2dd27c68bb59d301d0f44912e1330eeaeab8ed365c6ad8f33e7d514cba8f9476

Analysis

max time kernel
158s
max time network
154s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
07/08/2024, 22:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2dd27c68bb59d301d0f44912e1330eeaeab8ed365c6ad8f33e7d514cba8f9476.apk
Size

1.7MB
MD5

37b330c8644c5df0708f3fbd039b44f5
SHA1

c7185df6906b4ceafa555b588bc556511a04a8f1
SHA256

2dd27c68bb59d301d0f44912e1330eeaeab8ed365c6ad8f33e7d514cba8f9476
SHA512

83f7214c285d5105cb2479bd26b814ece6329d29e76230aa0087b5885884a39272fab2701e7c56ba8a1cde2fccb93bf47ff2a73373e7262e2f2e4e03bf52dcda
SSDEEP

49152:XY1LOhdK1GosHb5M2fUldt9n/+DR2NRUzIJWF:FhdK0F5fUlX9n2DR2fUj

Score

7^/10

collection credential_access evasion

Malware Config

Signatures

Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	org.zzzz.aaa
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	org.zzzz.aaa

org.zzzz.aaa
1⤵
- Makes use of the framework's Accessibility service
PID:4252

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/org.zzzz.aaa/files/profileInstalled

Filesize
24B

MD5
4e53e82d8b14e6699b83386f18aab0b2

SHA1
91f842c80dcc134a27ec721866ef7f6e3f9bdc65

SHA256
f02954dfb4102bfe1887c0655d7d2dd8388fa76c47868fe9483257aa5a48ce2d

SHA512
125b5a7b46744191fca2b49857d6c4b237551d4d27f50c6690d096ed8f5b47fac282456261da9beb9b4f94d7db352495573d42b674c24f456d0d917cd8e305d4

Download Submit
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
f23beb8918df1f74439617e1fc65424c

SHA1
ea631b60f19ce34451523cafbeefe14a0e2f6521

SHA256
12d20eaf6bac4d41edd37728544617a850dc97b1a53ecdfa6bb3cb30639ecd87

SHA512
032a1bfb21791c4a92752aa44500b9c8990f3cbd174e2e3279559a476f9914a62a4cf4dab744cf164182400013af9f55e3a667d68a2a3bfdb6a9a8ec0d3fd793

Download Submit
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof

Filesize
1KB

MD5
d3f463431d650be1a27451a1b7562805

SHA1
bec4b42e1e7a130c0067b5244279388b002b90e8

SHA256
00307b5bdb7a2f5e44fab83dde43a4d8aae17d2777190a7621946eea6dd8a6f7

SHA512
ddacb7650414a40836085b3eac2e3aef0d03eb5845434f4489cb9489825540c2923fc87e70e4f1275537f0cbe9b1ff6892e4bb48c38de4ffb4979cddb971e382

Download Submit
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof

Filesize
2KB

MD5
b720ea3b2fca78e99f770ffc2e2fe8ad

SHA1
1ae849fb7d3e0490ceec3c38efbb05263605c0ca

SHA256
54ebaf9a0b22b891785c20fef5298382ff733afefb443b7771145a9eb65c7862

SHA512
36c359e16b3420df087e903ef9b410dca07fe1455c6ed215971478f95d2183c7e4527d1ee4ea3d1cec01604292a82d6637197b99a579a7b19ef15ec0c24ca660

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads