Analysis
-
max time kernel
179s -
max time network
174s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
19-07-2024 13:37
Behavioral task
behavioral1
Sample
ready.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral2
Sample
ready.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral3
Sample
ready.apk
Resource
android-33-x64-arm64-20240624-en
General
-
Target
ready.apk
-
Size
9.3MB
-
MD5
580222efdce1dca72c8402f3da095983
-
SHA1
37867faf2c1f88c7bde0a96dc382e962ceec93ac
-
SHA256
5b491059221e92e592326a582f84e416e623c7b5c9da6393340176d0f76df9da
-
SHA512
7febef3134a22dc910ff2d3ba9400a316e1e9e48ec2ce1b79497c87c086994713d2951579987286a18b0563e9ff5b2ffb0951a516047aed04da8ec02a832516d
-
SSDEEP
98304:nYZgoDdDHQvubBsPp6nfxg6lreKmzjzBRTE0tMTVa:YjDdzrVJiXlzv3z
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
Processes:
um.tahoe.brokerdescription ioc process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId um.tahoe.broker -
Acquires the wake lock 1 IoCs
Processes:
um.tahoe.brokerdescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock um.tahoe.broker -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
um.tahoe.brokerdescription ioc process Framework service call android.app.IActivityManager.setServiceForeground um.tahoe.broker -
Tries to add a device administrator. 2 TTPs 1 IoCs
Processes:
um.tahoe.brokerdescription ioc process Intent action android.app.action.ADD_DEVICE_ADMIN um.tahoe.broker -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
um.tahoe.brokerdescription ioc process Framework service call android.app.job.IJobScheduler.schedule um.tahoe.broker
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
13B
MD5de2c41a51ee9246eb1708f65b511add0
SHA12f442d634c8a18760a232c8829d4b5d74a52f074
SHA256ad2d914ca347cd1930e32f21c6d5448c34104bea181b93abc85ec518985653ab
SHA5127cdfbd001594503644e9ed80ae852f90ef9e841a8382e2eec6979e149a2c400a3b83055d205b4d1d66e1600e5127482932d5127eb5800d35a4ee5673fe34d84a
-
Filesize
29B
MD5ece45f8623243feea4df6c2fe45b36e1
SHA1ef24e005271d92ed255e24a40a15d94b0d5f6bd3
SHA256e011b2d4119782d41972729f76497925f6f503f6b87dbf8363a50d5134ff39a2
SHA51286e5a142bb1c4607af14414558fca4711e9a043842aef5add7229d2b49a640d43d62383729edd60869f26e2ad28218d48228303e358b56038267d8bdaf6353da
-
Filesize
385B
MD5deb420cd909c714a23133f72faf37546
SHA1ae0a435f72478eb9a755c329c51db2e5ed8a2313
SHA256d245375582d6d72c8dd2f5ffdf918c67c85edb943674e0e9660aa32de675ce94
SHA512444eace31d60b1a62bc4bcce86270ab5ab918ac475b75ff1ab71f678e0195b00ef831bf31b2a8f20dec92a49b4d8d6340eace357cce585ef71b12279467fad48