d709cab8285cfd269834784b73909ca4f2422d1b5d3fcdfd65be4ece43b85eb7

Analysis

max time kernel
164s
max time network
172s
platform
android_x64
resource
android-x64-arm64-20240611.1-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
submitted
11-06-2024 22:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

44cb9a9fe1ec9eb0ad20b2bbd6c4081d5c72f4bcad038077cecb4a1d13de46a6.apk
Size

2.9MB
MD5

7bf7be6fe91a26626818b7a00c7b25e4
SHA1

537f5248e5c2670ea9f16c42ece3c044fcf1eeee
SHA256

44cb9a9fe1ec9eb0ad20b2bbd6c4081d5c72f4bcad038077cecb4a1d13de46a6
SHA512

96654fce8604d535a62707fe5ee8a68184bd708e0bcffbd8727d7fe95052cefb3904040669c3ea0dcee1b33c5c38bf58734f2e8f7c34003cbc028329a305cce4
SSDEEP

49152:7SoctcwrcGCxGgAyseVnN4zN41jxpSb5c7rS217Z2V+H82szeTuGHfY:7SYwrcGCxGgAys2Gzu1jx4F+S217sV9Z

Score

8^/10

collection credential_access evasion execution persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4633	com.quitimias.du

Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.quitimias.du
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.quitimias.du

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.quitimias.du

Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs

Application may abuse the accessibility service to prevent their removal.

evasion

Prevent Application Removal

T1629.001

ioc	Process
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.quitimias.du
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.quitimias.du
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.quitimias.du
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.quitimias.du

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.quitimias.du

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.quitimias.du:remote

com.quitimias.du
1⤵
- Removes its main activity from the application launcher
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Performs UI accessibility actions on behalf of the user
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4633

com.quitimias.du:remote
1⤵
- Schedules tasks to execute at a specified time
PID:4996

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

User Evasion

T1628.002

Impair Defenses

T1629

Prevent Application Removal

T1629.001

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/Config/sys/apps/log/log-2024-06-11.txt

Filesize
33B

MD5
97726f39254c46d2399bd7a87c49d0d3

SHA1
8beead1f06362d9afc6af181fb182e613ccd3320

SHA256
7a2e48f362b9c3d378eb0217295f068678bff1c484616f0f839c6b0bb2c5ce96

SHA512
6577f1d13d54935edd9125adc34729bc0534bad7d4f237e8039c068776739822a57207dfb48d34ec7775ea7551dde52b7e341fc83496f06572b80e8ec358fe25

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-06-11.txt

Filesize
57B

MD5
a9ec0c42a43c72d73c499e5c17ccbb8b

SHA1
731652fbfe61eac3fdb4b9d3e2eaa010848a0906

SHA256
6c5309ce3f31c9af3288b0de3305b7f5ddee97be60ca4ac1184f3c334480c05b

SHA512
5f8ed24a51f68cfa0627aceb9190d3a7febaee61bd5a89898ab113ddaa7ce2a41f129a28c4e200d5e5e4ddff7a483abc0393dc38e870782caf1c46d2ec0df2e3

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-06-11.txt

Filesize
33B

MD5
e3ea408d14b19a8815f5bac388c6bcf6

SHA1
a3b4f028e48b7113948b9b118eb4d249bd6d16cb

SHA256
d0526c544f259f717ffd99a1a82a5862a00b62dac19055d7513da0ef4e1250ed

SHA512
03658b1a58a60db3583ceac8f407358ec675a241381d5f8657eb1feaa831f66bdbd3d91ab27b4ebe90015e84f1dfc1208e3649e41089db1268c0679c47e0de81

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-06-11.txt

Filesize
33B

MD5
66c7fc64ffa6f9740ec3443030599908

SHA1
bab5a156ffd98826508a7cbee80b9e2327ac3cc3

SHA256
ef69cda5a95b35424195ac9d1a8dd2aec4b23daf1744b35152151735abcfa25c

SHA512
2b2d615317e0d88c201787f02aa45fd5d9848b76d3a309aecbb4a699ca739bb315f8ebdce41049cdc5456c2b2830a170bf35b5cef0f9de10bc94634590f4fcd4

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-06-11.txt

Filesize
288B

MD5
4647dec35e0a2705c51c74f627cf263e

SHA1
8796d30e2fe08fbfcc6a1dbd39e0cf940976931b

SHA256
cdb169f2180bed42efe6e7620adba448aac71774dcd6e20d955025eb87a576bf

SHA512
010f8e4b36b59aa501765db08b66030583a8cca2670caff99afa5dcd61d37451e5a84588d4d1926d21ebd9774eb9fcb4a22b284f8faadff497b26df3a33f2c71

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads