a5a4a99e1a99645a9b77ca72176bc2fbbffa9e67e862af350f8c9341122f07a2

Analysis

max time kernel
154s
max time network
161s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
29/05/2024, 22:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a5a4a99e1a99645a9b77ca72176bc2fbbffa9e67e862af350f8c9341122f07a2.apk
Size

2.1MB
MD5

52070642fc6153704d70477fa8e100c7
SHA1

1995709c41dfcf973ee6db6531e5ef9337311439
SHA256

a5a4a99e1a99645a9b77ca72176bc2fbbffa9e67e862af350f8c9341122f07a2
SHA512

1373212856c6e37e856f669b39844a7f7fa86ce74af5bd107907bd0e9f7fa188a07b5e95f7d3bbaf114b306a214ff2f5627e0cd4a961f1b1ebc6374c12144ad1
SSDEEP

24576:crqnFClMQMiD9wCHF8ARGbbbFq/QFNyWDCb/K/jZIofOJDR+pgdHS9z8t/iNjHrt:cuFClMQx981b9qOyAa/K/t2DJm

Score

8^/10

collection credential_access evasion

Malware Config

Signatures

Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	org.zzzz.aaa
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	org.zzzz.aaa

org.zzzz.aaa
1⤵
- Makes use of the framework's Accessibility service
PID:4649

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
494a559827eb70a99f3234e6177da523

SHA1
0e85759b206b2e06a2dbf9fbceaf1c469f76f85b

SHA256
7752f56243b25165b5750ec01492576e16adc18012027de82148d7444fa78631

SHA512
c636a6f015f36f780f83afcf40a3897bde94d130ec45c12c36aac2c29d3222f614d3bbee68dd5fb54758a6dc2a9e8322a42ee0932d2c7ac3020f46eeb84c8af4

Download Submit
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof

Filesize
1KB

MD5
fa8abc3e7177b62bb44f9ed8f9f241b6

SHA1
fa4f7763f7dc6a5443fc435a2d9047b329998fcf

SHA256
20dbc1324e8d83e0b0957de633e457b5ab75fb31b61466b78dc176e1fcf500d3

SHA512
af39a7223e061e1777350e4ff79fc710774c5d6eac41c87c6c316a082068564eeb9e6a517f109fd851b18468f89725077f8d5644965473047a42eee512b2b70a

Download Submit
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof

Filesize
2KB

MD5
611ab44ffaddb8044a4283634494b78a

SHA1
d299d19372ceb2f7936f392d083d0b02b4710a84

SHA256
dea8c8636b2c1d0b1016f971ac6eded429e7b1363ce62364892b8879ab257a79

SHA512
fbf3b34568409eb2aef8e1473b351de6d08e171a89bb7ea479702e3b4b2e10b61dfdb959c861ba5b825ab46d742eca10dd0edeabfa404bdbcf8ee72803a0e669

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads