Overview

overview

8

Static

static

6

44cb9a9fe1...a6.apk

android-9-x86

8

44cb9a9fe1...a6.apk

android-10-x64

8

44cb9a9fe1...a6.apk

android-11-x64

8

Analysis

  • max time kernel
    179s
  • max time network
    172s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    11/06/2024, 22:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    44cb9a9fe1ec9eb0ad20b2bbd6c4081d5c72f4bcad038077cecb4a1d13de46a6.apk

  • Size

    2.9MB

  • MD5

    7bf7be6fe91a26626818b7a00c7b25e4

  • SHA1

    537f5248e5c2670ea9f16c42ece3c044fcf1eeee

  • SHA256

    44cb9a9fe1ec9eb0ad20b2bbd6c4081d5c72f4bcad038077cecb4a1d13de46a6

  • SHA512

    96654fce8604d535a62707fe5ee8a68184bd708e0bcffbd8727d7fe95052cefb3904040669c3ea0dcee1b33c5c38bf58734f2e8f7c34003cbc028329a305cce4

  • SSDEEP

    49152:7SoctcwrcGCxGgAyseVnN4zN41jxpSb5c7rS217Z2V+H82szeTuGHfY:7SYwrcGCxGgAys2Gzu1jx4F+S217sV9Z

Score
8/10
collectioncredential_accessevasionexecutionpersistencestealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Acquires the wake lock 1 IoCs
  • Performs UI accessibility actions on behalf of the user 1 TTPs 36 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • com.quitimias.du
    1⤵
    • Removes its main activity from the application launcher
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Performs UI accessibility actions on behalf of the user
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4329
  • com.quitimias.du:remote
    1⤵
    • Schedules tasks to execute at a specified time
    PID:4507

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/Config/sys/apps/log/log-2024-06-11.txt
    Filesize

    33B

    MD5

    97726f39254c46d2399bd7a87c49d0d3

    SHA1

    8beead1f06362d9afc6af181fb182e613ccd3320

    SHA256

    7a2e48f362b9c3d378eb0217295f068678bff1c484616f0f839c6b0bb2c5ce96

    SHA512

    6577f1d13d54935edd9125adc34729bc0534bad7d4f237e8039c068776739822a57207dfb48d34ec7775ea7551dde52b7e341fc83496f06572b80e8ec358fe25

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-06-11.txt
    Filesize

    57B

    MD5

    a9ec0c42a43c72d73c499e5c17ccbb8b

    SHA1

    731652fbfe61eac3fdb4b9d3e2eaa010848a0906

    SHA256

    6c5309ce3f31c9af3288b0de3305b7f5ddee97be60ca4ac1184f3c334480c05b

    SHA512

    5f8ed24a51f68cfa0627aceb9190d3a7febaee61bd5a89898ab113ddaa7ce2a41f129a28c4e200d5e5e4ddff7a483abc0393dc38e870782caf1c46d2ec0df2e3

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-06-11.txt
    Filesize

    33B

    MD5

    e3ea408d14b19a8815f5bac388c6bcf6

    SHA1

    a3b4f028e48b7113948b9b118eb4d249bd6d16cb

    SHA256

    d0526c544f259f717ffd99a1a82a5862a00b62dac19055d7513da0ef4e1250ed

    SHA512

    03658b1a58a60db3583ceac8f407358ec675a241381d5f8657eb1feaa831f66bdbd3d91ab27b4ebe90015e84f1dfc1208e3649e41089db1268c0679c47e0de81

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-06-11.txt
    Filesize

    33B

    MD5

    365f074d64faad2f0f0c7784608e5b57

    SHA1

    2105b80d01621cbd370bec93f73709a7b67d565b

    SHA256

    0c4662ed55fc03738e7903864ed0249c921b8f2d858531577eebd53501237cc4

    SHA512

    d29b5c16d10a78b386ba1f4882f7e80bc6d41887671abe6a36c746b015ea280d4a26f3d2af323b4ad755c256e5851a5b95d0bda8882c6c0a2c125bc748fab47a

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-06-11.txt
    Filesize

    288B

    MD5

    0d32564eed92b5d2d5afe0e00a83ddb4

    SHA1

    9935759a55b4cc4546d1f7bf038e718d77c550d1

    SHA256

    0dcae3753b4c3b57c5ddbc479440cf109cff63a1aa0778df5107cbcaa5373014

    SHA512

    7e4245688e37712f5cc224364af4cbb1dd5519c8b13d9ca534b07d75f44ae513b9917f20fc9f657eaaa68d2078e6b6a2528ff8a7051c80dd1159fb9a052df026

    Download Submit