Resubmissions

22-07-2024 14:50

240722-r7ygtatfpn 10

Analysis

  • max time kernel
    48s
  • max time network
    58s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240624-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
  • submitted
    22-07-2024 14:50

General

  • Target

    ready.apk

  • Size

    1.9MB

  • MD5

    4a357aa1ee674cbeb5619ab9d3e3c938

  • SHA1

    45603708316102700c69aeb02780105ee12c3781

  • SHA256

    09267c538ff13a1281b7689bd9db08467f977ce658231728271582eabf676123

  • SHA512

    f38da31e0fc968b8f73a171df2d90db4c9568494e69e316b15a4abea98af00dba1020cae8fd8f8b22247a75bedec97a8deab53bfbbc724f6b69b2e99cb1e5ab3

  • SSDEEP

    12288:njY3iZr6XI0bCefFFYTFHzLIV6/f6gBAJpUdjxoxZ0/nR8:nlr6Y3kFYTBLIV6/f6gBAJpFx22

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

Processes

  • examinations.thanksgiving.rid
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4361

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/Config/sys/apps/log/log-2024-07-22.txt

    Filesize

    25B

    MD5

    a9148d406d2aa27774f728eac988cdd3

    SHA1

    68c1e93debcda4b97e06720a3b93a434e0f0c4e5

    SHA256

    bd8740f21d0f44f343afebfd133a234fa5210d5f4f79f2d826980a4a1bf07a38

    SHA512

    f6f089bbf90a16061e1af9dc677451ce729fcc908218f60977862beb3f370ff69948eace2a4c995a0d65a96efc5263da307d77f514ec3a16f02133d7d9cc2215

  • /storage/emulated/0/Config/sys/apps/log/log-2024-07-22.txt

    Filesize

    256B

    MD5

    0a7da9fcef3403006b99f3d2594eb87d

    SHA1

    79650b591371a4ed2d9f8921269e4f348ef3d458

    SHA256

    2e7c750b58e9095dbc1cac4b47472e29ffed57d9c13d845f56bebcb05198ea11

    SHA512

    2c68a150c7e25ec875f5b3921f93637475aa10858eb03c5206a62883694217d93e124f8aebcd5a29d1820ff86c8b86c2311ec45ec1903a73b15cc48a534f875c