Overview

overview

8

Static

static

6

8.apk

android-9-x86

8

Analysis

  • max time kernel
    179s
  • max time network
    187s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    24-05-2024 12:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8.apk

  • Size

    4.4MB

  • MD5

    03621b63564fa891a5f20f946323d3c6

  • SHA1

    789172c78da45921035932147ae55a61cd74dbf9

  • SHA256

    01a70df936b8d827be6f689ffe9c0b798c45bab8e543106113aa88ddd9c76ec2

  • SHA512

    55965fca9488cf0edbec75418fa2c42b434c205a1d89a48e068024a2d1e7547a909608cc26657aba4891ba5659f8948f11cbeaccf09aa1e241a57b96e246fd55

  • SSDEEP

    98304:HmP2dEvZCQGO17qWa+db9XVHz4co7ePw6b+fRf:GedEvcQGIdbllto7ePfbURf

Score
8/10
collectioncredential_accessdiscoveryevasionexecutionimpactpersistence

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Acquires the wake lock 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.sftujczsukba.ktsxb.kta
    1⤵
    • Makes use of the framework's Accessibility service
    • Checks CPU information
    • Checks memory information
    • Makes use of the framework's foreground persistence service
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Acquires the wake lock
    • Checks if the internet connection is available
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4305

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.sftujczsukba.ktsxb.kta/app_tbs/core_private/debug.conf
    Filesize

    101B

    MD5

    450401413a8088023c28baef118e4b0b

    SHA1

    0df817c3c0b0e3f754dfa637159d49e9b931cda2

    SHA256

    362fc934adb53986ed4a9f8738ddc156aa0c1817beb3c0458e18c9722f11e01f

    SHA512

    f503a9bc683805666a50ae7ff9e55b85b0da335d2d974e1a979108fad3e81eb2a0df7833d145626d8d49d9f1787fcc0f042f4ede3d8f3cb1b8a1dca966abc26d

    Download Submit
  • /data/data/com.sftujczsukba.ktsxb.kta/app_tbs/core_private/download_upload
    Filesize

    108B

    MD5

    267a19dc962af73b1694e430f9097081

    SHA1

    650d22ac3b335dda745ee0b2e74bacd2483cdb76

    SHA256

    d0a50d57334c3c3626c4ca2f0c0bbd961be4f85a6fbb1b61c8678cd125b39265

    SHA512

    64df733ebb0c60a75811c885d9fa4740d01e59f4efdcbbbd3b14ddebb2e53eabe311a24afc36fbe98f5eed4343e2c949acd9773c0bcbb5ab4202f376fc9583da

    Download Submit
  • /data/data/com.sftujczsukba.ktsxb.kta/app_tbs/core_private/download_upload
    Filesize

    135B

    MD5

    03a14e4170bd6b9aacb5ed9586422136

    SHA1

    90aa733f84e59598abf8ead8b440a65fceb118a8

    SHA256

    f64050ab199b58efc048ffacbbd7ca995b18714ad220930c4c1b313523436982

    SHA512

    9527611b6787c73e162b974df4510c12cc9f9c1e636e96b1c5b825d4cb49c19f06e617a435f8165a28e2de047a2be919503949d0b027039f8a554894bd67f82d

    Download Submit
  • /data/data/com.sftujczsukba.ktsxb.kta/app_tbs/core_private/download_upload
    Filesize

    56B

    MD5

    1ab89e5a55a57904d8374f4a2c197e7c

    SHA1

    a4c89c00e3369370275578edb5b46350f5a3469a

    SHA256

    74d216b16b8c52e50cda31da8e7851c1f853675c5431000888df8b85166a51e4

    SHA512

    d69ad2f756290ac37346d02b3f84dbcdd58da67d48059bd5f415ca1480180b9f70324182b0247caf3755b498fa96b21f66c53fed288f4d38d1f6e691a962b366

    Download Submit
  • /data/data/com.sftujczsukba.ktsxb.kta/app_tbs/core_private/download_upload
    Filesize

    56B

    MD5

    7b9f7bd681f4077f4c8af8722d875e05

    SHA1

    efc965e7c95237db4e33024e2122b58c4554bab9

    SHA256

    ec68eab1577bb3b1e3fa14b0a9b62235271c1ac51b09ec3fa9ee044e1bc9c297

    SHA512

    2c03cfd397d89010d0ac9d9a532519808926fe03188b080dc27f3776d153904bfbb79960ca0d2fe8eb9dbd15ddf370d7774ee3186225db65915d9a09e56fc428

    Download Submit
  • /data/data/com.sftujczsukba.ktsxb.kta/app_tbs/core_private/download_upload
    Filesize

    84B

    MD5

    b2e2da7ab5bb800bf5def9a562f30410

    SHA1

    c3bcdb099001526db612a84a026e5caaef476b15

    SHA256

    77a34a068a0e91edd18435629b8d96d4aecf0224f336298a166f1a7b8e0790a1

    SHA512

    739cdda7cc8d6a0c1a758bd74167145bbdb3e649c5409b0e025d8122e39d1c342b3c4b46bc85fc281cb1ba462332f438c8db315c46489d94bd7a150ceb6f0b87

    Download Submit
  • /storage/emulated/0/Android/data/com.sftujczsukba.ktsxb.kta/files/tbslog/tbslog.txt
    Filesize

    49KB

    MD5

    40a1b0ead69092c28430e6f28fd2b454

    SHA1

    186e0c3c651b63f8d080d4d36fdd69c7bcc7bec4

    SHA256

    2586208470d6bf968284e37227bbef239520eb2c5503bf4983f22857bdbf6bd3

    SHA512

    1d5b40b2188fd5625cc19a36e75921ee041386c35029359469ffbdee61d48e8d173439c69809669a4d9dfceed24de28cd49903a2d7eeb0d40c1a492fa510a0df

    Download Submit
  • /storage/emulated/0/Config/sys/apps/log/log-2024-05-24.txt
    Filesize

    44B

    MD5

    95c3355ab783604c182cdc7b6ca7d299

    SHA1

    0315f13bc62ff10a3a9688aa42d6ebd1595dfb49

    SHA256

    07c13993b22234d0a3282cd0c1888a49dd502a2988337036885f7f138bab6354

    SHA512

    7ebb1c4d2c6b244e543648de9ac93ac93db7b18a6aaa574473e61de939100f630ec0a1ec1bbc21f86a9fde23b4ad14c3e2001c4f21ba299568873cd24d93b634

    Download Submit
  • /storage/emulated/0/Config/sys/apps/log/log-2024-05-24.txt
    Filesize

    28B

    MD5

    e37437f35d051f8dece01625e6c8f4fd

    SHA1

    f77faaf7ceac5eb19b2ba812ace8f94b8f082d42

    SHA256

    b26f64c7d68394096e016ca1c6c4c88ce88e581f1251440212c6131f31b2a4c9

    SHA512

    1c5d6d4e97770e186974023c8841451b46e245dd98c6fcc48dc51e8f7df603a8f427b4c61a670b3b9cbfc846d1b1b45461782b6bf961db485c4135a81e17bf17

    Download Submit