936c7be87d75d6bfa436f2e9517169043e4be71822fb7f0f90216571fb4e7903

Analysis

max time kernel
146s
max time network
156s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
28/05/2024, 22:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

936c7be87d75d6bfa436f2e9517169043e4be71822fb7f0f90216571fb4e7903.apk
Size

1.8MB
MD5

766b4c49ba47d39f7ffaea3c11b61c3c
SHA1

92346b7060aa550cf788d42f49ea6205ea5bbc8a
SHA256

936c7be87d75d6bfa436f2e9517169043e4be71822fb7f0f90216571fb4e7903
SHA512

4f869b4398d596f6a60489e58d3bdc7ce50a52899dd952a2c0fe7ac3ee2900ee8198b333f4a723b3aecba5b85ea126cb60d1fccc71329efd5f2b3839801a19df
SSDEEP

49152:EY1fpzKmFgwOJrn9bDJae9AuzPlQNnVAczb:RpHOBn5JD9AuzPlAJ

Score

8^/10

collection credential_access evasion

Malware Config

Signatures

Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	org.zzzz.aaa
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	org.zzzz.aaa

org.zzzz.aaa
1⤵
- Makes use of the framework's Accessibility service
PID:4624

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
5cc06e1b045b78c102db95b982b73469

SHA1
1cea3506979ef0a95b200fb4388ba21347cd4885

SHA256
f7229afe6fde10dd15f05bfc3c7081dab1ce73adde1da646fbb6b17d640f78a5

SHA512
c42a83c0f7677d5307bdabffa61247bb6ed315f36c758fba79d222da6ad463bcda0b1f94fa02db456e067f4c0cf3dbd9d0e841d717d345d3db841ebaa0624067

Download Submit
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof

Filesize
1KB

MD5
ef04bf3cda9bd61562f05a2666374f5c

SHA1
b7d570408ea9e09be8565824b1ea2f2faaac29b6

SHA256
bf3aca4d94d96af292ba8f7bef623eaf0753948de1984eed58a234dd96c12c7f

SHA512
8a5d21bf352fe65a088fc4179cf51a62c5ce27f506b1aa1da5c688d162bace9af5ccec3dd811c5483cc1ab4b1c9ba41862826ae2264eeb78fba954537d9a11fb

Download Submit
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof

Filesize
2KB

MD5
3bf57a254b660056388de24a0e6ae369

SHA1
5ddcb3ffcf0820efaecc25f0f5b2b6960d3c713a

SHA256
4c316243d6caed0e7fffbbe0d42711bb6591a22d2406a3589cf5a1aad067ebcb

SHA512
d4289cbb03ee9fbd8fe2f0bc2fea26af7cd5c090728522a59a542f2bb7a560be593697f6179bb804e678215023af91428e31cf4c5b576dc21a631acf454001d5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads