c3256b91234624addc8b6ffe089ebe1b45b839e1d772abcf62cace376f473ba7

General

Target

c3256b91234624addc8b6ffe089ebe1b45b839e1d772abcf62cace376f473ba7.apk
Size

2.5MB
MD5

5a3ed72e1ad54c1f38ea48812472b649
SHA1

1fc3e73f876887dbc235d1564a8122023d55b386
SHA256

c3256b91234624addc8b6ffe089ebe1b45b839e1d772abcf62cace376f473ba7
SHA512

a4a293dd39b72d2f2c25a52df158da0549f6a1c2175f9b2850b7a54f24ddf7fc093cdde4a7b117f5b4c83ba5e0afa6f2c3515eaaed4bb9708c3fa93b5bf7fbf8
SSDEEP

49152:Pvyj76X6+Glm+nJVxAfWgLs/H7naTgjucPq8lwrRTpT/heBDDg1OOzkI+Wjy3rZF:YP+G0+JLsLs/uUjuMwl5UlDKkI+Wu3v

Score

8^/10

banker collection credential_access discovery evasion impact stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4473	jnlqpxmc.vmvsdm.dakdnau

Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	jnlqpxmc.vmvsdm.dakdnau
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	jnlqpxmc.vmvsdm.dakdnau
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	jnlqpxmc.vmvsdm.dakdnau

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	jnlqpxmc.vmvsdm.dakdnau

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	jnlqpxmc.vmvsdm.dakdnau

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	jnlqpxmc.vmvsdm.dakdnau

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	jnlqpxmc.vmvsdm.dakdnau

Requests enabling of the accessibility settings. 1 IoCs

description	ioc	Process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	jnlqpxmc.vmvsdm.dakdnau

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	jnlqpxmc.vmvsdm.dakdnau

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	jnlqpxmc.vmvsdm.dakdnau

jnlqpxmc.vmvsdm.dakdnau
1⤵
- Removes its main activity from the application launcher
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Requests enabling of the accessibility settings.
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4473

.tt
1⤵
PID:4600

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

1

T1628

Suppress Application Icon

Input Injection

Virtualization/Sandbox Evasion

1

T1633

System Checks

1

T1633.001

Credential Access

Clipboard Data

1

T1414

Input Capture

2

T1417

GUI Input Capture

1

T1417.002

Keylogging

1

T1417.001

Discovery

Software Discovery

1

T1418

Security Software Discovery

1

T1418.001

System Information Discovery

1

T1426

System Network Configuration Discovery

1

T1422

System Network Connections Discovery

1

T1421

Lateral Movement

Collection

Clipboard Data

1

T1414

Input Capture

2

T1417

GUI Input Capture

1

T1417.002

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1

T1471

Data Manipulation

1

T1641

Transmitted Data Manipulation

Input Injection

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/jnlqpxmc.vmvsdm.dakdnau/databases/google_app_measurement.db

Filesize
108KB

MD5
978214bd21ddf1ca2b402293607fdf37

SHA1
649f4229509e2faeb380121a7f4002261b33c3fc

SHA256
77f8771975e7adee9a128d8bc92571ac41992dca154d6879c8bae9ab17cd5e28

SHA512
b49602a9cd985dfefa5f19dfdc5828a7ec3c945d2c60e79c12cfe18e877c0c591b54cba029918d8ac15cdb6378d9c3ecf324f6fc22e84e0f0fce679370ae61bf

Download Submit
/data/user/0/jnlqpxmc.vmvsdm.dakdnau/databases/google_app_measurement.db-journal

Filesize
12KB

MD5
97592f42a1cbd205b62a826ec4276e35

SHA1
93e5934bdabb427f2ef27b4f11843472c2a83c51

SHA256
7d66d5d7a74f187ab70494c887530f85cb5701ce0d088831e7a71e52b7de819e

SHA512
5a203af2571c1952828f8b0ddfb431256da2c7b8090b23ba2475b566c13f35432eef6abb8c61a2107717691d5c51cb59e77957176d0584c257e476249e621bcf

Download Submit
/data/user/0/jnlqpxmc.vmvsdm.dakdnau/databases/google_app_measurement.db-journal

Filesize
512B

MD5
1fd0df783131698f109412b6f56d1cb1

SHA1
11f203d232ba08ac099f2644482b188a7635a4cb

SHA256
8b26c2fe9c85950ba94ef36e556102c47558d804c2030066adc147794301f546

SHA512
d712e94793685d62e68a9ec284bd96286ce5fb36b877331b0f90ce551c5ad39fef0ef43ee5bc7065273d77276f5be4865fa691e0082d016f47ff24c835179d33

Download Submit
/data/user/0/jnlqpxmc.vmvsdm.dakdnau/databases/google_app_measurement.db-journal

Filesize
8KB

MD5
7e9091359ead9b080e9f7c421bce6084

SHA1
a71ae4428d30df247444d39e955f4552ff359c93

SHA256
5ee0af1be70104dd6356816c272d9e7ddda8adaa8e56cad0ac2192247187fef2

SHA512
d3aedf3f9955b96698515da4216c223808c28a3e6f2c8c79130db121b80fb74bfe1235b8be194f6c6224c814d5dab762231f01edbf2d5e99efda91be2c902c03

Download Submit
/data/user/0/jnlqpxmc.vmvsdm.dakdnau/databases/google_app_measurement.db-journal

Filesize
4KB

MD5
a849647b7b1233b050277ff3d2207c90

SHA1
41841098e024e86c83637231d69fae612d14ab0a

SHA256
454b9726c4895ef052324f6a92fa497d7d84a9c1fa49c9554591103af479baec

SHA512
f31422529cf02b270c9bc3ae2d434e43aaf9e15b74d8c2ec6dbc5e4062a88df809011e5263a9e94b262106fe9bd2468eec74696f9af42dac270e2c31af13c3a6

Download Submit
/data/user/0/jnlqpxmc.vmvsdm.dakdnau/databases/google_app_measurement.db-journal

Filesize
8KB

MD5
222f354e2292cacacbffd83b124f3d3b

SHA1
0ce68f45370ffba6dad40da41657c407ef691725

SHA256
6c94bd0422a03eba31a46e934160391ca6d16b591cdc462de7b061cf5fdefcdf

SHA512
b7e3903f0160bceecc8958732eac6a83a34d1aeef6fde2e5a9e2fa792a51b21a99ff71aa4792db95146e6e4e00eb256ce04bd87e4b7f4e0de2bbb19b93fa286e

Download Submit
/data/user/0/jnlqpxmc.vmvsdm.dakdnau/databases/google_app_measurement.db-journal

Filesize
4KB

MD5
1abbc149d9b6f3f7339dcddc1b24f8cc

SHA1
d4c7581522c9c39c0559ff633b90080b43478567

SHA256
89d60d8bc5671b83ce761898e239b919406cfe4c70b0bc517a43c1d6f32123ba

SHA512
d110d777fc68e468b9b29baac8f8d68d5b21fd3a4944c4d00dca4b215f3d6d4530226ca9bfa62cae05432a59f6abc136eb8599ebf97e36596ebdd40fc98209c4

Download Submit
/data/user/0/jnlqpxmc.vmvsdm.dakdnau/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
744d7e6ea8dffaf41dcaa7c3c947a032

SHA1
405fc5d3fa4a647081082a021ee4d70e43684403

SHA256
0f65ab381c5b6642a26074b8ccdc4de62af0072369043f4c18ed631a4d86b807

SHA512
795975ff1e839d0663c1da08e47364778013db79e2f539e0f30cab9bb7a05db301a69bda1e814aa117ae443fec16d826115d7ee3236abce0df4bb44c5144548b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads