Analysis

  • max time kernel
    329s
  • max time network
    335s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    25-07-2024 17:25

General

  • Target

    HakiGame.apk

  • Size

    4.7MB

  • MD5

    662f68bd645b936adde8cb75a114e801

  • SHA1

    e70ea7bc46ff70179ec8ca4e385e6a6bc95a2e55

  • SHA256

    32f551c813236d03abf4d6c43ff64fd604434c5d761b1fbe331e2680fb672d69

  • SHA512

    5d57c41ee199d69cddea2324932df0bafe4dc2cd921c19455070fcd887fed8f21c8bc9c22ccd3bcb62f22baafd5cbf86d4ccb7c94b51713f4fd403ff1624e02e

  • SSDEEP

    98304:afjGBEfmm8PxQvkqEhIiwXGYhumzLzB/TV0tg/xmcnz+Vl:KjB0QvkqKIiinpz5qt4+

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Acquires the wake lock 1 IoCs
  • Requests enabling of the accessibility settings. 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

Processes

  • build.ledear.apk
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Requests enabling of the accessibility settings.
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:4250

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/Config/sys/apps/log/log-2024-07-25.txt

    Filesize

    13B

    MD5

    de2c41a51ee9246eb1708f65b511add0

    SHA1

    2f442d634c8a18760a232c8829d4b5d74a52f074

    SHA256

    ad2d914ca347cd1930e32f21c6d5448c34104bea181b93abc85ec518985653ab

    SHA512

    7cdfbd001594503644e9ed80ae852f90ef9e841a8382e2eec6979e149a2c400a3b83055d205b4d1d66e1600e5127482932d5127eb5800d35a4ee5673fe34d84a

  • /storage/emulated/0/Config/sys/apps/log/log-2024-07-25.txt

    Filesize

    25B

    MD5

    be9a3b328590c4fb6bd9b59eb5db2062

    SHA1

    bce23c7cdf69c996592adb2b21b6659b8048482b

    SHA256

    0b0d71ad2b5e2e8cf67171db31fc43b9cf2140e3970fba39ff9d2fbb11022884

    SHA512

    93c40bb31bd70d19fda2983129ea36883ad95fe9292bf2221daad12adb32c1c9b42e455fbccffb1b0ffd015c36fab52c7baef822ab80a88e2fc0337d048c01c0

  • /storage/emulated/0/Config/sys/apps/log/log-2024-07-25.txt

    Filesize

    252B

    MD5

    c525bc59b4ea5fc26cfe6e5ecd9c2c48

    SHA1

    326cc5fe3e43d38746c260165099e96f12a0faa4

    SHA256

    979909874d66d35f83b588f2a433302ab44eb4acf20bc0183238dcaace7edea5

    SHA512

    8f9b5c3e8d8122184bfc1ac06fdb950f26af8b668bdbf3fdf74c48de411cfcbd8c10eb527d31513bec79e6d549d40e6ba0b0e7efcd7a9a23d239009ee2546eaf