c9cb6aed96a305b26e0be1d800c90b8e5a25154b9a644603cb1eab0435b96d7f

Analysis

max time kernel
12s
max time network
159s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
12/06/2024, 13:49

Target

c9cb6aed96a305b26e0be1d800c90b8e5a25154b9a644603cb1eab0435b96d7f.apk
Size

2.2MB
MD5

52af1ce67129d044c657270852879bc2
SHA1

35b77022da38c85f814de040bdb0efa304cae47f
SHA256

c9cb6aed96a305b26e0be1d800c90b8e5a25154b9a644603cb1eab0435b96d7f
SHA512

74359e65f0ceeb601128fce0b6e5a6832818e6d552553c420df9b061b38290d19e3eff910e8e452bde29f7c4c79b509f1341cff8382e6ab4d71237752e2f42ec
SSDEEP

49152:YizFbatumoYL3QYtECH/KOksG+Cv851MTvcDIg8OzfrhGE7:YizAhoYL3QYtECHfn8voOWzfrhGE7

Score

7^/10

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

Input Injection

Screen Capture

Keylogging

GUI Input Capture

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.perl.gql

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Broadcast Receivers

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.perl.gql

com.perl.gql
1⤵
- Makes use of the framework's Accessibility service
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4314