a5a4a99e1a99645a9b77ca72176bc2fbbffa9e67e862af350f8c9341122f07a2

Analysis

max time kernel
155s
max time network
170s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
29-05-2024 22:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a5a4a99e1a99645a9b77ca72176bc2fbbffa9e67e862af350f8c9341122f07a2.apk
Size

2.1MB
MD5

52070642fc6153704d70477fa8e100c7
SHA1

1995709c41dfcf973ee6db6531e5ef9337311439
SHA256

a5a4a99e1a99645a9b77ca72176bc2fbbffa9e67e862af350f8c9341122f07a2
SHA512

1373212856c6e37e856f669b39844a7f7fa86ce74af5bd107907bd0e9f7fa188a07b5e95f7d3bbaf114b306a214ff2f5627e0cd4a961f1b1ebc6374c12144ad1
SSDEEP

24576:crqnFClMQMiD9wCHF8ARGbbbFq/QFNyWDCb/K/jZIofOJDR+pgdHS9z8t/iNjHrt:cuFClMQx981b9qOyAa/K/t2DJm

Score

8^/10

collection credential_access evasion

Malware Config

Signatures

Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	org.zzzz.aaa
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	org.zzzz.aaa

org.zzzz.aaa
1⤵
- Makes use of the framework's Accessibility service
PID:5112

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/org.zzzz.aaa/files/profileInstalled

Filesize
24B

MD5
c4433e670d513205a25dc33ca454793f

SHA1
cc8f33ff942efe18b4a931d83a51fe30117fa007

SHA256
0087fc60be55408383cf0253084d36eaaabf006227f527e5fd51c2b2d15dff5f

SHA512
779ad32ceb95bedbe549349140cb2f36af727ccb84729264d5bc2c62f8a3b6b26d2a7ac3c9a42c90a6ca7282d73fae95169e551fe8f2e271434e045f09acaa6b

Download Submit
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
ef48ebc694f000d91c84053e663d1d78

SHA1
c4d83cfec2199069f1ff4ca934ebe35e78427a6c

SHA256
111d6367d893434e98c30fcebd0dcb46f5e6ae620172380ec41f0dbd54b928fa

SHA512
d2d8557340a01338f11cb90512ab2b4f33953cc4ee51745dfdb60a720cac566a23f05508232b4ba912500ada0b91b8f69199a24ef182674bd7c9a725d66026fa

Download Submit
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof

Filesize
1KB

MD5
fa8abc3e7177b62bb44f9ed8f9f241b6

SHA1
fa4f7763f7dc6a5443fc435a2d9047b329998fcf

SHA256
20dbc1324e8d83e0b0957de633e457b5ab75fb31b61466b78dc176e1fcf500d3

SHA512
af39a7223e061e1777350e4ff79fc710774c5d6eac41c87c6c316a082068564eeb9e6a517f109fd851b18468f89725077f8d5644965473047a42eee512b2b70a

Download Submit
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof

Filesize
2KB

MD5
da016a8579aa73f0f585ccd9d37d82b0

SHA1
6a5da09055d77ba6f0da0e2fecd963781d266108

SHA256
84b0ab13b2c97b6f51d1215f8ea7fe6056879f35f8ae381fa076385f5df9c389

SHA512
12d54ea01888cacb470c7e9c945f1640496feb8a9e0268a9b4e6e1b3848e805d7b3c6f023b45e20fab04a6642e485639f7b52e7b70bba614393e9b17932491f5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads