Analysis
-
max time kernel
304s -
max time network
308s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
07-08-2024 21:53
Behavioral task
behavioral1
Sample
ready.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
ready.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
ready.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
ready.apk
-
Size
8.5MB
-
MD5
6082b5dc1353aae9aa21cdea633aba35
-
SHA1
8938bf46337000b30a0506d0462d46166de49899
-
SHA256
22db1592a6baa3f90ae2ba47bc024b28ab48b2fb420e2b838ba216c9bfaa9507
-
SHA512
befcf1b32e352e2ba1dc09f5c4b32ee2ce7685522be5d1e54967723a9f8cbf150649f7b3d11cf1ce1ca42d1524ce61dbc6115b0a4095b0aa35c8882e2eeb6b0d
-
SSDEEP
98304:ES6p+dL6maOWsGN6GpQ81Mlmz8zBmTC0tRu:ES6pc1WskT13zlB0
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
Processes:
susan.re.tapedescription ioc process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId susan.re.tape Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId susan.re.tape Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText susan.re.tape -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
susan.re.tapedescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener susan.re.tape -
Acquires the wake lock 1 IoCs
Processes:
susan.re.tapedescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock susan.re.tape -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
susan.re.tapedescription ioc process Framework service call android.app.IActivityManager.setServiceForeground susan.re.tape -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
susan.re.tapedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo susan.re.tape -
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
Processes:
susan.re.tapedescription ioc process Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS susan.re.tape -
Requests enabling of the accessibility settings. 1 IoCs
Processes:
susan.re.tapedescription ioc process Intent action android.settings.ACCESSIBILITY_SETTINGS susan.re.tape -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
susan.re.tapedescription ioc process Framework service call android.app.job.IJobScheduler.schedule susan.re.tape -
Checks CPU information 2 TTPs 1 IoCs
Processes:
susan.re.tapedescription ioc process File opened for read /proc/cpuinfo susan.re.tape -
Checks memory information 2 TTPs 1 IoCs
Processes:
susan.re.tapedescription ioc process File opened for read /proc/meminfo susan.re.tape
Processes
-
susan.re.tape1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Requests enabling of the accessibility settings.
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4450
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Foreground Persistence
1Hide Artifacts
1User Evasion
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
25B
MD5d03c94c89c9dee43c7422d4efa7937cf
SHA1c752cde3ac59c2cf986bf488ed7078a9ae27fa3f
SHA2569c65480d93292ef16a3ad639c5ff36321a700ae05aa02a7ba40a24d92935434c
SHA512bee9f0abcb20c784491eec95bf4626beb56e054f8939c1ab4385f694d4cc0a542267af4b662ef3a83f35e10de2b0a4b7038e34fd4a79f58db53bd726eebd4b2b
-
Filesize
25B
MD5455606a8ce76478454a9271cf0cd20f8
SHA1dfd6238c9fb16d16a71a1f7e616d65974bc69036
SHA256ac0b11d28c0ed6926261a37d2e5fb0ad65550de1817abd40681e3847fa1289f4
SHA512b8d57cdeed494bb0de7e709bd37d21a9c4781f03bee988287bc93c11a60ac90332838b5a4a8c041173a43123b76863ac1a0ea676c7aec46294c81c136400aa10
-
Filesize
25B
MD5ba30336bf53d54ed3c0ea69dd545de8c
SHA1ce99c6724c75b93b7448e2d9fac16ca702a5711f
SHA2562d6988fb5afdaafc4e33fa1f71d6f10c95ab5a49a8ec820add5b13eef05439af
SHA512eea34ca526e03349e746d3687ea660b4748f0174fe2ffdb65161e232e08630b345e03329614852ce881a71362ba68575e9dd08fa361a416e5b2fb231e21a0a3e
-
Filesize
280B
MD5d87920d1f4800b0964f9eac896b40d4a
SHA14937f5675f2817ac28e32dd77c83718b4de751ed
SHA256e9bccfa46a8164aaddea5a9562d56d758f6fb1b3aa83154fbe8e8b451eb93444
SHA5126acc13ea7d782b3a9f6dc594cf3c21a928d4f585e91985e7fb2f19d652affc1f5bb7836685ee0c8e85e1127848dfa119e598b5d8da182c1d507eb8fc3a6ba2f3