3370a9a0698351f2c8ea48ee9b38afdc2c345630e1b7467722a83a5429f3d8e4

Analysis

max time kernel
123s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
12/06/2024, 23:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3370a9a0698351f2c8ea48ee9b38afdc2c345630e1b7467722a83a5429f3d8e4.apk
Size

1.7MB
MD5

ec3eacc139d97ae164c3a11b6aa14bdb
SHA1

fbd24508a3c7a90ec67d28dfa63c6a57b57b437a
SHA256

3370a9a0698351f2c8ea48ee9b38afdc2c345630e1b7467722a83a5429f3d8e4
SHA512

86fb48e9a132ac89857481a01bff798db48a71d81251f56c0ee5b0991538f5817d3ccd95a5819340f9eb7495920f614bc745d184238f24846fb26f6aab3a70a4
SSDEEP

24576:SY1Fj7Qfiy99qzb5YWB5oA4H77hUBTeml2XyMlvjD4shFMrqpFzl5/tTPzM:SY1F4aymf58A4b14l2CSPVjt8

Score

7^/10

collection credential_access evasion

Malware Config

Signatures

Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	org.zzzz.aaa
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	org.zzzz.aaa

org.zzzz.aaa
1⤵
- Makes use of the framework's Accessibility service
PID:4261

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/org.zzzz.aaa/files/profileInstalled

Filesize
24B

MD5
bfd4c61b3fc2200babcd6242071ab5f2

SHA1
98c06a7e07285c8a82974369cc581935b5c3dd0f

SHA256
439f12c437f6f886ae01836b05c520a1ad0c238eaaf28a39bbc7bc902553a14f

SHA512
88c1b776acaa85220ecc9f1bb1e4d306b470e6a7371ab85beb84b92e2e6a461ae4a4fb8c1bff6eac0f9081b510786a3de3c6d523ac79fa7e711bd4e9ad2d137d

Download Submit
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
288b1db85b7c89447264d6b2bc63a12d

SHA1
81e3d63401bf24249ef0fe536ca76a315e7e5805

SHA256
a1e296d03c55efae9c296db25d41ad880768a55472592046eeb806755acb8b70

SHA512
bf6334ea376ec9b9df2688814e3b5e800e4781ae897df58e9d0156f44704ad75a1dd301bd7ac45167cce96cf0f67196c593bf7d2ebf0d4fcc54c473f43bde553

Download Submit
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof

Filesize
1KB

MD5
13886777e2f6f06cf020057c5292e5f5

SHA1
4035483be43cb6caec72090c07801fa1438c35af

SHA256
8aba0b2ee752bb06b57ab937849145fe20401a400e60ed17a78eee8740e77fb2

SHA512
0715868bd05ba4971fc5d943ce4ce7ebfb26ef1769fbc64f727b1c089f3cc24732a4e95bedbf7177b9a57894d61c2885259c42a382d7c5029b4d9993018bec46

Download Submit
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof

Filesize
2KB

MD5
0f3004913ab97595255f2bc2318813b6

SHA1
0bb2e07647950d5645fc2e6fd3a6e330793aea50

SHA256
9311f8fb4d1ab805969576a182c084caf2807a7cc53adf38ab3f2b5ee143d267

SHA512
df7d3acaffd72aacf0057760a86a5955a0d70b77d5981186d7a150fd8194a442a57742e6e55fca8913fcd4e119c1f51edbf3105807dbfd0a1b52e730b36777da

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads