Analysis

  • max time kernel
    135s
  • max time network
    141s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    07-08-2024 21:56

General

  • Target

    ready.apk

  • Size

    8.5MB

  • MD5

    6082b5dc1353aae9aa21cdea633aba35

  • SHA1

    8938bf46337000b30a0506d0462d46166de49899

  • SHA256

    22db1592a6baa3f90ae2ba47bc024b28ab48b2fb420e2b838ba216c9bfaa9507

  • SHA512

    befcf1b32e352e2ba1dc09f5c4b32ee2ce7685522be5d1e54967723a9f8cbf150649f7b3d11cf1ce1ca42d1524ce61dbc6115b0a4095b0aa35c8882e2eeb6b0d

  • SSDEEP

    98304:ES6p+dL6maOWsGN6GpQ81Mlmz8zBmTC0tRu:ES6pc1WskT13zlB0

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Performs UI accessibility actions on behalf of the user 1 TTPs 8 IoCs

    Application may abuse the accessibility service to prevent their removal.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • susan.re.tape
    1⤵
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Checks CPU information
    • Checks memory information
    PID:4963

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/Config/sys/apps/log/log-2024-08-07.txt

    Filesize

    25B

    MD5

    ba30336bf53d54ed3c0ea69dd545de8c

    SHA1

    ce99c6724c75b93b7448e2d9fac16ca702a5711f

    SHA256

    2d6988fb5afdaafc4e33fa1f71d6f10c95ab5a49a8ec820add5b13eef05439af

    SHA512

    eea34ca526e03349e746d3687ea660b4748f0174fe2ffdb65161e232e08630b345e03329614852ce881a71362ba68575e9dd08fa361a416e5b2fb231e21a0a3e

  • /storage/emulated/0/Config/sys/apps/log/log-2024-08-07.txt

    Filesize

    25B

    MD5

    c272d9f3c5617a1229b6cc1405dcfc16

    SHA1

    244dec9624acb498004f7a5d28450458aa7991a5

    SHA256

    5f9bc6e730f16a5f4d09a8672eb5d169c3133a16c8eaeb338da3d73f78737054

    SHA512

    5ae15ac746859fd8a9f7acd067690ce7e3bc19a6aa4760fda21a3b783085237527d3c3103964c7b50e68418cd7b1fbf1d366383e42e8335f422fd0c30381935c

  • /storage/emulated/0/Config/sys/apps/log/log-2024-08-07.txt

    Filesize

    280B

    MD5

    784d0d1671158562c2e323c6b29e5dd8

    SHA1

    e62b45b71c4ff4c81565fa22e32cae4b34a7b756

    SHA256

    8fbaff3feaf0fa2309e71109bba620047f66c4ae1f1cb8ad3745aa61ae2adc83

    SHA512

    7dad19269c3320af25af437c8e17eb89714cd83b6766db34c1f04b0989cd5279c20a5de7e511b751b3a5c8de3aa06feb7503ac4c3d7a40e68eaee4e14af7178c