Analysis
-
max time kernel
139s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
15-06-2024 00:57
Static task
static1
Behavioral task
behavioral1
Sample
06b9badf985e9821ce5114988cfcbe93a45fea188176df56dbd6e5621b047e0a.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
06b9badf985e9821ce5114988cfcbe93a45fea188176df56dbd6e5621b047e0a.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral3
Sample
06b9badf985e9821ce5114988cfcbe93a45fea188176df56dbd6e5621b047e0a.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
06b9badf985e9821ce5114988cfcbe93a45fea188176df56dbd6e5621b047e0a.apk
-
Size
346KB
-
MD5
90e12f993233c56ec503ea7284c7301f
-
SHA1
3e19d6940044787e350d0cf18e93502268502add
-
SHA256
06b9badf985e9821ce5114988cfcbe93a45fea188176df56dbd6e5621b047e0a
-
SHA512
9eb07d2e43e742f597b23a690d6e2290015aae9d76dfd367f7df591c7078f2ce5a18460f35013e7cb2769306dc00820bf85d9494b3b9e42577808342fa27a2ba
-
SSDEEP
6144:NlA+RxF8pRVv6O2MeUM9G6sWgjEjd1pIl8isUVfvZ9hWmVlTb9x6Wa16pd:NlJCpDv6OhiGlhjEjdUlL94mzMkd
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Acquires the wake lock 1 IoCs
Processes:
com.ru.runnerdescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.ru.runner -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
com.ru.runnerdescription ioc process Framework service call android.app.IActivityManager.setServiceForeground com.ru.runner -
Requests enabling of the accessibility settings. 1 IoCs
Processes:
com.ru.runnerdescription ioc process Intent action android.settings.ACCESSIBILITY_SETTINGS com.ru.runner -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.ru.runnerdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.ru.runner
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.ru.runner/files/profileInstalledFilesize
24B
MD5a4ddf7509a0166b422d32671bc11cc15
SHA10a7c972960ffb28c4f2ee6149a4819907bcb7328
SHA256749faaf38beab1dde144045d2ff4dbe963b3f762beda232af869495598072055
SHA512b320d759ea4a1fccf92df4f1c4dc9f89e1d0a71f03e302fe0515478961fb154dda691f67a84463cd44a6ab5f6290d995f8d056ef130187c97584e343ee1ae2d0
-
/data/data/com.ru.runner/files/profileinstaller_profileWrittenFor_lastUpdateTime.datFilesize
8B
MD54eacd18f518fee33aec5694102e6540a
SHA1b05b4f0e1ab2c04111fbd1f771f0b2e12ae68d68
SHA256d332717e686e8474832845f7624b82b1bb3f144155b40228927c47dc0b3b489f
SHA512e7da07cedaa869364a34f779e627973cde99638693a212152f8ba074d3e6702224979b20ef8993a6f7d4693c5b05b749ac7d1def273546f6744365af9cc219d8
-
/data/misc/profiles/cur/0/com.ru.runner/primary.profFilesize
554B
MD5ced7e74db59a983df5d5bf22b716f99e
SHA14c5d13ed949fd7194f5677fd1e6eebd7c7d52fef
SHA25620c7bb2b045ad36e90fe474ac9dfb6d5a0f0f3e66ed02cc307ad3267ac19166e
SHA5127376c87a925cfc11ced033a74983237344df6c2df2697bbf9da0ba082b873058c591e16a540f74891439899905bf39a3256de91056d9c32f612a895dcada022e
-
/data/misc/profiles/cur/0/com.ru.runner/primary.profFilesize
881B
MD5359b586caf024bdee486f7a459b4984d
SHA17867b32df6065eca0c88084c4aea26f4736fb529
SHA256b2aec30f4c093ffc2418ae70bc7c82bd0bc098396f241d07b01d0f52f03bbbb4
SHA512569e350c2be2f5b9c335b68a53794b83088b4ee788e813f4ae1b19c5ff8ae51c8e0acf1dec98c7072bf065166893213eae21156c26bd63cda35cdac8a2c76a7f