Analysis
-
max time kernel
628s -
max time network
601s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
07-08-2024 21:53
Behavioral task
behavioral1
Sample
ready.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
ready.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
ready.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
ready.apk
-
Size
8.5MB
-
MD5
6082b5dc1353aae9aa21cdea633aba35
-
SHA1
8938bf46337000b30a0506d0462d46166de49899
-
SHA256
22db1592a6baa3f90ae2ba47bc024b28ab48b2fb420e2b838ba216c9bfaa9507
-
SHA512
befcf1b32e352e2ba1dc09f5c4b32ee2ce7685522be5d1e54967723a9f8cbf150649f7b3d11cf1ce1ca42d1524ce61dbc6115b0a4095b0aa35c8882e2eeb6b0d
-
SSDEEP
98304:ES6p+dL6maOWsGN6GpQ81Mlmz8zBmTC0tRu:ES6pc1WskT13zlB0
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
Processes:
susan.re.tapedescription ioc process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId susan.re.tape Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText susan.re.tape Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId susan.re.tape -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
susan.re.tapedescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener susan.re.tape -
Acquires the wake lock 1 IoCs
Processes:
susan.re.tapedescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock susan.re.tape -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
susan.re.tapedescription ioc process Framework service call android.app.IActivityManager.setServiceForeground susan.re.tape -
Performs UI accessibility actions on behalf of the user 1 TTPs 8 IoCs
Application may abuse the accessibility service to prevent their removal.
Processes:
susan.re.tapeioc process android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction susan.re.tape android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction susan.re.tape android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction susan.re.tape android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction susan.re.tape android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction susan.re.tape android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction susan.re.tape android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction susan.re.tape android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction susan.re.tape -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
susan.re.tapedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo susan.re.tape -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
susan.re.tapedescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone susan.re.tape -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
susan.re.tapedescription ioc process Framework service call android.app.IActivityManager.registerReceiver susan.re.tape -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
susan.re.tapedescription ioc process Framework service call android.app.job.IJobScheduler.schedule susan.re.tape -
Checks CPU information 2 TTPs 1 IoCs
Processes:
susan.re.tapedescription ioc process File opened for read /proc/cpuinfo susan.re.tape -
Checks memory information 2 TTPs 1 IoCs
Processes:
susan.re.tapedescription ioc process File opened for read /proc/meminfo susan.re.tape
Processes
-
susan.re.tape1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4987
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Foreground Persistence
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
System Information Discovery
2System Network Configuration Discovery
1System Network Connections Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
25B
MD5d03c94c89c9dee43c7422d4efa7937cf
SHA1c752cde3ac59c2cf986bf488ed7078a9ae27fa3f
SHA2569c65480d93292ef16a3ad639c5ff36321a700ae05aa02a7ba40a24d92935434c
SHA512bee9f0abcb20c784491eec95bf4626beb56e054f8939c1ab4385f694d4cc0a542267af4b662ef3a83f35e10de2b0a4b7038e34fd4a79f58db53bd726eebd4b2b
-
Filesize
25B
MD5455606a8ce76478454a9271cf0cd20f8
SHA1dfd6238c9fb16d16a71a1f7e616d65974bc69036
SHA256ac0b11d28c0ed6926261a37d2e5fb0ad65550de1817abd40681e3847fa1289f4
SHA512b8d57cdeed494bb0de7e709bd37d21a9c4781f03bee988287bc93c11a60ac90332838b5a4a8c041173a43123b76863ac1a0ea676c7aec46294c81c136400aa10
-
Filesize
25B
MD5ba30336bf53d54ed3c0ea69dd545de8c
SHA1ce99c6724c75b93b7448e2d9fac16ca702a5711f
SHA2562d6988fb5afdaafc4e33fa1f71d6f10c95ab5a49a8ec820add5b13eef05439af
SHA512eea34ca526e03349e746d3687ea660b4748f0174fe2ffdb65161e232e08630b345e03329614852ce881a71362ba68575e9dd08fa361a416e5b2fb231e21a0a3e
-
Filesize
280B
MD5784d0d1671158562c2e323c6b29e5dd8
SHA1e62b45b71c4ff4c81565fa22e32cae4b34a7b756
SHA2568fbaff3feaf0fa2309e71109bba620047f66c4ae1f1cb8ad3745aa61ae2adc83
SHA5127dad19269c3320af25af437c8e17eb89714cd83b6766db34c1f04b0989cd5279c20a5de7e511b751b3a5c8de3aa06feb7503ac4c3d7a40e68eaee4e14af7178c