0d357e38e54490c3052bf643cf6c0d4afe7fb677f8497a9aec01e65b1c9f1f92

Analysis

max time kernel
170s
max time network
131s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
29-05-2024 22:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0d357e38e54490c3052bf643cf6c0d4afe7fb677f8497a9aec01e65b1c9f1f92.apk
Size

1.7MB
MD5

ccf3f9b082a9410fab72cadc135cbea0
SHA1

5c017b01e7531dda57ff312b3e37cd1e34277e41
SHA256

0d357e38e54490c3052bf643cf6c0d4afe7fb677f8497a9aec01e65b1c9f1f92
SHA512

8768d2435a59fbf8ef9913fcad4242d2cf029d775c967b28392a5873ca5f29fe1bfb6932d9184192efb213a2ae3373ec0cbba26833a4e3b1e58521e9251ed3bd
SSDEEP

49152:LY1GPQ7SdTbUU4mQN2WGHbyQLHZeu9llg+HG8Tu9f:TPQ7SdTbGm5WU+QLH59zJpE

Score

8^/10

collection credential_access evasion

Malware Config

Signatures

Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	org.zzzz.aaa
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	org.zzzz.aaa

org.zzzz.aaa
1⤵
- Makes use of the framework's Accessibility service
PID:5162

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/org.zzzz.aaa/files/profileInstalled

Filesize
24B

MD5
89b5ae5b99a867573602ac6b72481d9a

SHA1
26cc506cb4ee52a041f6b3ab014a49992d0282de

SHA256
b161311451ec02228dd714711ac04739d870ee4f30f36ceda16e9895f1e92e5a

SHA512
9dc5da09e6881b9c7e3610c2621fc0006a23c1e5a0031d9b21b13074d4476c31fd2c7aa38b952935055dd3dbca582498d6facd3c478f73d427613b4d2e4f5883

Download Submit
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
75fd592ee6ccaeedfb24abaa932d83fc

SHA1
16576222d307967c35682e6e7bbcd13486182c9d

SHA256
5c5f4afd166ca256819b0f36e392f4870a44d4305e471a0d752ecd68d1f41323

SHA512
5124657ae6f0fc02c834479edec62ae4519a6e89954877db74dbb7fd7ea07188e8778798c63f6fe8718cebb19e48dea875aee6a652688ae30f5fb52c7cf517cd

Download Submit
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof

Filesize
1KB

MD5
99a297d22db5c87ecb3531637037dbd3

SHA1
33746b7950231d12808aefd7971c7a7bb16470bf

SHA256
b575cf44db3d145e6c5be2e7bb827ea859187c54e5e8e4f748c6c15f560ad9ac

SHA512
1ff2b92d1aa6a445715385004e84cbe420833e8c7701fd195af27d183f5d69509c3fd3a4341dcf66c07759ec6b9817be8bbe788b7dff81f7f77fd6c432a3b633

Download Submit
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof

Filesize
2KB

MD5
dad3a2c22b3defc0f8a642f726e3f1a4

SHA1
d40224425efcad348cf6ae67b2aafa6cf87d884e

SHA256
0c7d64886db6ac6baaf76a094d529c2241a537f3e462c3809627c37730bba1a8

SHA512
8ef632b95446bcc6e7e25b315223bbfec8eaf22522ae29d437af697fa6f05cdf77c0ddf17fe9bb69d5a393382ce04422de1fb2f5799ffe0f9cb7643142ca7b74

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads