Submit

  • /data/misc/profiles/cur/0/com.spacex.mmobile/primary.prof
    Filesize

    626B

    MD5

    eac1a0e01779adb5a4ef2b3e3d22bea3

    SHA1

    f60f39062094d1b045de3483d6d94e2644e887ff

    SHA256

    97ce187e3a40c9d618ce0a1ff70e8abca17d47b0cef8c58887669d1201bcb574

    SHA512

    84044638119bd76df4e6c42a0a6eff1dfec5a47a8ee5b61ffcfdcb275e0545f1d62a214499a8b6daaa0ccedfd06b6a9eef124e0337141e9b90a60aad684cd1cd

    Download Submit

  • /data/misc/profiles/cur/0/com.spacex.mmobile/primary.prof
    Filesize

    1KB

    MD5

    fa32db3f7389842769d0f545b862c90c

    SHA1

    ecbaf6d1d291728262726fc5f8a051a633bac460

    SHA256

    ff89d3b322ea22d37a1b74bd689be8aa32b1aaf379a790e4b88a098ccbed3ef3

    SHA512

    57224c5e75fb766cb9bf3fc26956fddc464e1899e1e6ee3828064d3e4eb0d058296d712d60d2c2d1feb73a60b027e36cb9a5d98fb9e3422ecb11420efd426579

    Download Submit

  • /data/misc/profiles/cur/0/com.spacex.mmobile/primary.prof
    Filesize

    1KB

    MD5

    1a1c82727dc878089df70258ba7ea200

    SHA1

    4bcc9b43709a580109f7afa7ff2d8dac550cda22

    SHA256

    7920314f3a9b2ee9e4004aba3ef07f015a22c8044cc0aadcd11597af46a93d5e

    SHA512

    0a57ee3cdbd380b8edaa0874cad82cab45c11df0abc60cbff58a0c110dc490882ebe9a295467614267f07feba3ec0a06de84eb421d26064cd7620eba8686867f

    Download Submit

  • /data/misc/profiles/cur/0/com.spacex.mmobile/primary.prof
    Filesize

    1KB

    MD5

    68e7f15e9f5c3341ca32df6d6474bf7e

    SHA1

    49fd9478715914ff0af7210680ca9e6e44e9711e

    SHA256

    c7dbb16b33cde4d789841da9eeeab730e64371a6d79086ec179d8a3bd2126426

    SHA512

    37290fb8a78826353f61ddd989e4bc921c598cb744af52ebf4bdddb897840b4358f5f9b4ba1ab1e772f14ca2016b58bfb7271758309ce28899addfe35688187c

    Download Submit