Analysis

  • max time kernel
    42s
  • max time network
    59s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240624-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
  • submitted
    22-07-2024 14:56

General

  • Target

    ready.apk

  • Size

    1.9MB

  • MD5

    0194ee91dea3b5e7a0a5842b2ef0210a

  • SHA1

    86a1e120197e665e988ec0ce07c3dc9dab1ad9e3

  • SHA256

    3424dc83a016ea7ba8ffbc923f13ffd1ebd51164a0234a55ce73aaf82a494477

  • SHA512

    6f363d28805190d7a4a0fd8280544fc4eaeb2f07ae444a117ee739eeffc5449479ed49b82fc25154f55feff328461312d954d37e571a84dcb12c5fc470ece230

  • SSDEEP

    12288:Q6uTiPYLpV7IRlceg3o+HmBqqLDI+y++SitCDhelor+nRZ:WiPIRIRvX8fqLe++SvelvRZ

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

Processes

  • evident.attending.spoke
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4368

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/Config/sys/apps/log/log-2024-07-22.txt

    Filesize

    25B

    MD5

    a9148d406d2aa27774f728eac988cdd3

    SHA1

    68c1e93debcda4b97e06720a3b93a434e0f0c4e5

    SHA256

    bd8740f21d0f44f343afebfd133a234fa5210d5f4f79f2d826980a4a1bf07a38

    SHA512

    f6f089bbf90a16061e1af9dc677451ce729fcc908218f60977862beb3f370ff69948eace2a4c995a0d65a96efc5263da307d77f514ec3a16f02133d7d9cc2215

  • /storage/emulated/0/Config/sys/apps/log/log-2024-07-22.txt

    Filesize

    256B

    MD5

    0a7da9fcef3403006b99f3d2594eb87d

    SHA1

    79650b591371a4ed2d9f8921269e4f348ef3d458

    SHA256

    2e7c750b58e9095dbc1cac4b47472e29ffed57d9c13d845f56bebcb05198ea11

    SHA512

    2c68a150c7e25ec875f5b3921f93637475aa10858eb03c5206a62883694217d93e124f8aebcd5a29d1820ff86c8b86c2311ec45ec1903a73b15cc48a534f875c