eab2ab7bfc55c6a6012eef19b5fcdc8d98b34351dc32e0e9e09203a60bc392d0

Analysis

max time kernel
329s
max time network
337s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
17-07-2024 00:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ZITGCD.apk
Size

2.0MB
MD5

a0e8f8688a7b73814d90c38f94bc8021
SHA1

61e071e9e917c07740d5cafe2e162198de5254e7
SHA256

eab2ab7bfc55c6a6012eef19b5fcdc8d98b34351dc32e0e9e09203a60bc392d0
SHA512

3fc28860a29da446f81de2004e43176cbca3f9a441a2b7366113440d0236033467740e7d66ffef8f64a94f744a50a62c3254d824ae2ac427180051177f850a93
SSDEEP

24576:SmNrIzgqUpCawONHO0hE7uclW5p+0CpQK9Kl19E708iTol9ZbzDo2lB/VlBGN5TU:NyYwONHZBHLK9K1rMxNf/ENFq7Tplx

Score

6^/10

discovery evasion impact persistence privilege_escalation

Malware Config

Signatures

Acquires the wake lock 1 IoCs

Processes:

com.example.dat.a8andoserverx

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.example.dat.a8andoserverx
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

Foreground Persistence
T1541

Processes:

com.example.dat.a8andoserverx

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.example.dat.a8andoserverx
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.example.dat.a8andoserverx

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.example.dat.a8andoserverx
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
evasion

User Evasion
T1628.002

Processes:

com.example.dat.a8andoserverx

description ioc process

Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS com.example.dat.a8andoserverx
Requests enabling of the accessibility settings. 1 IoCs

Processes:

com.example.dat.a8andoserverx

description ioc process

Intent action android.settings.ACCESSIBILITY_SETTINGS com.example.dat.a8andoserverx
Tries to add a device administrator. 2 TTPs 1 IoCs
privilege_escalation impact

Device Administrator Permissions
T1626.001

Account Access Removal
T1640

Processes:

com.example.dat.a8andoserverx

description ioc process

Intent action android.app.action.ADD_DEVICE_ADMIN com.example.dat.a8andoserverx

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.example.dat.a8andoserverx

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.example.dat.a8andoserverx

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.example.dat.a8andoserverx

description	ioc	process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.example.dat.a8andoserverx

description	ioc	process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	com.example.dat.a8andoserverx

description	ioc	process
Intent action	android.app.action.ADD_DEVICE_ADMIN	com.example.dat.a8andoserverx

com.example.dat.a8andoserverx
1⤵
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
PID:4454