Analysis
-
max time kernel
138s -
max time network
149s -
platform
android_x64 -
resource
android-x64-20240611.1-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system -
submitted
15-06-2024 00:57
Static task
static1
Behavioral task
behavioral1
Sample
06b9badf985e9821ce5114988cfcbe93a45fea188176df56dbd6e5621b047e0a.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
06b9badf985e9821ce5114988cfcbe93a45fea188176df56dbd6e5621b047e0a.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral3
Sample
06b9badf985e9821ce5114988cfcbe93a45fea188176df56dbd6e5621b047e0a.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
06b9badf985e9821ce5114988cfcbe93a45fea188176df56dbd6e5621b047e0a.apk
-
Size
346KB
-
MD5
90e12f993233c56ec503ea7284c7301f
-
SHA1
3e19d6940044787e350d0cf18e93502268502add
-
SHA256
06b9badf985e9821ce5114988cfcbe93a45fea188176df56dbd6e5621b047e0a
-
SHA512
9eb07d2e43e742f597b23a690d6e2290015aae9d76dfd367f7df591c7078f2ce5a18460f35013e7cb2769306dc00820bf85d9494b3b9e42577808342fa27a2ba
-
SSDEEP
6144:NlA+RxF8pRVv6O2MeUM9G6sWgjEjd1pIl8isUVfvZ9hWmVlTb9x6Wa16pd:NlJCpDv6OhiGlhjEjdUlL94mzMkd
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Acquires the wake lock 1 IoCs
Processes:
com.ru.runnerdescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.ru.runner -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
com.ru.runnerdescription ioc process Framework service call android.app.IActivityManager.setServiceForeground com.ru.runner -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.ru.runnerdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.ru.runner
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.ru.runner/files/profileInstalledFilesize
24B
MD527bf392bbd004de736948d1985ea77cf
SHA180f7fa994933f838fc19b9ba286c706214ac90e7
SHA256e70740f92bbb45f7561d9bea7a9f8be42241f39b66af08f38c29d35bac9d842c
SHA5125778db56d45c17605016e698c868eccd97b9a548853163c429e6a4c7adb86003a6b5b40941b2047f2979274a8a9cf203c448a442140bc6d04a3f605adc23c9a5
-
/data/data/com.ru.runner/files/profileinstaller_profileWrittenFor_lastUpdateTime.datFilesize
8B
MD50e5b14879e4ac50b163a7cc419e32666
SHA13ab9280e4031d4ddb8d8ecf65cfe9f989b3a819b
SHA25608656936801a5e32dd8e2b7e148101610d92a6042f5fe2a9b8615bee23efb85d
SHA512111242fd98eb2c4f3bcdc1e16158cc4ea8c22b61039a04590fa2a8eb30d0f67684fcec34055f4f583d714f92d8167a5d7e788f8073f0deb5f90e4c5b648e90b7
-
/data/misc/profiles/cur/0/com.ru.runner/primary.profFilesize
554B
MD5ced7e74db59a983df5d5bf22b716f99e
SHA14c5d13ed949fd7194f5677fd1e6eebd7c7d52fef
SHA25620c7bb2b045ad36e90fe474ac9dfb6d5a0f0f3e66ed02cc307ad3267ac19166e
SHA5127376c87a925cfc11ced033a74983237344df6c2df2697bbf9da0ba082b873058c591e16a540f74891439899905bf39a3256de91056d9c32f612a895dcada022e
-
/data/misc/profiles/cur/0/com.ru.runner/primary.profFilesize
867B
MD5cabb9bf90026c19768a0825c9f30482d
SHA1f8451b0ae3946f1f2894aa38357be663e78771c6
SHA25658bac2fea837bc2fcf9f867c1adae6cfea8dc9b0ffdae44e2b7ef7a1b7da0c09
SHA512aee39cf62c5cf8cf96df56da3b3ac902a7c3eea3527b8f354c2205be67e043ff967f6630dcb8b36369ab270bfddd36e1b4488656b9278738a9a45402992b8fe5