af82a4b981a908a17f543086ed7b51a35732730a92d2531763656530da81c133

Analysis

max time kernel
94s
max time network
157s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
27/06/2024, 22:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

af82a4b981a908a17f543086ed7b51a35732730a92d2531763656530da81c133.apk
Size

4.8MB
MD5

5afd75d8d47972caa8ee408690f96afa
SHA1

87bebd5dec3aadc4270fd223d28a310801539f06
SHA256

af82a4b981a908a17f543086ed7b51a35732730a92d2531763656530da81c133
SHA512

97f3761013a99a4c6f7d5c1d9528a0c95ee14add505e270c644725453ef053842b064907d23c35b1565de8f749e56b554b0a5ff66448d77fba912b79de2dd185
SSDEEP

98304:+H5V0yN+CYsH0V4o2Zn5hu0vMnVBJ4nsyTicpADMJzFg/UJz+:+HKXnVBYiXMxG8z+

Score

7^/10

collection credential_access discovery evasion persistence

Malware Config

Signatures

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	android.sys.process

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	android.sys.process

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs

flow	ioc
10	a.thd.cc
9	a.thd.cc

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	android.sys.process

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	android.sys.process

android.sys.process
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4250
- su
  2⤵
  PID:4456

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/android.sys.process/databases/internal.db

Filesize
312KB

MD5
0c625e1eb22483972e5c6db0fa58d854

SHA1
53468cd993abdbe95bef962abaa8395c8904e350

SHA256
619f38db21440a96c1482b2a50404d87eca79ede08e91fb3d875d68e0a3435b8

SHA512
dd006cfd50cc31f11c7e77a716e663c5991235b83b50c4b9efca98542e0af3fb894f2633c2cace37873a7d39588477a5479e7aa80d398d560019b8272d6ec269

Download Submit
/data/data/android.sys.process/databases/internal.db-journal

Filesize
512B

MD5
96c44f1421f47d37ca1ccc88583ac0b3

SHA1
718244fe476ed4ba9cebcfc6be2eb164a66b84b2

SHA256
13324b375ca1f9c1ede7986e4200b6d55c23c70016fa59f539e32f5d070cbdcd

SHA512
2adb53d711e0069594c8e468df2f5dc58878af3e0d1b8078379f04b1577b9bba875658e9508c65e1dfa1cffdfecc5a1463f92d0016cee486916762255d72df75

Download Submit
/data/data/android.sys.process/databases/internal.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/android.sys.process/databases/internal.db-wal

Filesize
325KB

MD5
a6647f3b4f572f16a3e241197e42e9a5

SHA1
f4a87dd00698a8dd1334120be5c50b89f43f50be

SHA256
5a838c7485237261bfbf5d80397a2439038f7e01cb1889dfb8829b13964d550d

SHA512
d3cbd1d78a27f1800c1f180647ccf500c0d9aaf4c8a04680bc0506cf0161a7d93b3ece34ea2caf87707f59513096a0ae38d433313eaa893aef672dfa4cc6ccae

Download Submit
/data/data/android.sys.process/files/.YFlurrySenderIndex.info.AnalyticsData_ZT6FC8HJS6K92ZDYFNVG_211

Filesize
88B

MD5
56aecae7fd81cddcaf6d39ee96098651

SHA1
af346c8f465ed77bc48cb617610a00b328f0f347

SHA256
de2b237519ad0632ef47d8424c61df7ba6e2eef1eb8ea4c3d048090f101d7526

SHA512
baaa564610c756ff666d55f6b28bae85e1d53452c5170668450a6ada9b10269eea830b13c729068590cbffbc073976fa28dced6e7be22088015d685fddc84382

Download Submit
/data/data/android.sys.process/files/.YFlurrySenderIndex.info.AnalyticsMain

Filesize
72B

MD5
af23590f1fb5ea4e9a5df0e820f54787

SHA1
f144cbc95aadfd10479899104c7edb8ca5f2e89c

SHA256
cc12e47ee530786ecf5208929eaafe0089beb03bd715c868948e90386a6678fe

SHA512
1aec8ef6b511770cdd3827ccfa77bf8feee237b4ec1b7abb731ee2b3b3d6cc424c409da37c828aa1b72b9d3b3aa41695b40c99f4a3d04678dba5c4fbebe6b5ce

Download Submit
/data/data/android.sys.process/files/.yflurrydatasenderblock.86f980b9-f55a-4836-9fd4-43465b91e96b

Filesize
326B

MD5
b5a3d57c8da23cac413ec330b2f8d234

SHA1
cd011cc3af564799cbfb0e30fced17e9fe0ce15f

SHA256
f8d926b39d1a20873f05013ae20a8f6575cc77a7da30e70002f0bdbb97af4e6f

SHA512
c85ef49877d67f805267bd4baf718879b7cdbd94f3353137d908f82e12f6a9b241c5c5ffcce3648c71e3db092b3f9f17694086e6cad2726c18e711d832e358a5

Download Submit
/data/data/android.sys.process/files/.yflurryreport.eb2f7d41ce4564d

Filesize
360B

MD5
d91d8d3edee17542beaab95f0a762651

SHA1
58426278a8bb246ba25f63c64a43d1cb6b1f5fcc

SHA256
74eb0b9757cd40b578290838ddd19612db8dbdab38ca7afb756fceb8d1dc83fa

SHA512
df73a0f1047ac33a5abb9bc25c4e41f486d259f0bd68ad4d174c9bcfc6c491ff6e5bb3d36618f7e338565db3e7e54582ded7ad46c1505ca4cfc3d7f32310788f

Download Submit
/storage/emulated/0/.UpdateService/debug.config

Filesize
38B

MD5
07d8d1a0556b5d14d3ec58c6151c63c6

SHA1
f7c79be8b89325a8f7a59ed07a46aa61d4cc348c

SHA256
b9c8fad036e2a21b078c61a1b59fa431aa7dcb1ec5df9f3546dfd3c260bae7eb

SHA512
f3942f0a3876ea0c137602cc61b55c85561abb40092bd100b0215ed21a0a991ab10b6a5ccce9e5f7378be70c8d8c533a7ca0289f4df8dc7ebe984a1392731813

Download Submit
/storage/emulated/0/.UpdateService/debug.config

Filesize
81B

MD5
bc06b84cd1f746ac9195b477088d5001

SHA1
c271002386e24a4450815eb23b3f91c38550f29d

SHA256
efb290cc8e3faa74de452c592c85e5ea255b788765fe1aeaa79446a7c64db23b

SHA512
f46f737914633b2651df9155ce517865d5ae05b2c335e9b4bbf8750b00fbdc67861da234ac35cc927a733a96dc3d38184eb2b6bfa4725f94d075bc56e069b6d9

Download Submit
/storage/emulated/0/.UpdateService/debug.config

Filesize
108B

MD5
56b08d997132a929983c8c72c0ba124a

SHA1
ea43c8536c883c5e46efc0e9156b6328ee0aea6d

SHA256
6cdb04ab11db97818c757ffb9bf8c5072d358412442f8abf9d1df38ea7d50254

SHA512
1c4e1a59c71ec35bef121fb7b69e9392ff7f63755edb60b15423677cef8a2712f65d591b111dc3cc4501304b8766898d27ed663b2cb6c9cc10c2b60df78f1f51

Download Submit
/storage/emulated/0/.UpdateService/debug.config

Filesize
145B

MD5
bdbdf7dc7751e1a85c381e021a428179

SHA1
5aa5d995c1ce633501af5bd181275448e3dfc77c

SHA256
c13db71923d6691b322549a0958ed53023391e6219654e019cf7b2f22b4fb93b

SHA512
74c71fe201d79eaba02bf5022491c4a3f47b479c5080b3f2c3cbd3bba943c43836007672ddc1ad2d0121730ed54fadb10978143bdc07222805dcb3512132a915

Download Submit
/storage/emulated/0/.UpdateService/debug.config

Filesize
231B

MD5
44e62e2099a4aad036f757089c1997e7

SHA1
0c344d606cc83d3e9d17ee139c68058cb6e247a3

SHA256
cc7125f9583840a62f6f929d33c738b8f073f3f075cd0e451d73979038f5db27

SHA512
0ff854d36a1412e03c5c10a2898fb6ebea69d6ca5219d82f796a34f687265ebb70c172382434d5ff2e9bb39257cbe77db1435fe4c12cf8317a26bae65b0d70c8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads