312a30b8abbf7caaf0cf3ac312eef5eef78c8a777af2b04db4195700bdb07cd0

Resubmissions

02/09/2024, 12:56 UTC

240902-p6p3yazhql 8

02/09/2024, 11:26 UTC

240902-nj99xsygml 8

02/09/2024, 11:08 UTC

240902-m8vp4azcpe 10

Analysis

max time kernel
146s
max time network
155s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
02/09/2024, 11:08 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LIVE XXX (3).apk
Size

4.8MB
MD5

98931c607b3b6be96fecf4e54fd62b48
SHA1

4a3ec0ba1d74e61be278a4ab7b2e4f1f55e003a8
SHA256

312a30b8abbf7caaf0cf3ac312eef5eef78c8a777af2b04db4195700bdb07cd0
SHA512

4255a282c3500afc891bbfdc7b10599b5fc07c86ae9e0bced92a30de9d60398c75d695cbca35015fbdf9307f7ea003bad0c400c3aca6dc5fd9c76687aa88aba2
SSDEEP

98304:TbJuaNHeoBzzY9UbDh6BDehFEzj154vqT75v2dOIYAhag:TNkoBfgBDehOzx54al2Nz0g

Score

8^/10

collection credential_access evasion execution persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4971	com.tencent.mm

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.tencent.mm/app_mph_dex/apk.crazy-v1.AndroidManifest.xml	4971	com.tencent.mm
/data/user/0/com.tencent.mm/app_mph_dex/apk.crazy-v1.AndroidManifest.xml	4971	com.tencent.mm
/data/user/0/com.tencent.mm/app_mph_dex/apk.crazy-v1.AndroidManifest.xml	5205	com.tencent.mm:remote
/data/user/0/com.tencent.mm/app_mph_dex/apk.crazy-v1.AndroidManifest.xml	5205	com.tencent.mm:remote

Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.tencent.mm

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.tencent.mm

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.tencent.mm

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.tencent.mm
Framework service call	android.app.job.IJobScheduler.schedule	com.tencent.mm:remote

com.tencent.mm
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:4971

com.tencent.mm:remote
1⤵
- Loads dropped Dex/Jar
- Schedules tasks to execute at a specified time
PID:5205

Network

DNS

ssl.google-analytics.com

Remote address:

1.1.1.1:53

Request

ssl.google-analytics.com

IN A

Response

ssl.google-analytics.com

IN A

142.250.200.8
DNS

android.apis.google.com

Remote address:

1.1.1.1:53

Request

android.apis.google.com

IN A

Response

android.apis.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

216.58.204.78

142.250.200.8:443

ssl.google-analytics.com

tls

1.3kB
5.9kB
9
9
142.250.179.238:443

tls, https

857 B
40 B
1
1
216.58.204.78:443

android.apis.google.com

tls

5.0kB
8.5kB
20
22
103.61.224.244:3001

180 B
3
142.250.179.228:443

tls, https

454 B
40 B
2
1
142.250.179.228:443

www.google.com

tls

8.5kB
11.4kB
26
36
103.61.224.244:3001

180 B
3
103.61.224.244:3001

180 B
3
103.61.224.244:3001

180 B
3
103.61.224.244:3001

180 B
3
103.61.224.244:3001

180 B
3
103.61.224.244:3001

180 B
3
142.250.200.34:443

520 B
10
216.58.204.78:443

android.apis.google.com

520 B
10
103.61.224.244:3001

180 B
3
103.61.224.244:3001

180 B
3
103.61.224.244:3001

180 B
3
103.61.224.244:3001

180 B
3
103.61.224.244:3001

180 B
3
103.61.224.244:3001

180 B
3
103.61.224.244:3001

180 B
3
103.61.224.244:3001

180 B
3
103.61.224.244:3001

180 B
3
103.61.224.244:3001

180 B
3
103.61.224.244:3001

180 B
3
103.61.224.244:3001

120 B
2

224.0.0.251:5353

3.7kB
11
1.1.1.1:53

ssl.google-analytics.com

dns

70 B
86 B
1
1

DNS Request

ssl.google-analytics.com

DNS Response

142.250.200.8
1.1.1.1:53

android.apis.google.com

dns

69 B
109 B
1
1

DNS Request

android.apis.google.com

DNS Response

216.58.204.78

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.tencent.mm/app_mph_dex/apk.crazy-v1.AndroidManifest.xml

Filesize
7.9MB

MD5
f8e11d98fbaf38ebd77bc811887a0742

SHA1
1b5aa6aa71e134310021c20c91b4e3584b72090b

SHA256
1e1f2f64622098d3530df5819b7cf87b41b2969583f05e60160884eebd38b9d1

SHA512
8df0ea75f556a1ef70f023f8fa1521921c4f6f67ee1304c2396324727fcf6b847b05010978cf07c846425f027cc2753d24ff760b489416914c53971d2d155445

Download Submit
/data/data/com.tencent.mm/databases/evernote_jobs.db

Filesize
16KB

MD5
72da79d85dfd2e4131b38673b33ff7ad

SHA1
75747861479ec54725ca5dd9526286e94fae4583

SHA256
ee97c4c54a3754d93a8a1eb38a63b26a89adadd3bfdde164ccbdddfcc4c986fa

SHA512
2ec8f6b1a61232ecba7787649444981e8cee064f704e4245e56c87feadaa2b79a1c4383c013592acc2f030f9f6603508fb16155a56ae56ebed5069002d84fe75

Download Submit
/data/data/com.tencent.mm/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
28dfecde2d04dec315b2f2aee2846382

SHA1
607984ec937518699ca6172d6c9fa91dfcf38aff

SHA256
a4d8cde891d9a30c9a2b52a7e3ac158f75a81ce7c3956a681fc28e9c6258c5c4

SHA512
7816fe84ae5019222018c62d968be3d4ab2b5791ed8ccac914c26be89155e726aa736cbd76aba18311ae499c8fe96f5c174b4de99f464d077697e6dab0b00558

Download Submit
/data/data/com.tencent.mm/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
071f6f03ff5058b5506fbbf3dc1b6137

SHA1
b1a7721e83bfebb5cfa5da6c69ab6b1b93f4daaf

SHA256
1e354d1a38a93c2fdca3b91772f6a7050b847901de0eae09f1dc117b60640673

SHA512
bd135bcd75c5ceab74a38da2b6bdc5b00d2857c28ffe1cf68a76b12beb6034119cda721ba837339be90957afb74afd240cd3afd78f3fb08c4bb1a4edf2517714

Download Submit
/data/data/com.tencent.mm/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
ecd65f702bb99c73a7b0f71cc2055786

SHA1
670fc82922f213d1f72075accee6c3c52cb8ccdc

SHA256
6e4782e1efb26ebe115e02f3b9bbabe8a0087b9e059d2f40fd5262f0931529a0

SHA512
f9c096aad56abb6dcd0e5f261a04fec772c3c810c81b568a0bc120e39ac56fe92eacab3f8776e75faff196c2b84d265aa800749119ba0b2b234c8efa1e02e9c9

Download Submit
/data/data/com.tencent.mm/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
ff5342a742607a5a02d6625d8f3c0f2d

SHA1
9eb3f8baaa00cf13a47100e761be803cc99e4a56

SHA256
3b2f5fdc702b84027e8689ca5b2df7073595943e9dcd26646e813aab95fc4488

SHA512
58c935bea6b6563afe5ef1e1cec3d976d1b79a95ab244676affdfe7a9f731764535ca01041b3e76653b84622f061f2f4f0d24665a27f80deac14389ade5ec7c8

Download Submit
/data/data/com.tencent.mm/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
9002917b50d10695cc37abcda6730aae

SHA1
2eeaa806b0374ac09e3cc0ebb9a8dc67048fdbff

SHA256
dd0ad396e526efb3f909f0ede2954ac65e7931fea49165aff52a7b52ec7ff4ee

SHA512
de8365739ba5ff30a797e4c0c09ff2e88891726a6d7316594b2f4f2904e885c5ae0fe3ca342eae49f3020a096d5f5b0f96bd65cfca08bdb14e93b11c5289ffa9

Download Submit
/data/data/com.tencent.mm/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
267ee2cc19370e73cad5bb3f7d4cdf5d

SHA1
2423b09c912807b599bde070491d7571fde5c527

SHA256
dee6cac9fba624ae4a804e91b215deb9b11fe03c8d1a4606aab6d51f58d6bc06

SHA512
de24cff1c8b68520eab38e2d271db4e5f82fc8316e785cf9faee34a0bb9bde73381b6d4cc2f149435167529e3aa0e63cffbc77c79747f0e635e77551e4da9c58

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-09-02.txt

Filesize
33B

MD5
365f074d64faad2f0f0c7784608e5b57

SHA1
2105b80d01621cbd370bec93f73709a7b67d565b

SHA256
0c4662ed55fc03738e7903864ed0249c921b8f2d858531577eebd53501237cc4

SHA512
d29b5c16d10a78b386ba1f4882f7e80bc6d41887671abe6a36c746b015ea280d4a26f3d2af323b4ad755c256e5851a5b95d0bda8882c6c0a2c125bc748fab47a

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-09-02.txt

Filesize
268B

MD5
dfea9c131e76b130311ea97228c2c918

SHA1
926a50f0299bdc8c2db6564a09fadc7029155807

SHA256
f57087208462b67d9529d0a58ac44b1a23f30b18e6e40cafce4395f209330229

SHA512
ce9a770e40843b6800e6f9daba07a346cd6e4a1bd8fd15cd226d9eaaa76f63e924d272efcbe89fbafa67e0918f0a14dfea8aa627ff9b0c779ea5e0a81233ab2d

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-09-02.txt

Filesize
45B

MD5
0fd0027e48564400b030e49702411fcc

SHA1
5fdbd6adda1197ec3be92a404f363a85b5c15792

SHA256
943c9c7f5ce0e54b488c9ae2728f082076dc9e139b1aab4c1dc7705d3cc3175e

SHA512
2705ade851abf46df9cbf0601904efe44d3330c2591f4c2572b3a64f09c5bc447bf2bd40033227d7aa23eb8eb99b99c9e209108396c6e442798bf3dc1122cdfe

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-09-02.txt

Filesize
57B

MD5
a9ec0c42a43c72d73c499e5c17ccbb8b

SHA1
731652fbfe61eac3fdb4b9d3e2eaa010848a0906

SHA256
6c5309ce3f31c9af3288b0de3305b7f5ddee97be60ca4ac1184f3c334480c05b

SHA512
5f8ed24a51f68cfa0627aceb9190d3a7febaee61bd5a89898ab113ddaa7ce2a41f129a28c4e200d5e5e4ddff7a483abc0393dc38e870782caf1c46d2ec0df2e3

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.