Overview

overview

10

Static

static

10

Xiaomi.Ser...65.apk

android-11-x64

1

Xiaomi.Ser...65.apk

android-13-x64

1

Xiaomi.Ser...65.apk

android-9-x86

1

childapp.apk

android-11-x64

8

childapp.apk

android-13-x64

7

childapp.apk

android-9-x86

8

Analysis

  • max time kernel
    329s
  • max time network
    338s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    22-07-2024 19:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    childapp.apk

  • Size

    18.3MB

  • MD5

    051916df0c9afa5bb89b4d4771f291f7

  • SHA1

    49fc19b18617e39f788b93846d679cfe4cc7963f

  • SHA256

    61ef15e9eccee437915a643c86e7f5049bcee9c439360a0a9cd4818adb98fb26

  • SHA512

    167bef68e5eb04f438d93a08e098ef1306d674ee252bd93a976732b4f1c1e8a036b9054ea2798052af57fc47315720753061f69f1280b76ec06349fe05a6f9c4

  • SSDEEP

    98304:+jwaGeWClCZmcsPS75miKq0T0Q797HmzzzBGTr0t4d:PaZCZwPSYiKq0gY0zgUy

Score
8/10
bankercollectioncredential_accessdiscoveryevasionexecutionpersistencestealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Requests enabling of the accessibility settings. 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • com.xiaomi.service
    1⤵
    • Removes its main activity from the application launcher
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Requests enabling of the accessibility settings.
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:4243

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/Config/sys/apps/log/log-2024-07-22.txt
    Filesize

    33B

    MD5

    5c7a0adc03e65588b21db1797da63ede

    SHA1

    83e33c9f8bce30a63b407472ac1cdcf362eaa268

    SHA256

    b3b94848fa4a4370b0d46140fe533874b1faa57d0b60c824c2b917d961c8e0cd

    SHA512

    83dc084aa24f74b249a2f59d889bcc6cff11502874ddc295f745699e3ecdd98fce242d85f73222d6641247d4127f57c64516244af64d3fb60395ea115da7dbe1

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-07-22.txt
    Filesize

    33B

    MD5

    111217063cfd8a765f9d48038297403f

    SHA1

    04dbe27a0357f44d16a8722bace7fda298644462

    SHA256

    b9d9bebcdaa9696ef40aa42a98676ded43230e411c3f4e5b2a0a1ee61e4f41ba

    SHA512

    f4b5ce0914bb79bd84de7c97f55c68a7a8cf25c9ebfcfa842abb0e4107bb12ee61d879e493024fc5e6de68cc83b32052921d119246e1656b90d567ed683aad9b

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-07-22.txt
    Filesize

    25B

    MD5

    ba30336bf53d54ed3c0ea69dd545de8c

    SHA1

    ce99c6724c75b93b7448e2d9fac16ca702a5711f

    SHA256

    2d6988fb5afdaafc4e33fa1f71d6f10c95ab5a49a8ec820add5b13eef05439af

    SHA512

    eea34ca526e03349e746d3687ea660b4748f0174fe2ffdb65161e232e08630b345e03329614852ce881a71362ba68575e9dd08fa361a416e5b2fb231e21a0a3e

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-07-22.txt
    Filesize

    284B

    MD5

    e717a0046988abf4711ee2d0cd39ad00

    SHA1

    bd8fb13e7195c80e0f77aa6380ef390dfad45775

    SHA256

    45ea4bf89cd513f2e9ef10f84ada1e8bb07111e992ad4fdcf0a128e84590015b

    SHA512

    55fa21e78fdfa154cfdf0dbd0118a3275cd7121a85133c3e3689a6e224d0705bac493adfdde6e2a5b0717e4f4c50112d48b1caa6de9e5f666ab5f13e7942c5b7

    Download Submit