26661a0db24c1c9cf37bd937f587334c6dbb1fc59a65fcee9f0148b424a93bf8

Analysis

max time kernel
179s
max time network
189s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
10/07/2024, 22:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

26661a0db24c1c9cf37bd937f587334c6dbb1fc59a65fcee9f0148b424a93bf8.apk
Size

2.0MB
MD5

f75bff378d07cdb7d7afdc7d22e4ff2e
SHA1

9439fc664741a4a3ef1d57acf8892508b3e0bba4
SHA256

26661a0db24c1c9cf37bd937f587334c6dbb1fc59a65fcee9f0148b424a93bf8
SHA512

4794f9a88d7390531a32bd4bcc6a58ee036f64e1bee09f2b8f41493c6e436485630aec5cad918c1cd654144f1efe42939fcf1fdf1939ee36dd342384dae98d90
SSDEEP

24576:KpN476Lkopscthh1Zn6OA5os7HE4PGnO+7tKCT9P53Y3Fk41x1qgr560frPPgYpQ:K7dF7tN2HTPGnNRRhc1qgrs0frPcz

Score

7^/10

collection discovery evasion execution impact persistence

Malware Config

Signatures

Queries account information for other applications stored on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect account information stored on the device.

collection

Stored Application Data

T1409

description	ioc	Process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	wpcuganbwyqxaoz.vockfgbezozpnj.fjbpbtxk:bcad
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	wpcuganbwyqxaoz.vockfgbezozpnj.fjbpbtxk

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	wpcuganbwyqxaoz.vockfgbezozpnj.fjbpbtxk:bcad

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	wpcuganbwyqxaoz.vockfgbezozpnj.fjbpbtxk:bcad

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	wpcuganbwyqxaoz.vockfgbezozpnj.fjbpbtxk:bcad

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	wpcuganbwyqxaoz.vockfgbezozpnj.fjbpbtxk

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	wpcuganbwyqxaoz.vockfgbezozpnj.fjbpbtxk:bcad

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	wpcuganbwyqxaoz.vockfgbezozpnj.fjbpbtxk:bcad

wpcuganbwyqxaoz.vockfgbezozpnj.fjbpbtxk
1⤵
- Queries account information for other applications stored on the device
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4592

wpcuganbwyqxaoz.vockfgbezozpnj.fjbpbtxk:bcad
1⤵
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4631