Analysis
-
max time kernel
163s -
max time network
134s -
platform
android_x64 -
resource
android-x64-arm64-20240611.1-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system -
submitted
14-06-2024 23:49
Static task
static1
Behavioral task
behavioral1
Sample
f425f0797379cf627c28da00b54e981d61f6b58e638c872bdcd19914f58144f2.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
f425f0797379cf627c28da00b54e981d61f6b58e638c872bdcd19914f58144f2.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral3
Sample
f425f0797379cf627c28da00b54e981d61f6b58e638c872bdcd19914f58144f2.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
f425f0797379cf627c28da00b54e981d61f6b58e638c872bdcd19914f58144f2.apk
-
Size
1.7MB
-
MD5
94e7a194c2e4f64cc1a137292200e387
-
SHA1
3fdd153cff45e7daffe4a1d022948d68ea3bc661
-
SHA256
f425f0797379cf627c28da00b54e981d61f6b58e638c872bdcd19914f58144f2
-
SHA512
409462a773907b9008c173f00c196aa6e14db84dcc78c9fa541855d302e963349fd18df840961c793988424dfe78acabd716ce45f6c86bcc33bff90b96d1ffae
-
SSDEEP
24576:1Y1hdoMIHGBaMgphYpe3gJzaZ6f9DXzbkLn07evIzjH0RorNEBs8U7aNOG:1Y1huGBFgphakQRbT7evKbytx
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
Processes:
org.zzzz.aaadescription ioc process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId org.zzzz.aaa Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText org.zzzz.aaa
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.datFilesize
8B
MD52be24ac0166bc5d1d4b99b2cb72e5f97
SHA128525ae664dbd33a11f518cad3311421cf3f9ae2
SHA256b46a1a73f2d4e482d4825d31bde68d6385cf8164eca2a59a58caa79880111933
SHA51205608020da6f43f3538d95294ae9abff62b10f2c3d22733eed5c3317942a1f68df2293065a13d1c6a3708575254eff53b10490508c540f96bbee51c4d9f784bf
-
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.profFilesize
1KB
MD5e019191dbadb50b27cb053e64dc32f44
SHA11719052d22f642fcb09e1925b604e7068084d653
SHA2561356dcf2407df2b3183cb9e8b54d277bc4c690d0838f8724b28aee5b68b47ae6
SHA512f9172c1ea3b4875c93ba62c3cefc0220a4deeebfc4435f02913c8a5a92ffacd681242f22b40663532de43d6b7aa3a225d8af8935c57a1d23aff0160d9c792aaa
-
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.profFilesize
2KB
MD54bdcfaf79bf1508cde7d00409d0d81f2
SHA111b2b470ae943085a063a4e0e6e7f28fe5641624
SHA256b7f813e6c3a45366d149a1e70b263f44d68830819986e7db618066982768aaa6
SHA51201225ef8f0460d340ddd7732dcac1bff63ee2d311e27ab695a625e7c8077ec654c094658a89a9f15453313f5896005730a42587c88133b18bc4149ab3c76516c