Analysis

  • max time kernel
    27s
  • max time network
    33s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    24-08-2024 10:20

General

  • Target

    c18c5ca32b80d4b595500853e1899d03edbe954d1e79da14f167aa888918d547.apk

  • Size

    312KB

  • MD5

    1285e688bb834e348023425ab4bbbfa5

  • SHA1

    605526f8ee8bb7150dbd2a4b90ab9ab5edabd7da

  • SHA256

    c18c5ca32b80d4b595500853e1899d03edbe954d1e79da14f167aa888918d547

  • SHA512

    6cf4ab3fa4222487731d7cc353b96db63129e9138092167abdb577f6cace82f4f7ffb0a992e9d76c30ae5b2a24f4c87a9bdcd767f30c52ee885ea1f5b2d5d258

  • SSDEEP

    6144:jam054ohSedp4p1znyG5RUMWjgZCoXJvasgcgN:jjWhCnnFHUs3pashgN

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Acquires the wake lock 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

Processes

  • wcqrucdpzh.otstodvvsm.vrbnjqrsrr
    1⤵
    • Removes its main activity from the application launcher
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:4306

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/Android/data/.nomedia.Lucy

    Filesize

    16B

    MD5

    1f2e5a3c9615f7262c76f8f5c43c9822

    SHA1

    08aca827424fe5d020f85f72a5672517d2eddf33

    SHA256

    6dc7ff467524d442e4751401d1112542c1d34adaa80c855a90d06ae36f5b6f43

    SHA512

    c52df1b55e27deeebfe5fd37ca14a73af3da69a0e6cdfbbecabcd2196daef69dfe0833727952aae27604945216e04ccd59b9145500a1b0a85a5b8662fbbb3ad4

  • /storage/emulated/0/Android/data/.nomedia.Lucy

    Filesize

    16B

    MD5

    f8b496e8f5fca33ba496ccd068e2d588

    SHA1

    0966dc9a57380b426ce0623eccac79e686587996

    SHA256

    875a214c1da4d33af5d58e774caca07967ea95b21d6fd805e0769a3266b5b3b5

    SHA512

    8330164f0af4fb9ba468332dc070d6d7730c2844b7027f682df378c971a626ad33ab17d95fbb76c7d23c1dea28949ad700eb57ab50fe5405f65dc42a3b7ec3c2