Analysis

  • max time kernel
    137s
  • max time network
    133s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240611.1-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
  • submitted
    15-06-2024 00:57

General

  • Target

    06b9badf985e9821ce5114988cfcbe93a45fea188176df56dbd6e5621b047e0a.apk

  • Size

    346KB

  • MD5

    90e12f993233c56ec503ea7284c7301f

  • SHA1

    3e19d6940044787e350d0cf18e93502268502add

  • SHA256

    06b9badf985e9821ce5114988cfcbe93a45fea188176df56dbd6e5621b047e0a

  • SHA512

    9eb07d2e43e742f597b23a690d6e2290015aae9d76dfd367f7df591c7078f2ce5a18460f35013e7cb2769306dc00820bf85d9494b3b9e42577808342fa27a2ba

  • SSDEEP

    6144:NlA+RxF8pRVv6O2MeUM9G6sWgjEjd1pIl8isUVfvZ9hWmVlTb9x6Wa16pd:NlJCpDv6OhiGlhjEjdUlL94mzMkd

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Requests enabling of the accessibility settings. 1 IoCs

Processes

  • com.ru.runner
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Requests enabling of the accessibility settings.
    PID:4451

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.ru.runner/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
    Filesize

    8B

    MD5

    8928c29220d5ef90e7608ff9e428ce77

    SHA1

    a72d860d8b40d6218eb107899f5b617cf6f0118a

    SHA256

    6e229c681fdb2f136b883c6df4ff683662f9fc13ad8daee3de78989fd7b111b9

    SHA512

    85373f390433c2bb35d4452186738aeaf354b758ef1304dde17cca7917c4324821196d17b7136aa7ac5626133977fa5c4b3b1c504b402937f55bf9628954453c

  • /data/misc/profiles/cur/0/com.ru.runner/primary.prof
    Filesize

    554B

    MD5

    ced7e74db59a983df5d5bf22b716f99e

    SHA1

    4c5d13ed949fd7194f5677fd1e6eebd7c7d52fef

    SHA256

    20c7bb2b045ad36e90fe474ac9dfb6d5a0f0f3e66ed02cc307ad3267ac19166e

    SHA512

    7376c87a925cfc11ced033a74983237344df6c2df2697bbf9da0ba082b873058c591e16a540f74891439899905bf39a3256de91056d9c32f612a895dcada022e

  • /data/misc/profiles/cur/0/com.ru.runner/primary.prof
    Filesize

    892B

    MD5

    68eac6cfbf3b5908a9fd32319d025707

    SHA1

    ff3f894e167ab4db128afae1b809b334dc3341bf

    SHA256

    08e3f4ee8a70ec2a3d5318eda8b2f3ca80399de801cdadc5730df2b59decba44

    SHA512

    44b291cd96a71f998a628351befb83702f0244d1a74495625d777d90f4a3638c62b15b8d041dd3a22618d1c5ca8e935a1c408307942c4c4e8776fdaa6a86bfaf