d4ab75f8a7b5abb3bab5989a7e426561230da50087da3c60b9ef15c616ebcbee

Analysis

max time kernel
152s
max time network
187s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
23-05-2024 22:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d4ab75f8a7b5abb3bab5989a7e426561230da50087da3c60b9ef15c616ebcbee.apk
Size

1.7MB
MD5

81f16f031a0161b6710cec80b2ea07db
SHA1

5f3507471c0db78cd4fcac12daac634f54bb2339
SHA256

d4ab75f8a7b5abb3bab5989a7e426561230da50087da3c60b9ef15c616ebcbee
SHA512

635581baf1654e8f5546191f129e772388a14280dd919079c4440642747ea208525d4ed4eaac8bbaf8be73a219b252cf8fd761f0c2a017305414737c789dd58d
SSDEEP

24576:hY13wSGgvt2B6TqRp68TGtUdfZ4hs18jzVTl/JA177eqrjpF8jIDqyx9GkwEes:hY1F+Uu6AZ4hFnv/J47PdD/T

Score

8^/10

collection credential_access evasion

Malware Config

Signatures

Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

Processes:

org.zzzz.aaa

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	org.zzzz.aaa
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	org.zzzz.aaa

org.zzzz.aaa
1⤵
- Makes use of the framework's Accessibility service
PID:5103

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/org.zzzz.aaa/files/profileInstalled
Filesize
24B

MD5
aefcb7738e76909231e9a38081d4ba8b

SHA1
0a79399b80bafbf5b9d2ae13fed649a50b60610c

SHA256
93f78f2515e39b8f33b1b52a03c0c83624e1dc997ee758ca56590871171b9b3f

SHA512
9cd3f172e0473a7cf134b51611f87c22c20efab9e01e0b85422ccc5a81182ff387327f29d11108265be9fd86a2d893c0b6fbf70e2394c81e1a69a3671a444ee1

Download Submit
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
Filesize
8B

MD5
d22f99067acb29d7b8e48969cfa4be3d

SHA1
f8a60c133367658493e45c0873eb5297f84c38f0

SHA256
20e1620ce8d2acc0e3cb6c96068d58e32993604dfb7e0ef204d7518ae7dcca6b

SHA512
c9a79949ab7d06ba43e8b02e2f134bd7f2f07f3b63e4b663169f6e2bb71679be42e75707f31b78ec479f27e317b9f0ec64a4c236337aa180ea9ebd22aeedb565

Download Submit
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
Filesize
1KB

MD5
ee96573db4c28671a3777136da873e32

SHA1
0f993097d632f1d33d5e2ff6b72a1f3cd82dfa61

SHA256
6e3883b340234b84b3a8e5c6d90c5e44bd7bf9d9dd6766b35e829d696b42b4c1

SHA512
76c1f2bfc8f8027dccdda397adf5bf85449e6112e8239cd671a231619ee77610ff32206b479517701dce1a79e40bcac1e0245677c9dc9632f83705615841bb04

Download Submit
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
Filesize
2KB

MD5
802151c137ebd751a2b4a80cfa3c6cb2

SHA1
e753fc1ecd053c54922b63c5db9da79853b5cfc3

SHA256
d49ac481e7bff4b7d0917ab06d4ccd5e4c020aaf636e8d1aaf4645bacb360a8f

SHA512
00545c9463058f9ea6c2b1915b4dbfc1902c5804bcbed5ecd84cec6087adaafdd7b35a503e185e798a0444fb25bb26226ae96ecdd70ce91916565c16d8d16385

Download Submit