7db89b7e27a63e209b3c396626a627bdc67ed5104a73be96b9fc6e559eb6ce84

Analysis

max time kernel
179s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
02/08/2024, 02:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7db89b7e27a63e209b3c396626a627bdc67ed5104a73be96b9fc6e559eb6ce84.apk
Size

6.8MB
MD5

1e64eff544bffee632f02830a8b176bd
SHA1

6820b9ce37c29871ef50c28d0790ee2c57df82cd
SHA256

7db89b7e27a63e209b3c396626a627bdc67ed5104a73be96b9fc6e559eb6ce84
SHA512

36b932abea2a0826f873d67835db78afc8d3d9d446ac285f69d2e2aba05ec5d28cafaeae3f870e57eac965c49b9b3e8a2136a299a4b5f3be84283cd0581614b9
SSDEEP

196608:4Kk+Ibp3avNs0Ki0LsehuOFv+rxK8w3Te16nU46xKBB:ar38Ns0YLXVFvCxw3y16nh

Score

8^/10

collection credential_access discovery evasion

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.ary.Configuration
/system/xbin/su	com.ary.Configuration

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.ary.Configuration

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ary.Configuration

Reads the contacts stored on the device. 1 TTPs 1 IoCs

collection

Contact List

T1636.003

description	ioc	Process
URI accessed for read	content://com.android.contacts/contacts	com.ary.Configuration

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.ary.Configuration

Declares services with permission to bind to the system 3 IoCs

description	ioc
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device.	android.permission.BIND_NOTIFICATION_LISTENER_SERVICE
Required by call screening services to bind with the system. Allows apps to filter and manage incoming phone calls.	android.permission.BIND_SCREENING_SERVICE
Required by accessibility services to bind with the system. Allows apps to access accessibility features.	android.permission.BIND_ACCESSIBILITY_SERVICE

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ary.Configuration

Requests dangerous framework permissions 8 IoCs

description	ioc
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to read image files from external storage.	android.permission.READ_MEDIA_IMAGES
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to request installing packages.	android.permission.REQUEST_INSTALL_PACKAGES
Allows an app to post notifications.	android.permission.POST_NOTIFICATIONS

Checks the presence of a debugger
evasion

com.ary.Configuration
1⤵
- Checks if the Android device is rooted.
- Makes use of the framework's Accessibility service
- Queries information about running processes on the device
- Reads the contacts stored on the device.
- Acquires the wake lock
- Queries information about active data network
PID:4473

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Protected User Data

T1636

Contact List

T1636.003

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ary.Configuration/cache/volley/-15765807901702283088

Filesize
865B

MD5
b451a8e1000b4e2190dbde87355b5cb4

SHA1
a62856aa6185fb549db13b0a97b0794477463342

SHA256
45a95c3af6663997dc87b3781939a0e5a73fa044bd65edd7d9110ce2c44dbac7

SHA512
85241a912f32adcdeeaea47b889bc6fe3c2a855d0c825e9ff42204bb4310d44b760ff164115c7e2cbf30d13c2c3b3a72be40f68cf908fc5ab2dd736aa4f54744

Download Submit
/data/data/com.ary.Configuration/cache/volley/-15765807901702283088

Filesize
645B

MD5
a712567c925865997b41dfba7beba681

SHA1
9319e73c523bcaff2869341f3958c1da296fcc45

SHA256
5f6d1aa6bd2cbc0b7eafba34a5515768d9aaa82d5d303d381c0038389253c7b4

SHA512
43f3a56a83a35f648ab4870e434548fd474f7679e5c144feb065a58fec5cd16a2fc79fef9050adcc7ea1793ad4fdfd5754c0964df36bf42e81e0b8c054f3ccfe

Download Submit
/data/data/com.ary.Configuration/cache/volley/-15765807901702283088

Filesize
646B

MD5
db9204ec23f6561f47b3da8f02a44f74

SHA1
f2f757d5dd3a27ff38ca68e6d0783f4064c4982a

SHA256
934c4ea191a3ed7b39f0e90d62e391656df79bb3a286e43d38eb20b603715c0f

SHA512
7dc09e1dfa9abd62e5c5fae71845e821fbe5557f7855e72b40a7475f0691d6eba161f6ccce2702d82e94329e3b0c5038f6bd6bd193a146d53ae32f5ca4bbda03

Download Submit
/data/data/com.ary.Configuration/cache/volley/-15765807901702283088

Filesize
645B

MD5
81c660df9a58841ec69a7c2a0ee42535

SHA1
f71f121635949b5eec99d20d6307eee0091e5424

SHA256
7a77ae9da379c267c8d91b897530b9a22038b7c75e8e1a51eb6b390b8093cb8c

SHA512
f737083ed01fc610723e4ee313636ce7f2e8f96697f2f246b7d63001b19ac280abf3b751f4a73eeea71ada9952c5f288c335208bfd878bd9af821faa67ab60e3

Download Submit
/data/data/com.ary.Configuration/cache/volley/-15765807901702283088

Filesize
627B

MD5
c569fd739e7a6695996eb66cc96840a8

SHA1
d5e89efc57674877c14169090e4bcbf2772fc1f2

SHA256
689b4675cbde656a442d47ea6e61df82f5200a526e6289cd83a43bdb98cb95d8

SHA512
eb691e7b4c0b6e645ef270d9b121cef9b64d357f32b58c94f6d69ea5f500c1d0e0e5f06c66c4b98600d711559ad8a92e3eb22714287d06445883debdb742d490

Download Submit
/data/data/com.ary.Configuration/cache/volley/-15765807901702283088

Filesize
684B

MD5
8d5ca5f15969b87246370208c2f3ab84

SHA1
325920bedbaf6a9bc761615f692e5d49a7503327

SHA256
3f6d1a2079d4d603cef94aa6b2eeebaa3c74beeddcfd962c25b95e13ce38d92f

SHA512
24ec4a00889e716b8ed78c17ac8082722f2f0f0696ab8d3569093240863557e6f8b814c973782d01b1c6861a27471edf81f3882cbf11e49781e1fd46a87fe12b

Download Submit
/data/data/com.ary.Configuration/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
94c5ae13a1b0be4f4e2ce0eae283ea63

SHA1
e1551d9a0977208bdd64c00c51496f4f963b4252

SHA256
bac82776a363bd26cf03d19e6dbc03d081513dfb484a30524e0ef1f511e172cf

SHA512
a2b4f07ceeb5104d0f587136c6b5cb3c9b6e428e40f2557ce6c4aeaacb684a84654e7971b8ec9b197aed94defa2c1d5c21080490db2673356a57ccd36d96d4a5

Download Submit
/data/data/com.ary.Configuration/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
29acd23b0fcc036a494bcc53e74d039e

SHA1
0cf1c59da9a390ff02a8224b3f4a5eb0804d952e

SHA256
5e7e609cf4aafbf309d1b4032f4183cf7e6fe025c4e5dfbb6258381b76f43e66

SHA512
b710c82679006d9869579b30242a09497c08ffcf40bdf5651f135e5cbc31e21d5be8e2576ef43a01a5a67e7c05bba27e280efd098cf34750f04e89eab80f4e72

Download Submit
/data/data/com.ary.Configuration/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
9430c85edd752c038adf750350ac6be5

SHA1
31a70c9ef73b1a2feca19ea739427d58203c23d5

SHA256
65735b6e7e9355805bd9e42819c76c1b31c3f7e71a67ad64a5cc22f4b6d32768

SHA512
af8f5815bf9859e3dc804a79a53c1998bae4b55e5d7e9a52629a3ba91a01a7d1ae0a86b6c3f4b0ff4710627b5dbaa8b9dee8431a90c5b758c5766ea3150dccd4

Download Submit
/data/data/com.ary.Configuration/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
4dde4c0f1127313b2bea74f906850b53

SHA1
3957814e18223b5ff9aa38dddd6990ca984ea16e

SHA256
c1da8b0c637c86924e07291a34a1f2aa04c7c11c194f06f9db05c94528c6e6e1

SHA512
3b377e54ab1545521813bd41851f619a9ec60aefa0c8a4dcdd0b9a9df47999a516091bbf8712f009d32d13e331a05cfcef455cd661df850e71cd45a3e427ee4f

Download Submit
/data/data/com.ary.Configuration/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/com.ary.Configuration/databases/google_app_measurement_local.db

Filesize
16KB

MD5
453c93891cda92f4d107da73e6ae9a1b

SHA1
b74b9ae94ae2a283856a3cd11d22aeb53f61fbba

SHA256
59348da256d16fb314436bc58997c8f33264f6e6b99ecb36bd224321001d66d0

SHA512
ebff850cdb59c836b74c2700db451ae6198aa5a048c9c211f76c77f1ee1c92bf76ac3afd29a3094bb554e084043bb695a2d6d7b6bb4f50745a038b6b0bf1fd7c

Download Submit
/data/data/com.ary.Configuration/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
dc60b2d6e74e01091cc8b7246abf9a22

SHA1
426f9d2b974b8e0986e5dca83dc9a62b8c78dd33

SHA256
da6d05a691c6c531a2de2cdb79929e2e0f1143a6a04de79bc40fc4e682ffffbe

SHA512
027b58e45aa1e829182181b0d3b1e9e066aee1cb0e8ed95deb4daad4a03f7810f36252d41d4192c736c84a72ce4e02c68c11cad166024c09c328f175fb65af34

Download Submit
/data/data/com.ary.Configuration/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
0fab3d6b01eae7ab866ed1de2bc411b1

SHA1
67179fa025a1ad7a3ff99d69ba9a3d7da977d4ce

SHA256
37c94340fbb569cecbb9e0e7fbc15a3b9e28743c7cce1aaa67e2367927519065

SHA512
6587bd56de8b32282c4c954763e9eddbd99e6081dca6be6e56a177913f5f5f45b83fa7d6abc8549cec7a5aa2b3819f89ca61a96e21e3a87cb6eaf3dc4b71122b

Download Submit
/data/data/com.ary.Configuration/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
a5543aeff876d427ad5005572d13c305

SHA1
11b968b9e2b4d61ae85c5f31d60918f04913ca85

SHA256
e673a403600b812e42981b5931e79b7e546c6496385d68dec8a2332ff8da6a89

SHA512
3010a90ad2693f8773fda47be7f6e51614bbb126db791b9e613a9e76ad770757d161bdcb81ba81196b915efec74c4942182dfea118f27e62de963376578623f5

Download Submit
/data/data/com.ary.Configuration/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
4492ee4c29fd3bf060734a0162a3edaa

SHA1
77fc52b7786d2b14a9b7b4e40832b330e978ceab

SHA256
b329b9e33a8a61d9411068a0f5175e0f11f82342fd8c7a6898c614256027de01

SHA512
2e6a862bc79a241b0367949e759fc12964e6e17b806532dfd4830a6338880aaa1e2ad3baeb1291559f14a2bf6113b5dd0c46153a99e0f1fe5b4b0da26631a211

Download Submit
/data/data/com.ary.Configuration/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
c1a8ffb5168431ca517b39f3984e75ae

SHA1
bc1c596abdacbfc7e8396a7a64b6ac96cf576473

SHA256
b6ce7734c73e67b77b574d8263082143e4e7660bd8a1b43b2c84c43835d9653f

SHA512
fe39872eff33927e1dd210189a0d3de0c7e475e85edb45758b05fd3b42c337b195e0978d49022bf9b9822d465308b7131478669add0c274ca290479d36f62d00

Download Submit
/data/data/com.ary.Configuration/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
300fc57f8a1307b13bc8fac309c1236e

SHA1
479bac5907358bf6f7443996ed024cd7297cc41b

SHA256
bc2fdc76a687dd579608b5ed94b16d3ed1d5966aff0a4befd81f2897b50b1201

SHA512
3589107679c901fe31b7f5a72fa710503f453506a5741d2cf54b987e6c07fa2dcffc95245b8f5a473bfe00ba07a19c4db1deac9c8b6618c50f7d9def8f273b9e

Download Submit
/data/data/com.ary.Configuration/files/.com.google.firebase.crashlytics.files.v2:com.ary.Configuration/open-sessions/66AC3DFD0121000111797F6C2BD2E268/report

Filesize
788B

MD5
aa908449c511b434ce3cef0de4f86428

SHA1
13171eb8b6e09da64cc841338898cce55eeb2c09

SHA256
4f8e6d599c635b4cc95619742a12de86bf863580b919c2638984ed41fe01d929

SHA512
637b371779546eda88a382a3b81a6b23af1e1a53c5927b3dcbfdc6ebcc5699113cd04565c8dea9b1565a2584dc009881ba7dea655b8c06c9e2aa8fa5b12baa44

Download Submit
/data/data/com.ary.Configuration/files/PersistedInstallation4466466807940557771tmp

Filesize
90B

MD5
d301292abf3c798a296075fa71f815cd

SHA1
6918e8231214bdf385de49080121b8d19557c0e0

SHA256
0ae8fe4f4cbec620cd6899dd5044083cccc2bb8e43e0eb98202c5c11cf4af2ed

SHA512
a4c0f7cb9277743f6c87e1cdde5226b158f5f16daae13a8c97851c72bf1af8085fa752d1e537a19f85f69b34dc87e558e78c2b168e5165ba4a82b121eeb451fd

Download Submit
/data/data/com.ary.Configuration/files/PersistedInstallation745670413703391832tmp

Filesize
565B

MD5
28f7ac48ef1601b6d360cd273bb76456

SHA1
e2d121e8b5877c148ea50815d9a00ea155b63402

SHA256
d1fc0dd4c208a789ed0a3f812433e64e87818836663070d2d4a635875a2aae9d

SHA512
f2a4966549ef2ed59d55a514854d01b14450c354cd7a9c1fb53f59d7a46098dd0c6d047a89b0cdcca2a5bc70acec644a71a9f30f2880f4589c0dacf71d382a79

Download Submit
/data/data/com.ary.Configuration/files/apks/AApk.apk

Filesize
6.8MB

MD5
47bbb6b73f55739b481102b03f5c259d

SHA1
568aa7f71d528a96f9de3c39cfbb5eebd1c4d1a7

SHA256
3141a558165d163dc83f2a969185cc38ee3ed0a4e8295ea4ac99395a9cdb7499

SHA512
9df376e4bbc748a734521fb1db970f1d201ede7f7332992d30f4407e3ea52f8726f7d5d4015cabc59eb542a8c8bf399259f5e7958da7eb8c85125fbe5856c448

Download Submit
/data/data/com.ary.Configuration/files/localLog.txt

Filesize
43B

MD5
ef1de1e15be880aab28a4bb2e54e2116

SHA1
71f9208d2e2c0c56de51f3f2787a04b299e03831

SHA256
1984de18c8727867fb9869d8a6eeaf101fe7e39d2d31f48916b8da6d36e4ffbe

SHA512
cd61c4088cc3d5856695ee0254118595b15d0978534bdf61c3dbcb8c3315479a2bb3139f36f8bc85fe067bfdd6b105436955b6d7600df79d48a8dd2e8dbeb4b1

Download Submit
/data/data/com.ary.Configuration/files/localLog.txt

Filesize
82B

MD5
adc22740b574c33916c48847312b7e79

SHA1
a88a1eec444e65805ae855194cb5e433a8b94bfe

SHA256
895fdd539fa27d4d84e5189856688f20ea6b014dc7ec65dfd4dd4eb8c6eae3cd

SHA512
d31eac46f93be60c960245231ed89815da6e17c0ede82d304ae6eaad27fa9b359854246fc2dd3fe6f24ade6bd6dd0765d23c9315e78d6c737f00b9b16f58c234

Download Submit
/data/data/com.ary.Configuration/files/localLog.txt

Filesize
82B

MD5
9cd52489cb8b20c904b4593e17b0025e

SHA1
e05f28fc484818cd8ae3b053e2d18e55ebe34a4e

SHA256
8099e767022cd1534004c085a41f532b9e4e71aedbc3c8520de2ec8697213336

SHA512
df7cce741271e805439e15529cccf50adc85f67ab1cf64f34af6bfaff7053707d5b7b5bc2a59f88f7da21361ac33dfa46620f90225ed8f2049ecd1577528dc77

Download Submit
/data/data/com.ary.Configuration/files/localLog.txt

Filesize
34B

MD5
b5ca89783ab878b6002fe0e94243d7ed

SHA1
3cb20acef726840b01dbfdbf717c060be5b62bd5

SHA256
75d21ad1c36a75bec5eb9413f969305a8d00d130fdeddefd5079fccefdab1f87

SHA512
5e7af4c54200867b0c047fbe57134bab0566c39186044688dc08492f3b366095349b22c41c1543253c52bab614d92edb62d13ded920332b7cee1b0331ee46881

Download Submit
/data/data/com.ary.Configuration/files/localLog.txt

Filesize
103B

MD5
90fb71893cedc99cce3b41fe0a620c2e

SHA1
690b3ef1898c3650e245801bda3e95cb707014cd

SHA256
aa2ba38b322214cff9bfe316996c5c1368fbc02a394edb76fd55f10ad6742027

SHA512
890a8ad9ccde0921fadf77a08aeaf7699c2fadc6f103d5f31182d01624f75923b55c4c2727f230ccc534b2c89f9542d00b86d5c97f7fdf8da918efcd349f8ba5

Download Submit
/data/data/com.ary.Configuration/files/localLog.txt

Filesize
599B

MD5
6e5e2d47f6d84763aabb8d5500190d31

SHA1
bd5940f403f7b3571a8c36a445676a812b211ab0

SHA256
74b7f7108a3ac44e2cc11a6e6e33fa7023c7277fd5abea2fd54de2aa09e26501

SHA512
47f1493a2db92bf8b033ce183f491b4616cbcb08ebf3ac0b09e6a11dc66fa4b08e24f1b26f68800dd2cd7b21eaf89713a4cdb340413350958c0ed103144115e5

Download Submit
/data/data/com.ary.Configuration/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
2be82a12fd0eb1565fbb93e9fc8b9b75

SHA1
95a91ff9c1eb66c68de734ff0d436f3aa2b1060a

SHA256
64408a844fa9b9c790dc66e51cbe9957f808258a5262d1b73b581934f40e23f0

SHA512
f7dfa40edb8a3df25956c50964b0a8658f4c389f3aee837e4d3136aa9260a99a997ca29ff707b851179cd6d15c0b0c750a55828f52831711567da20e164e588a

Download Submit
/data/misc/profiles/cur/0/com.ary.Configuration/primary.prof

Filesize
1KB

MD5
4176b0c3ebb802566a5bf877861cd0e6

SHA1
909639413fe0507917fb27d51c4c4d8f7264321f

SHA256
21d5dc40fd77bffe040732af5ee0b689ba7052ca7c86ad259ddb0c3a8f5b5a99

SHA512
d053b83172388e741d55f5305d60b2d92f827f20726173d36bb8e3f3b2b34c21f8a7b357a2461eced035feb62f1f4813cc2432a436345d912eeb385e969054e7

Download Submit
/data/misc/profiles/cur/0/com.ary.Configuration/primary.prof

Filesize
10KB

MD5
2fdb983d41738f94e313362fd39a3e41

SHA1
c24eafb77925b853b5fc477ba72a48d17e4d295b

SHA256
0ca56fc1d7c829a24bb4f3bd361b02c7d8d7c79046ecf6c094d282a368b14d58

SHA512
d271629a66a5c6e8577ecf3320138891a30e9fa1354343e0ba78b4220731def5e622dd9b6d102e10341d999db12c806eac03a50aaefafea95e15ee7f80d58f05

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads