Analysis
-
max time kernel
126s -
max time network
132s -
platform
android_x64 -
resource
android-x64-arm64-20240611.1-en -
resource tags
-
submitted
12-06-2024 18:34
General
-
Target
c8d2cffb47a1aa721c419a20695e9ba16c2ff90432a72ab1e919116ce97910d7.apk
-
Size
3.9MB
-
MD5
cb0a97c95ae81f00f2a155206e3550d3
-
SHA1
2ceb8f33eb3317247b7ab95b0b1f6e319ec655c5
-
SHA256
c8d2cffb47a1aa721c419a20695e9ba16c2ff90432a72ab1e919116ce97910d7
-
SHA512
62add5d7c83789fb71f259f62fd1d82869ba3d145a59842423db2384ee9a6e3f9fe58bd996311c39a7e55f2fdc625d001675f2554416f1755f8c7fe61f573f0e
-
SSDEEP
98304:urHJdmLopC7o/4vUxYwf4a2e2E6RAWTspV3jI2cEDVzHhsm33wS:uryLop/4vUNga2e2ZRolVsMwS
Score
7/10
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Acquires the wake lock 1 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs
Application may abuse the accessibility service to prevent their removal.
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes
-
com.astrand.idite1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
- Uses Crypto APIs (Might try to encrypt user data)