a5a4a99e1a99645a9b77ca72176bc2fbbffa9e67e862af350f8c9341122f07a2

Analysis

max time kernel
157s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
29/05/2024, 22:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a5a4a99e1a99645a9b77ca72176bc2fbbffa9e67e862af350f8c9341122f07a2.apk
Size

2.1MB
MD5

52070642fc6153704d70477fa8e100c7
SHA1

1995709c41dfcf973ee6db6531e5ef9337311439
SHA256

a5a4a99e1a99645a9b77ca72176bc2fbbffa9e67e862af350f8c9341122f07a2
SHA512

1373212856c6e37e856f669b39844a7f7fa86ce74af5bd107907bd0e9f7fa188a07b5e95f7d3bbaf114b306a214ff2f5627e0cd4a961f1b1ebc6374c12144ad1
SSDEEP

24576:crqnFClMQMiD9wCHF8ARGbbbFq/QFNyWDCb/K/jZIofOJDR+pgdHS9z8t/iNjHrt:cuFClMQx981b9qOyAa/K/t2DJm

Score

8^/10

collection credential_access evasion

Malware Config

Signatures

Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	org.zzzz.aaa
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	org.zzzz.aaa

org.zzzz.aaa
1⤵
- Makes use of the framework's Accessibility service
PID:4295

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/org.zzzz.aaa/files/profileInstalled

Filesize
24B

MD5
d68048c18410ade635881f3dbdd993b8

SHA1
3410ea64eb74392035da464f84ab4a65e445f229

SHA256
fdadc58d21f1e52d74981aede0dc27fb9022d6ae53edf1e80bbe526fd8da5158

SHA512
04933cd3ade83455440b60963f958c976245d6b32fc87b98527c871bead7f266a890b90cc606a0983d11c50648d7cdd1c80b5081b3d7005e231b086b55b2b62e

Download Submit
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
8a452c54a17fc9d03bca650686d98f57

SHA1
09d92ec3beb4ba4e7700056244ec3fd591cd4e99

SHA256
8e07acb07bd8582db2d833cac28845e5d2cf5d1762bb907e5bf885e3a3c9f53e

SHA512
7a4ae35d8bdc0830b3eb79e6dab1b92680082135c77222aeb28227e2f0a30096733e5082af65a9459ca108f3c2e680e5cd02067c16ca1a0597994d892bd4211d

Download Submit
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof

Filesize
1KB

MD5
fa8abc3e7177b62bb44f9ed8f9f241b6

SHA1
fa4f7763f7dc6a5443fc435a2d9047b329998fcf

SHA256
20dbc1324e8d83e0b0957de633e457b5ab75fb31b61466b78dc176e1fcf500d3

SHA512
af39a7223e061e1777350e4ff79fc710774c5d6eac41c87c6c316a082068564eeb9e6a517f109fd851b18468f89725077f8d5644965473047a42eee512b2b70a

Download Submit
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof

Filesize
2KB

MD5
c2a754acc7cf55a57ab42ec4b381e542

SHA1
a00b3a96e8a77156572ef56d5338b3ada8528586

SHA256
15088528902def71276643927f5e1ecf30b42801fc703f7e8048f3c1b1d5c0f2

SHA512
552f47e3eb6bf88e1db56c9b674515dd2e1433e972844fb8ce9e2972db2683f3dc76900ebd2b525f99600b64560e994a078d83726d4ffed8d844de0873acd0d1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads