81dc4259fd623c047342d03c9edb6bd7d3f060ab7e7ec751855e14e04413d725

Analysis

max time kernel
177s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
07/07/2024, 22:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

81dc4259fd623c047342d03c9edb6bd7d3f060ab7e7ec751855e14e04413d725.apk
Size

1.8MB
MD5

50af3ffcd7c8c183fe4e20b04340f468
SHA1

991cfa756712a6092e0836732264677c8ab79daa
SHA256

81dc4259fd623c047342d03c9edb6bd7d3f060ab7e7ec751855e14e04413d725
SHA512

f57405f472942ed6863035b520556fd56742e9dfc3218cabf41d29e8096ac59ce4f550e0b43c66ff3341bb97401568c6d9ee3fd1cbe05b58e27b6a58946106d6
SSDEEP

24576:MY17jemsTMkxsVcQKLaL/+xh31Zs0qVDfTIqjTsjM1BEc79w2P5GlcOyPzINd4J3:MY1dsAkquRL+/+L3LqZLItjKd0o

Score

7^/10

collection credential_access evasion

Malware Config

Signatures

Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	org.zzzz.aaa
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	org.zzzz.aaa

org.zzzz.aaa
1⤵
- Makes use of the framework's Accessibility service
PID:4304

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/org.zzzz.aaa/files/profileInstalled

Filesize
24B

MD5
ef336fd774f5963d61a968307f714d6e

SHA1
12770204d0a2c1aa1852553829d87677a21b9c0c

SHA256
2cbe2bb872d45c8be51200246e4b53e523afe8aab11f48ec1481edb25fbc9cd3

SHA512
3db1e7f5bff7bb2679a6bd709fdf34c679d51bfad3aa89ce5490bdde21038ac0488bef095f4759d62fa001659d49f4c18aba1e03a04905f9f7ca83e79173d748

Download Submit
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
4afb2216a275d37201f908af2479edab

SHA1
6cba2520114d1e918df976d182319ad91571d54d

SHA256
5a5b8e6f8ad5999f19ce6e69f3078f49c221df04454e4e302b911ce5cb165c04

SHA512
e9de9e456a24c204e9bae4317540530be1ed5ab086052573bbe18edc3e9aab9702da2ab03bae3dbf08f3ef373a86e52842b4adae796f8247d380b2145c4c92e2

Download Submit
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof

Filesize
1KB

MD5
30e8f9f0d065da376c5f929b00d66d99

SHA1
30e1cf6db1af33a5179c7c2bd00ee5f3e1176433

SHA256
6f1a126d9dc2045a00e1b20c233ca64d1d86bea7c005f01392d9cd8ad9aa53ce

SHA512
d5c0489bb984bc30ff90fc2455d2cb39b7c202d9f2c615ab2acc8198225b3339e117310f417a5830a363087b63b1c84515a7148ff94b0e5136bd61014ed3ee52

Download Submit
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof

Filesize
2KB

MD5
f90544f58a06550f899205790c850d60

SHA1
5ff2b1633b4563b91f82c70e36d3338bac9664c9

SHA256
d5f4a4158cc8d38af64043f602f52b904cf97ec86cde6cf942cb195e6c1f5194

SHA512
d13860721ba0e44d051d3d7be58cc7855205efdfb0b8f2e781e80efe1d7f564654e11f46a583a0f347eb3fa83976a25721be607db4099720419f75cf8b19724c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads