7595b511485ac2b6eb4091a17cb0ddb9c4a0a1327d9e4195b25a0c0fe2fe941a

Analysis

max time kernel
129s
max time network
154s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
30/05/2024, 22:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7595b511485ac2b6eb4091a17cb0ddb9c4a0a1327d9e4195b25a0c0fe2fe941a.apk
Size

1.7MB
MD5

390763c8f408de32d79e5bac0f7a3d2b
SHA1

f9054b3e90583ac53e7ec346dbfb9ecf88d8e5cc
SHA256

7595b511485ac2b6eb4091a17cb0ddb9c4a0a1327d9e4195b25a0c0fe2fe941a
SHA512

60a656a046ac889cdf4c630774841e5ab51ae432b7205afb1ec15e2c926b9804fdd5acbad53eb8454181d30778d98d02b50db8865d5eb37980cd33516a5d2268
SSDEEP

24576:PTY1iE434eDetkJ1LVySGwrDXVIdn0qEYE8VOnjzF771G0uzX5t5qZv81r+EgS:PTY1i5skJ144/qEYEwCfuDJ1N

Score

8^/10

collection credential_access evasion

Malware Config

Signatures

Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	org.zzzz.aaa
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	org.zzzz.aaa

org.zzzz.aaa
1⤵
- Makes use of the framework's Accessibility service
PID:5144

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/org.zzzz.aaa/files/profileInstalled

Filesize
24B

MD5
ead504a754c9453bb04fcda756106581

SHA1
f92a123366c27a69009b41f5af0dca61345a03f4

SHA256
49ebc526365fd2bc3cab90b0cbb9a733f5891465248756362b4139b8501619ae

SHA512
32f20b44e66708d52ed4df85fd8efa36b220102aa242a2e0e0c7accf046a82fc360f2b3920924e1e410fc1c9abd538dd5dc8a5fdff9466e5551dcad6539946dd

Download Submit
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
0f6bc112e7978c902ce3be65e505714b

SHA1
7adc36d6daa68a039e7961da4675b68aa5947573

SHA256
bce4c35c45f11f1bf4599e9aac0ded68300c99fb885642442615d91bfb51ac2d

SHA512
67f94c83822e49c709da97886acdb46be9f8b6990b53dade8ce1fc2bacbe65371d1ae7a826a42d61527e6f1d207ff547ca00d7dac38f6d1eb6280d9210a9c65d

Download Submit
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof

Filesize
1KB

MD5
5094b01be596982704b2a6e0caca8e14

SHA1
04340638fabdd1bccbcbbbc79d63425fbd9d24fb

SHA256
c0b92b907c16a8cefe4c1e3ede1077177336151f04c7d7397459a4ab7873afb3

SHA512
0726d59e672cdba2aeff3b77110125acc2a6f79b4b1f7dc3eb8be849be7baa7757b62d1b3899305ae0ec3460aac63427a5e080f134e6ff4136cb7e55deb2618d

Download Submit
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof

Filesize
2KB

MD5
ae11a1bedad851946910b4d719a4635c

SHA1
6c3043c74b28490f857e1e7b2f13c77d52c33c18

SHA256
9bdfad65a7692f2ccc1f423234e289b0c987e39a097676ccb4270a46a950d332

SHA512
6332fcd8547b70a2aa61d0a14e015723642bd09f0fce140d2c0b37ee424bf842d378d20d3919395765ae31d07e4a1b2c6565f94d4d112582fefad8e3192956c6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads