312a30b8abbf7caaf0cf3ac312eef5eef78c8a777af2b04db4195700bdb07cd0

Resubmissions

02-09-2024 12:56

240902-p6p3yazhql 8

02-09-2024 11:26

240902-nj99xsygml 8

02-09-2024 11:08

240902-m8vp4azcpe 10

Analysis

max time kernel
147s
max time network
157s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
02-09-2024 11:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LIVE XXX (3).apk
Size

4.8MB
MD5

98931c607b3b6be96fecf4e54fd62b48
SHA1

4a3ec0ba1d74e61be278a4ab7b2e4f1f55e003a8
SHA256

312a30b8abbf7caaf0cf3ac312eef5eef78c8a777af2b04db4195700bdb07cd0
SHA512

4255a282c3500afc891bbfdc7b10599b5fc07c86ae9e0bced92a30de9d60398c75d695cbca35015fbdf9307f7ea003bad0c400c3aca6dc5fd9c76687aa88aba2
SSDEEP

98304:TbJuaNHeoBzzY9UbDh6BDehFEzj154vqT75v2dOIYAhag:TNkoBfgBDehOzx54al2Nz0g

Score

8^/10

collection credential_access evasion execution persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4601	com.tencent.mm

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.tencent.mm/app_mph_dex/apk.crazy-v1.AndroidManifest.xml	4601	com.tencent.mm
/data/user/0/com.tencent.mm/app_mph_dex/apk.crazy-v1.AndroidManifest.xml	4601	com.tencent.mm
/data/user/0/com.tencent.mm/app_mph_dex/apk.crazy-v1.AndroidManifest.xml	4856	com.tencent.mm:remote
/data/user/0/com.tencent.mm/app_mph_dex/apk.crazy-v1.AndroidManifest.xml	4856	com.tencent.mm:remote

Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.tencent.mm

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.tencent.mm

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.tencent.mm

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.tencent.mm
Framework service call	android.app.job.IJobScheduler.schedule	com.tencent.mm:remote

com.tencent.mm
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Schedules tasks to execute at a specified time
PID:4601

com.tencent.mm:remote
1⤵
- Loads dropped Dex/Jar
- Schedules tasks to execute at a specified time
PID:4856

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

User Evasion

T1628.002

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.tencent.mm/app_mph_dex/apk.crazy-v1.AndroidManifest.xml

Filesize
7.9MB

MD5
f8e11d98fbaf38ebd77bc811887a0742

SHA1
1b5aa6aa71e134310021c20c91b4e3584b72090b

SHA256
1e1f2f64622098d3530df5819b7cf87b41b2969583f05e60160884eebd38b9d1

SHA512
8df0ea75f556a1ef70f023f8fa1521921c4f6f67ee1304c2396324727fcf6b847b05010978cf07c846425f027cc2753d24ff760b489416914c53971d2d155445

Download Submit
/data/user/0/com.tencent.mm/databases/evernote_jobs.db

Filesize
16KB

MD5
5ee984d3ef5c653e7021674bcc03837c

SHA1
b2a8760153b262e5d51e105ca0d738e9d2e95dd8

SHA256
d02a910c35f349f0ae4fe14a4fdd199c89ee40c94e405d3660ea0919be5b85c0

SHA512
3fc77f83946d10329b40c3025317a932bacc50b41be974a11eb86a1214879d0264d0e2b3fb67f03ea457aee14be5077384b4306d6578162317fa3b67a27028bc

Download Submit
/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
8928ec1f866fc6087f9bf19b204a3814

SHA1
a5380085fac6990cc736f9e3641f34b60f32e6fb

SHA256
3b28dde647c4c00ccc2be56b1b5b177b6750bd6ac977fced729bd12cfa608881

SHA512
46ca235a61ed3618f20fe20ff1c47abdbafe8dcd8c93f8b68833ecf0abd0ee655f0749d9f4e4df70a9bb5e8eb319f28a489c5486f8dc3bb248283e730bd79cae

Download Submit
/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
757693256dab8f3cf41071f52c7066c6

SHA1
1cd80bb7a6ac8752b127f4b700799384cf59177d

SHA256
8623613a08b5104d5191a178c8c82388125382d47e4af4e69569810ac7aa856b

SHA512
2e351df61397ac8d30e2eae09d36388941606122fb21ff59afa3800f556c17649fb6b7295f0723ba728b8c118f5031733b01461021cf3c6ea087c082c1e3cee3

Download Submit
/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
c41f5f9187cddbc0a86c12e32619c6df

SHA1
285f852ab542881953d1edbf65aa50bcf382ab52

SHA256
59f5514f636bfe9770b1dba33dd82fb90d5cb0e468f16f752f704607caa443f9

SHA512
33ff2756cdf9b0aecf30787cddb9008f71beb66aadd855c615cf1ed2c127ceaace0a22284800a39e22d71d2efcc45adb4b77f135ff3d9dc342e463bbd6a86c2f

Download Submit
/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
5f543731115df500be99397175191132

SHA1
2c9fc0bcbdce5ce8213da169a903692626e46392

SHA256
eb246678ff378ba33bf8058a926c64e07f3b7f64d333c0e181ca6072cae1e8ed

SHA512
11ce3fd91ca5709a719cbe371345b7fba51d0465e9c430bcd7e2bb66c23ace85498a2b7f000dfa4f1e6e4d8f77e78adf45c0666009bca3dd36b7018de297e3c3

Download Submit
/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
3c3574746fb562024e88d6a2ae008170

SHA1
9b17d339ed6fa0072bfba8f362792e5279e08226

SHA256
a4b2e53dcf33cd8fd5adb1c1d8798c1764122be7e4af8ce60e06ceaa69d1746b

SHA512
65f71414f2553017ed3a4d16eb6819b17bfdd372807624be81eb1067902ee717d7874d60a16c4d3681d0a557f7f02eb3e839f84d2f89bb41995af2613c69aba3

Download Submit
/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
37c29cf22b15931e05abbf09288fe063

SHA1
39c18c9616d9409c10951b1adfe56aae0daff6b0

SHA256
d57e1eafe6dffcb805542fa8b60286e60627b127e52f2ca60c60cb5a32260963

SHA512
62b66a68e06262c620d7d2341fd8b10444588385100273cc0f7d5636a31c9152e21ae103e9f1fe421633acda8564e6473d9510e4f209c1e145aa6cf14ce8d7c9

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-09-02.txt

Filesize
57B

MD5
a9ec0c42a43c72d73c499e5c17ccbb8b

SHA1
731652fbfe61eac3fdb4b9d3e2eaa010848a0906

SHA256
6c5309ce3f31c9af3288b0de3305b7f5ddee97be60ca4ac1184f3c334480c05b

SHA512
5f8ed24a51f68cfa0627aceb9190d3a7febaee61bd5a89898ab113ddaa7ce2a41f129a28c4e200d5e5e4ddff7a483abc0393dc38e870782caf1c46d2ec0df2e3

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-09-02.txt

Filesize
268B

MD5
dfea9c131e76b130311ea97228c2c918

SHA1
926a50f0299bdc8c2db6564a09fadc7029155807

SHA256
f57087208462b67d9529d0a58ac44b1a23f30b18e6e40cafce4395f209330229

SHA512
ce9a770e40843b6800e6f9daba07a346cd6e4a1bd8fd15cd226d9eaaa76f63e924d272efcbe89fbafa67e0918f0a14dfea8aa627ff9b0c779ea5e0a81233ab2d

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-09-02.txt

Filesize
45B

MD5
0fd0027e48564400b030e49702411fcc

SHA1
5fdbd6adda1197ec3be92a404f363a85b5c15792

SHA256
943c9c7f5ce0e54b488c9ae2728f082076dc9e139b1aab4c1dc7705d3cc3175e

SHA512
2705ade851abf46df9cbf0601904efe44d3330c2591f4c2572b3a64f09c5bc447bf2bd40033227d7aa23eb8eb99b99c9e209108396c6e442798bf3dc1122cdfe

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-09-02.txt

Filesize
33B

MD5
365f074d64faad2f0f0c7784608e5b57

SHA1
2105b80d01621cbd370bec93f73709a7b67d565b

SHA256
0c4662ed55fc03738e7903864ed0249c921b8f2d858531577eebd53501237cc4

SHA512
d29b5c16d10a78b386ba1f4882f7e80bc6d41887671abe6a36c746b015ea280d4a26f3d2af323b4ad755c256e5851a5b95d0bda8882c6c0a2c125bc748fab47a

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads