Analysis

  • max time kernel
    179s
  • max time network
    185s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    07-07-2024 22:00

General

  • Target

    8758999e18a0e8ad8ae07929cacaf348011c692d8ed53acf0a40640c08bbb33e.apk

  • Size

    112KB

  • MD5

    ecb650ba8fbce291b2c4ce8678f93663

  • SHA1

    83ae27e9c83ac0acd78bbf3878cb8b487f3d0f53

  • SHA256

    8758999e18a0e8ad8ae07929cacaf348011c692d8ed53acf0a40640c08bbb33e

  • SHA512

    7d8b9ceafb1fb6214bd863376cb5f67452a06051f631857ad41b23ec2d4b4a5b6fc9f3b348d895b612dc03ad799dc117fa2a3bb2c8b06d96337838e2611a1901

  • SSDEEP

    3072:nHLd3fI7gvUpcjqA4J39TkeVssZaffY32C/hXryu9G:Hx3+gvU2W9keVssIfY32C/1rD9G

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 24 IoCs

    Runs executable file dropped to the device during analysis.

  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Performs UI accessibility actions on behalf of the user 1 TTPs 2 IoCs

    Application may abuse the accessibility service to prevent their removal.

  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Processes

  • hybz.kjsgu.otrn
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4973

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/hybz.kjsgu.otrn/files/Factory/Plugins/classes1.dex

    Filesize

    33KB

    MD5

    2c36e9be721b0883f5bc1f71b3f2d918

    SHA1

    1c4d662470eae7f0af3364f1563b78472183e7a0

    SHA256

    0ea0c0a03a1999a9d3471a8ce584eea7e16f60ceeeabb6474fada356fc72779d

    SHA512

    fb99247128256c045ea49c7edfc3012d1e074419c30c684399ca6e4563823a2109917af7b42ba6399e891081f06a4be98625a4cf696a0a19eeba08ab450132a8

  • /data/data/hybz.kjsgu.otrn/files/Factory/Plugins/classes2.dex

    Filesize

    37KB

    MD5

    19b705d3574791cfcc095173c8cabc8d

    SHA1

    05ab01d27521b77b02597b03265c9b859a1e3988

    SHA256

    4ed3aa44064cc17b3c2ece322d6a95d8074e6a4f8f35913523304a0bddfca804

    SHA512

    099df3863d305903a87ba7131a5897598dc2565ab82f85e2d084897cd3c0327b314bdf81bfffc676161aa6dc62c7d66445b881514b9fd287cb31233d6d0136d2

  • /data/data/hybz.kjsgu.otrn/files/Factory/Plugins/classes3.dex

    Filesize

    67KB

    MD5

    4883ac1657fa237da009253bc9a28b02

    SHA1

    fe697aa7be00f3e976bf1fe7ab4edbdfd64ab113

    SHA256

    8c81b2696863b825b399872029d82794b88c52455862bdb6a5a0403ac8a1e262

    SHA512

    183e20bec9d7ae2bbbdbe7e4170fb89519c0f8ad8b8f29185ab8c1e2b9758bb9015afa3e042c1e7d8bdc28eaba9d331cbc026463af57ab31ddcf3d76d821fdc1

  • /data/data/hybz.kjsgu.otrn/files/Factory/Plugins/classes4.dex

    Filesize

    28KB

    MD5

    c988c8ad5214967f7e8928bdbbfb70b0

    SHA1

    af58e3a4f99f27ba483b2d076e7be41181bf6f34

    SHA256

    a51308f107878dc829d6791b93419c5cba2aecf8697979060aab12231a988d74

    SHA512

    1a56d6dc3f6c184c3f4e5296c773a59d4b71b7c924e53774331986e58404611e8c5241010906e279c5f2c1d4251b8f80c21f8e29dc716b1424c049e7234984a9

  • /data/data/hybz.kjsgu.otrn/files/Factory/Plugins/oat/xekl.dex.cur.prof

    Filesize

    265B

    MD5

    fcc3238086dcac752dd477523c9274bb

    SHA1

    e6939fa8616d1fcb86dc52c46942df60747b4a7f

    SHA256

    74354823114d577de4db84d2323ce8983d4522681341a3d325ef8d60a22d433f

    SHA512

    5d96f253a82ab762829ec48e6a2ffb606dd88bcc1df4ffb2e89a3150f60531297c544688ae7afa37e1de965d1e6b0b2aabc2909667b543d9a56288872bcc1507

  • /data/data/hybz.kjsgu.otrn/oat/x86_64/[email protected]

    Filesize

    156B

    MD5

    a179ea9212b9a1603ccb4442f7a8b684

    SHA1

    a3be77a7dc3a8ab8da15333067e02ccca2645a86

    SHA256

    e613ff4b2cc72fbdb9b38f9b11b98e79ef6580895ffadc20528ac9d21115ad60

    SHA512

    7aef0c5162da522852c3a3910adbd2022e970074631ada02ceebd0a1cab02205b926b022a11afe178faf4612427323aa00b0e02943f14bdd5843ea063c155444

  • /data/data/hybz.kjsgu.otrn/oat/x86_64/[email protected]

    Filesize

    227B

    MD5

    685525c4ea81de1cc92a87cc340a5578

    SHA1

    40cc3be0f18e7114156521ef32e5dbeaef4226c1

    SHA256

    429261cc8cfa98fc7a49433e228f0af1d29e2f4d259d5124324db975fedb56ac

    SHA512

    9132e0e4209ac00dca63474dd4b9c8b69a2d8d8b3c3fb584be33a36e04e515567119d2fac1605fda1ce43d172f6ab69148a298b7c31f975dbe396e3ea851b523

  • /data/user/0/hybz.kjsgu.otrn/[email protected]

    Filesize

    171KB

    MD5

    6a053aec2b97522ec06101606f903979

    SHA1

    f1011740bca7f6f0d7fa5a2effd3db37d2d62333

    SHA256

    b84deb0f238bfcf3fd5c9f97695f90d31251baa0fe745a3a9884f4d34e244127

    SHA512

    45bb5a19b040f69451ff597f2d0b093a1497ba5bf83e8b982ed33826561e01b7b309922f09a1ea1e76691a7310e361bca8eec18e38f2628f84cb4c8215641984

  • /data/user/0/hybz.kjsgu.otrn/[email protected]

    Filesize

    163KB

    MD5

    28f5b27fc4e99ed8e65833e6f764fd8a

    SHA1

    d33641927253c0b824010cdd8fbd88f92b3734ee

    SHA256

    8c9af932b9f6ae79ddb9699d96b9b606d8a86aa450be6184468cf2901a3eb77c

    SHA512

    e397d04cb263f8c58fe366954ad1cabefb9dde7b238ecdfdaeec326761b52d0b0638c568251a5742caf6c972ef27431eecea92869f4cd6a9499472dff4bc1d05