Analysis
-
max time kernel
179s -
max time network
180s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
04-07-2024 22:06
Static task
static1
Behavioral task
behavioral1
Sample
8883996a0058c9aec7d830934b97b989938ba41cd58b817438b3456de897e9a2.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
8883996a0058c9aec7d830934b97b989938ba41cd58b817438b3456de897e9a2.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
8883996a0058c9aec7d830934b97b989938ba41cd58b817438b3456de897e9a2.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
8883996a0058c9aec7d830934b97b989938ba41cd58b817438b3456de897e9a2.apk
-
Size
109KB
-
MD5
9104c8f53bd0bc90f6390589dfe22fb7
-
SHA1
c4a004d89625c15e494ec76b94820e5eb713028a
-
SHA256
8883996a0058c9aec7d830934b97b989938ba41cd58b817438b3456de897e9a2
-
SHA512
f61c46f8852178d626b16424767a3cde2c5fe0edd8600548a7651b257541a894e350243fe21115cf210245daf38754a58107477107660fa2dcc19e9c757343db
-
SSDEEP
1536:dq72vESli5yRKCM8++wK4QURb7KEtkBjHf7jtL6ea5qv0neTdHTL87O5L/Ld6b:o72MSli138EQKfkBjjjp6H+HTLoki
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
Processes:
nyqr.epzsj.vqgnioc pid process /data/user/0/nyqr.epzsj.vqgn/[email protected] 5010 nyqr.epzsj.vqgn /data/user/0/nyqr.epzsj.vqgn/files/Factory/Plugins/iace.dex 5010 nyqr.epzsj.vqgn /data/user/0/nyqr.epzsj.vqgn/files/Factory/Plugins/iace.dex 5010 nyqr.epzsj.vqgn -
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
Processes:
nyqr.epzsj.vqgndescription ioc process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId nyqr.epzsj.vqgn Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId nyqr.epzsj.vqgn -
Acquires the wake lock 1 IoCs
Processes:
nyqr.epzsj.vqgndescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock nyqr.epzsj.vqgn -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
nyqr.epzsj.vqgndescription ioc process Framework service call android.app.IActivityManager.setServiceForeground nyqr.epzsj.vqgn -
Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs
Application may abuse the accessibility service to prevent their removal.
Processes:
nyqr.epzsj.vqgnioc process android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction nyqr.epzsj.vqgn android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction nyqr.epzsj.vqgn android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction nyqr.epzsj.vqgn android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction nyqr.epzsj.vqgn -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
nyqr.epzsj.vqgndescription ioc process Framework service call android.app.IActivityManager.registerReceiver nyqr.epzsj.vqgn
Processes
-
nyqr.epzsj.vqgn1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5010
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
1Suppress Application Icon
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
157B
MD56f5d1fd8fd888f25c254e909c5d6c891
SHA1aca016695adf8d85b57e3e0412090e5f7705896b
SHA256702c07147998c8d532a64f74df45e1827e1cbe9c32f6667f4af9560bd8e345d7
SHA5121b6ff4b76dbb4fe8fad9a5a1eca4499e304edecb6323dd3a3874981d9f46715815c54917bd1d572ae05287e3c4e7a35f352d050cbfdf78a49c77cc7dc3de9870
-
/data/data/nyqr.epzsj.vqgn/oat/x86_64/[email protected]
Filesize156B
MD59c3df463e8f1314873bb7e05de7b5337
SHA1717b1306ac4bf36e6be1506b8147b2bd4cdd94e6
SHA256d99b25291d438e40e3fabe48a623e9124456eb6e08125ea09f3ba173ba483dbd
SHA51241e16e8dbee1df9d809a271e38ac257c2d2d51761748c0e80a4af9615bf3a2accf657fdeb7731460848c11f8c6fb244f5b62490f758259ce6b5c95f4c1f08682
-
/data/user/0/nyqr.epzsj.vqgn/[email protected]
Filesize171KB
MD50b8acbb7c58b34500835df570a13ec69
SHA1ebd7c817f40d8f206a6db70178c4fb5b4e08793b
SHA256a28063669fad8546e82d3da8944c6b1f04d4d8379759c68763a3f1154425c5d8
SHA5122613218ce81b985035555ba59dc13c3a4bb263a6e5ca3a83811aea00969434687e0c38f9377eb393a5955ce0ba426c3d1f3600ed290939dbbada8414dc8b92bb