Analysis

  • max time kernel
    265s
  • max time network
    270s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    06-08-2024 10:38

General

  • Target

    launcher.apk

  • Size

    4.6MB

  • MD5

    215064ebef7fc8957ba42c80c2bafcf3

  • SHA1

    b71e516b3c54c383a79effda9c020fbc9211e498

  • SHA256

    408c3b114530bc74c07b2fb17d48d400d17b4ed36defde2961ae154c2a618e74

  • SHA512

    5e4f639e93e69a56308b8c8549b7c0d75cabb8d68aaefc8b3f14f5dbc16cbd6657da4d98f43d5d747472b1dbaf698c9a7ab42f38e62f22cf0b7703fa3069f4a0

  • SSDEEP

    98304:Nu3xwW0lUSPZIEi0qTg6FvlfFMoN5mz3zBLbTs0to2WMeYk:aeW0CSxIEbq86llfFMlzZ/aek

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Requests enabling of the accessibility settings. 1 IoCs
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

Processes

  • com.gb.egyptian
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Requests enabling of the accessibility settings.
    • Schedules tasks to execute at a specified time
    PID:4452

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/Config/sys/apps/log/log-2024-08-06.txt

    Filesize

    13B

    MD5

    de2c41a51ee9246eb1708f65b511add0

    SHA1

    2f442d634c8a18760a232c8829d4b5d74a52f074

    SHA256

    ad2d914ca347cd1930e32f21c6d5448c34104bea181b93abc85ec518985653ab

    SHA512

    7cdfbd001594503644e9ed80ae852f90ef9e841a8382e2eec6979e149a2c400a3b83055d205b4d1d66e1600e5127482932d5127eb5800d35a4ee5673fe34d84a

  • /storage/emulated/0/Config/sys/apps/log/log-2024-08-06.txt

    Filesize

    25B

    MD5

    11fa8fe89e1272773e6e8a14167462ed

    SHA1

    26951eab4624e031c0a10002a8a903ca370e7fbf

    SHA256

    594d67ca3fb25ec3dc34ecc36765ebb3d0ac4321c116161996d85eb86e0b7501

    SHA512

    3a0381310eb54d44638014bed0dbdd3e04712f199178a5ca456213d2a1d5375e380ef32c42726ba4796dc8c5d0b69c0095bd75ef174c08bbb444d37bf26a3348

  • /storage/emulated/0/Config/sys/apps/log/log-2024-08-06.txt

    Filesize

    57B

    MD5

    785526464d29c254ba766d3f5f8cbeaa

    SHA1

    0088564925a1e806ac26a8356365b74b6d1bd56c

    SHA256

    3bf774d2537bfb18cd211630449c4103cd03bacee2f95478a1c1cf6dff1b12d7

    SHA512

    6b04e61d4c2b5e34cca4c29f9b09a6b49445e812a09fee210b34835adbccfd63a547faa4023da60ecdc98e3ade635af23eed667bc9680e8debf834b1e38bda85