Analysis

  • max time kernel
    179s
  • max time network
    180s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    04-07-2024 22:06

General

  • Target

    8883996a0058c9aec7d830934b97b989938ba41cd58b817438b3456de897e9a2.apk

  • Size

    109KB

  • MD5

    9104c8f53bd0bc90f6390589dfe22fb7

  • SHA1

    c4a004d89625c15e494ec76b94820e5eb713028a

  • SHA256

    8883996a0058c9aec7d830934b97b989938ba41cd58b817438b3456de897e9a2

  • SHA512

    f61c46f8852178d626b16424767a3cde2c5fe0edd8600548a7651b257541a894e350243fe21115cf210245daf38754a58107477107660fa2dcc19e9c757343db

  • SSDEEP

    1536:dq72vESli5yRKCM8++wK4QURb7KEtkBjHf7jtL6ea5qv0neTdHTL87O5L/Ld6b:o72MSli138EQKfkBjjjp6H+HTLoki

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs

    Application may abuse the accessibility service to prevent their removal.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Processes

  • nyqr.epzsj.vqgn
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:5010

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/nyqr.epzsj.vqgn/files/Factory/Plugins/oat/iace.dex.cur.prof

    Filesize

    157B

    MD5

    6f5d1fd8fd888f25c254e909c5d6c891

    SHA1

    aca016695adf8d85b57e3e0412090e5f7705896b

    SHA256

    702c07147998c8d532a64f74df45e1827e1cbe9c32f6667f4af9560bd8e345d7

    SHA512

    1b6ff4b76dbb4fe8fad9a5a1eca4499e304edecb6323dd3a3874981d9f46715815c54917bd1d572ae05287e3c4e7a35f352d050cbfdf78a49c77cc7dc3de9870

  • /data/data/nyqr.epzsj.vqgn/oat/x86_64/[email protected]

    Filesize

    156B

    MD5

    9c3df463e8f1314873bb7e05de7b5337

    SHA1

    717b1306ac4bf36e6be1506b8147b2bd4cdd94e6

    SHA256

    d99b25291d438e40e3fabe48a623e9124456eb6e08125ea09f3ba173ba483dbd

    SHA512

    41e16e8dbee1df9d809a271e38ac257c2d2d51761748c0e80a4af9615bf3a2accf657fdeb7731460848c11f8c6fb244f5b62490f758259ce6b5c95f4c1f08682

  • /data/user/0/nyqr.epzsj.vqgn/[email protected]

    Filesize

    171KB

    MD5

    0b8acbb7c58b34500835df570a13ec69

    SHA1

    ebd7c817f40d8f206a6db70178c4fb5b4e08793b

    SHA256

    a28063669fad8546e82d3da8944c6b1f04d4d8379759c68763a3f1154425c5d8

    SHA512

    2613218ce81b985035555ba59dc13c3a4bb263a6e5ca3a83811aea00969434687e0c38f9377eb393a5955ce0ba426c3d1f3600ed290939dbbada8414dc8b92bb