81dc4259fd623c047342d03c9edb6bd7d3f060ab7e7ec751855e14e04413d725

Analysis

max time kernel
176s
max time network
147s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
07/07/2024, 22:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

81dc4259fd623c047342d03c9edb6bd7d3f060ab7e7ec751855e14e04413d725.apk
Size

1.8MB
MD5

50af3ffcd7c8c183fe4e20b04340f468
SHA1

991cfa756712a6092e0836732264677c8ab79daa
SHA256

81dc4259fd623c047342d03c9edb6bd7d3f060ab7e7ec751855e14e04413d725
SHA512

f57405f472942ed6863035b520556fd56742e9dfc3218cabf41d29e8096ac59ce4f550e0b43c66ff3341bb97401568c6d9ee3fd1cbe05b58e27b6a58946106d6
SSDEEP

24576:MY17jemsTMkxsVcQKLaL/+xh31Zs0qVDfTIqjTsjM1BEc79w2P5GlcOyPzINd4J3:MY1dsAkquRL+/+L3LqZLItjKd0o

Score

7^/10

collection credential_access evasion

Malware Config

Signatures

Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	org.zzzz.aaa
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	org.zzzz.aaa

org.zzzz.aaa
1⤵
- Makes use of the framework's Accessibility service
PID:4953

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/org.zzzz.aaa/files/profileInstalled

Filesize
24B

MD5
a3bdddf0327f3c142fa69846513af1a8

SHA1
9792a73837c37f7ac2f7a55a1a633b41946b638f

SHA256
13b0d5290bd4d39917ed146886a5e36cfc8d2051c395c38fecbf1342822631ce

SHA512
43412825bf1933c92143087f8c79a1e542ff0fbb4b79ef86ed45b0bf98b4f3b2c54205ed3c068074bf10e5801f725cb8f03a2e1d7ccc9fd275c33d83d20430ac

Download Submit
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
17696c9c4556683219b9e38cd0afd6c8

SHA1
14e74de9a3bbc45a6a173d50b0029faa866c863f

SHA256
ba2860dbc922e663f7414ae0699700e9a6e4901a55dafc6688f213ba2bd4e052

SHA512
947cf9b7a3259a36fcb6ef35af1f876e4831a5051524c1b10fcf38b627d2f11a40f932c7cfa2c6dec98705c5f8a4de6b96861081d7a70a51d061ea030e16f6b9

Download Submit
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof

Filesize
1KB

MD5
30e8f9f0d065da376c5f929b00d66d99

SHA1
30e1cf6db1af33a5179c7c2bd00ee5f3e1176433

SHA256
6f1a126d9dc2045a00e1b20c233ca64d1d86bea7c005f01392d9cd8ad9aa53ce

SHA512
d5c0489bb984bc30ff90fc2455d2cb39b7c202d9f2c615ab2acc8198225b3339e117310f417a5830a363087b63b1c84515a7148ff94b0e5136bd61014ed3ee52

Download Submit
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof

Filesize
2KB

MD5
2d0259d6cf995e405da2c714397e47c9

SHA1
5d9c63b6adbd46ca8ee489d79ceb2872160147a1

SHA256
e4419071d887a1bb0f5743cb9c2aac464e2da8c6da33bcbf2903174fef98729a

SHA512
ef6648751705eaf1aeae82c4edf5d6ea1bd27be7dfd098712e23a2612c7f797caa4ea3e674206a4268afefee4776d872e0803de11f41ff4575855f864c028fba

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads