0d357e38e54490c3052bf643cf6c0d4afe7fb677f8497a9aec01e65b1c9f1f92

Analysis

max time kernel
171s
max time network
158s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
29/05/2024, 22:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0d357e38e54490c3052bf643cf6c0d4afe7fb677f8497a9aec01e65b1c9f1f92.apk
Size

1.7MB
MD5

ccf3f9b082a9410fab72cadc135cbea0
SHA1

5c017b01e7531dda57ff312b3e37cd1e34277e41
SHA256

0d357e38e54490c3052bf643cf6c0d4afe7fb677f8497a9aec01e65b1c9f1f92
SHA512

8768d2435a59fbf8ef9913fcad4242d2cf029d775c967b28392a5873ca5f29fe1bfb6932d9184192efb213a2ae3373ec0cbba26833a4e3b1e58521e9251ed3bd
SSDEEP

49152:LY1GPQ7SdTbUU4mQN2WGHbyQLHZeu9llg+HG8Tu9f:TPQ7SdTbGm5WU+QLH59zJpE

Score

8^/10

collection credential_access evasion

Malware Config

Signatures

Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	org.zzzz.aaa
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	org.zzzz.aaa

org.zzzz.aaa
1⤵
- Makes use of the framework's Accessibility service
PID:4303

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/org.zzzz.aaa/files/profileInstalled

Filesize
24B

MD5
2558dc784bcb51bbbb6e4dadece89a07

SHA1
7938f521443532576ebb75409ac7cc8404f5fbda

SHA256
0174214d7aa72e9ff2323c446ecb159d544bca48e74096b3cb0e6098644ccc32

SHA512
64fad91ab657bd2aa56f7df6c32b50977b3569e9b780597de189310ab3705109b3597a98c5a9dddfc6316877dd0d33b14e01f4275c31bcce2634b2c81ee8570f

Download Submit
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
7a07da095e12489cd7f645b71223e69f

SHA1
f61d0784ca36bb2c1aa8301019a3fa9d0f00844e

SHA256
81fe75e67e7f6afe67e6cb936e7d6d12bd544a25953900abfbefe370b6872b74

SHA512
152e1d61a30c49fd4d23afd756d18bf4160909f890700df604ba60bbcdce8cac00ed432b46ff07f8cc4cea73ec2786b49d098b36d0c96d51e5d2ebb7f287eba5

Download Submit
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof

Filesize
1KB

MD5
99a297d22db5c87ecb3531637037dbd3

SHA1
33746b7950231d12808aefd7971c7a7bb16470bf

SHA256
b575cf44db3d145e6c5be2e7bb827ea859187c54e5e8e4f748c6c15f560ad9ac

SHA512
1ff2b92d1aa6a445715385004e84cbe420833e8c7701fd195af27d183f5d69509c3fd3a4341dcf66c07759ec6b9817be8bbe788b7dff81f7f77fd6c432a3b633

Download Submit
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof

Filesize
2KB

MD5
8c08e2c16862d52bf606997166731af8

SHA1
2876a701d83402492e901eb2c716b642454c7fd7

SHA256
b00ae1943d69a26a614701ea7a0f3782facf8084e4feb04886ec1d514330e891

SHA512
81ce4773b3987d6ea5de2be4ff15ed28b0921948ff1ace6a2e3bbc51b73b518f246ab4925fdcf5920d42aa3b1b1e844af055246dda424d2164a99a8e81c4109c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads