Analysis
-
max time kernel
84s -
max time network
90s -
platform
android_x64 -
resource
android-33-x64-arm64-20240514-en -
resource tags
androidarch:arm64arch:x64image:android-33-x64-arm64-20240514-enlocale:en-usos:android-13-x64system -
submitted
28-05-2024 17:43
Behavioral task
behavioral1
Sample
ready.apk
Resource
android-33-x64-arm64-20240514-en
General
-
Target
ready.apk
-
Size
8.5MB
-
MD5
bce84c16a85bc8313dd54f8ad0e1dadd
-
SHA1
878c4e9048d687acda2e9b98e9b527b551ce2b61
-
SHA256
40fa96521833b363e9a79eebc3586c1a1b5d0428e968a5a4850e743fe5487e56
-
SHA512
079850e4cc179a9b01fc139e1be9779fdaee6f2801194c8b5edfc4f0ed2df55d3c8bf98ef124f87e400c5402e79eed99363a4f8ece812de25f33a492108a0d13
-
SSDEEP
49152:iUnuwZggIdrwVuBLGN9afkp1+itN0H931LmzzzdGGvQTOZBUFYqT0cgYIJW8:Xu1A8gN9aq1ZNm1LmzzzBITJ0tYB8
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
Processes:
sean.ee.expansiondescription ioc process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId sean.ee.expansion Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText sean.ee.expansion Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId sean.ee.expansion -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
sean.ee.expansiondescription ioc process File opened for read /proc/cpuinfo sean.ee.expansion -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
sean.ee.expansiondescription ioc process File opened for read /proc/meminfo sean.ee.expansion -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
sean.ee.expansiondescription ioc process Framework service call android.app.IActivityManager.setServiceForeground sean.ee.expansion -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
sean.ee.expansiondescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener sean.ee.expansion -
Acquires the wake lock 1 IoCs
Processes:
sean.ee.expansiondescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock sean.ee.expansion -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
sean.ee.expansiondescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo sean.ee.expansion -
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
Processes:
sean.ee.expansiondescription ioc process Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS sean.ee.expansion -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
sean.ee.expansiondescription ioc process Framework service call android.app.job.IJobScheduler.schedule sean.ee.expansion
Processes
-
sean.ee.expansion1⤵
- Makes use of the framework's Accessibility service
- Checks CPU information
- Checks memory information
- Makes use of the framework's foreground persistence service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Checks if the internet connection is available
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Schedules tasks to execute at a specified time
PID:4294
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Foreground Persistence
1Hide Artifacts
1User Evasion
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Replay Monitor
Loading Replay Monitor...
Downloads
-
/storage/emulated/0/Config/sys/apps/log/log-2024-05-28.txtFilesize
33B
MD593abbcfe84b7149132af95a78bff7dc0
SHA1a4bdde5561557e33ece34367ac07dcbcd102f892
SHA25618016bd384a6901ff1a8ca33a7534826ef5f81b18479d990a9fa7299a65b1250
SHA512084809e881aba361fe4f2fba78eeb169b2baaa4153f771b9e902fc9d91cbe6c465c780b8075b62b97b2558c38326fa1a84af86e9deebbf06b6e03bd3487aee13
-
/storage/emulated/0/Config/sys/apps/log/log-2024-05-28.txtFilesize
57B
MD5484d27699c590921a9792910667822dc
SHA1f5e13f33f7843818c9d5bd3566c6f3cc3fb26cce
SHA25605aba2dbb38ad27708a86c54f80d7e0121e909308d4295b5aaaf36bdb78605d3
SHA512838eaea0a6abead54495e7b5a8eb91154e29b4739e53fdbe0fd53c479646b59181edabad4a75604346474a9fc645c539d4c4befb4d857fbe8df9d9854eb84d3f
-
/storage/emulated/0/Config/sys/apps/log/log-2024-05-28.txtFilesize
57B
MD543cda95a4f75d34454e8430029bd0d56
SHA1014a2722a8b214304f8db276f287ecef4a55c2a8
SHA256215a873f4f8bfe89a1b497a9d6a8f946d2a114482266d5dedf89905c2bf7c48a
SHA512cf7fe84d729111afe328e84c895bef1f83511ab3968c17742f06b749d941cb8f6821011261c26b5311474eeb0ccc2f33311cc311ce45fe7e87e3b10c1ffb4d94