Overview

overview

10

Static

static

10

594d6694bf...7d.apk

android-9-x86

8

594d6694bf...7d.apk

android-10-x64

7

594d6694bf...7d.apk

android-11-x64

8

Analysis

  • max time kernel
    125s
  • max time network
    133s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240514-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
  • submitted
    01-06-2024 22:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    594d6694bf83657b974cc4ac6c6fbec14c84680f343d7547f000423dbd5f957d.apk

  • Size

    3.7MB

  • MD5

    f8540764ac58575f150cc992ad241a5d

  • SHA1

    eccc50efe5dd4d494b572433a39efa08d8092482

  • SHA256

    594d6694bf83657b974cc4ac6c6fbec14c84680f343d7547f000423dbd5f957d

  • SHA512

    1ac4e29275a3aa70990c26973333e36b5d62b22ca854642fc8295a36f8a9f0e8dcc0cb9ae372f0c49c3b715516af4eefc0bbba87d9bbb22ba59f72f2e0f8f2a9

  • SSDEEP

    98304:ry/wVk+PJgvJQ4boVqLcIJVryNaalQ1szWsUxJ:ry/8YU2PryrJKsUT

Score
8/10
collectioncredential_accessevasionimpactpersistence

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Acquires the wake lock 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.backstay.miscommunicate
    1⤵
    • Makes use of the framework's Accessibility service
    • Makes use of the framework's foreground persistence service
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4640

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads