Analysis
-
max time kernel
27s -
max time network
33s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
24-08-2024 10:20
Static task
static1
Behavioral task
behavioral1
Sample
c18c5ca32b80d4b595500853e1899d03edbe954d1e79da14f167aa888918d547.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
c18c5ca32b80d4b595500853e1899d03edbe954d1e79da14f167aa888918d547.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
c18c5ca32b80d4b595500853e1899d03edbe954d1e79da14f167aa888918d547.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
c18c5ca32b80d4b595500853e1899d03edbe954d1e79da14f167aa888918d547.apk
-
Size
312KB
-
MD5
1285e688bb834e348023425ab4bbbfa5
-
SHA1
605526f8ee8bb7150dbd2a4b90ab9ab5edabd7da
-
SHA256
c18c5ca32b80d4b595500853e1899d03edbe954d1e79da14f167aa888918d547
-
SHA512
6cf4ab3fa4222487731d7cc353b96db63129e9138092167abdb577f6cace82f4f7ffb0a992e9d76c30ae5b2a24f4c87a9bdcd767f30c52ee885ea1f5b2d5d258
-
SSDEEP
6144:jam054ohSedp4p1znyG5RUMWjgZCoXJvasgcgN:jjWhCnnFHUs3pashgN
Malware Config
Signatures
-
pid Process 4306 wcqrucdpzh.otstodvvsm.vrbnjqrsrr -
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId wcqrucdpzh.otstodvvsm.vrbnjqrsrr Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText wcqrucdpzh.otstodvvsm.vrbnjqrsrr -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock wcqrucdpzh.otstodvvsm.vrbnjqrsrr -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver wcqrucdpzh.otstodvvsm.vrbnjqrsrr -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule wcqrucdpzh.otstodvvsm.vrbnjqrsrr
Processes
-
wcqrucdpzh.otstodvvsm.vrbnjqrsrr1⤵
- Removes its main activity from the application launcher
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:4306
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16B
MD51f2e5a3c9615f7262c76f8f5c43c9822
SHA108aca827424fe5d020f85f72a5672517d2eddf33
SHA2566dc7ff467524d442e4751401d1112542c1d34adaa80c855a90d06ae36f5b6f43
SHA512c52df1b55e27deeebfe5fd37ca14a73af3da69a0e6cdfbbecabcd2196daef69dfe0833727952aae27604945216e04ccd59b9145500a1b0a85a5b8662fbbb3ad4
-
Filesize
16B
MD5f8b496e8f5fca33ba496ccd068e2d588
SHA10966dc9a57380b426ce0623eccac79e686587996
SHA256875a214c1da4d33af5d58e774caca07967ea95b21d6fd805e0769a3266b5b3b5
SHA5128330164f0af4fb9ba468332dc070d6d7730c2844b7027f682df378c971a626ad33ab17d95fbb76c7d23c1dea28949ad700eb57ab50fe5405f65dc42a3b7ec3c2