312a30b8abbf7caaf0cf3ac312eef5eef78c8a777af2b04db4195700bdb07cd0

Resubmissions

02/09/2024, 12:56

240902-p6p3yazhql 8

02/09/2024, 11:26

240902-nj99xsygml 8

02/09/2024, 11:08

240902-m8vp4azcpe 10

Analysis

max time kernel
146s
max time network
156s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
02/09/2024, 11:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LIVE XXX (3).apk
Size

4.8MB
MD5

98931c607b3b6be96fecf4e54fd62b48
SHA1

4a3ec0ba1d74e61be278a4ab7b2e4f1f55e003a8
SHA256

312a30b8abbf7caaf0cf3ac312eef5eef78c8a777af2b04db4195700bdb07cd0
SHA512

4255a282c3500afc891bbfdc7b10599b5fc07c86ae9e0bced92a30de9d60398c75d695cbca35015fbdf9307f7ea003bad0c400c3aca6dc5fd9c76687aa88aba2
SSDEEP

98304:TbJuaNHeoBzzY9UbDh6BDehFEzj154vqT75v2dOIYAhag:TNkoBfgBDehOzx54al2Nz0g

Score

8^/10

collection credential_access evasion execution persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
5056	com.tencent.mm

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.tencent.mm/app_mph_dex/apk.crazy-v1.AndroidManifest.xml	5056	com.tencent.mm
/data/user/0/com.tencent.mm/app_mph_dex/apk.crazy-v1.AndroidManifest.xml	5056	com.tencent.mm
/data/user/0/com.tencent.mm/app_mph_dex/apk.crazy-v1.AndroidManifest.xml	5299	com.tencent.mm:remote
/data/user/0/com.tencent.mm/app_mph_dex/apk.crazy-v1.AndroidManifest.xml	5299	com.tencent.mm:remote

Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.tencent.mm

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.tencent.mm

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.tencent.mm

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.tencent.mm
Framework service call	android.app.job.IJobScheduler.schedule	com.tencent.mm:remote

com.tencent.mm
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:5056

com.tencent.mm:remote
1⤵
- Loads dropped Dex/Jar
- Schedules tasks to execute at a specified time
PID:5299

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.tencent.mm/app_mph_dex/apk.crazy-v1.AndroidManifest.xml

Filesize
7.9MB

MD5
f8e11d98fbaf38ebd77bc811887a0742

SHA1
1b5aa6aa71e134310021c20c91b4e3584b72090b

SHA256
1e1f2f64622098d3530df5819b7cf87b41b2969583f05e60160884eebd38b9d1

SHA512
8df0ea75f556a1ef70f023f8fa1521921c4f6f67ee1304c2396324727fcf6b847b05010978cf07c846425f027cc2753d24ff760b489416914c53971d2d155445

Download Submit
/data/data/com.tencent.mm/databases/evernote_jobs.db

Filesize
16KB

MD5
420e714575c3de3fc8737af31aac566d

SHA1
4f7ce56cb6c49b38bda1849c77c518990d5a3dfb

SHA256
82763910f75c10b05b3fcfc807afcec775c1737c108cc83143c74a63e299622e

SHA512
63794c021e988085f050c1fda539e7c56b473ca01a15a8cbf3d08f8b5fc7a82bd83e22f5e027791ca1bba9b206cf69406a2c931c9867a04ae354a121267467b8

Download Submit
/data/data/com.tencent.mm/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
c320cffd1828d5b0a6b18fe8a307a936

SHA1
86b1e578dad5880d1cac87e008f40af12a8d5117

SHA256
bb37d09a4b68fb4f61f25a2e732941ad377307c9cf0223f4beb9b454923583ff

SHA512
bb8167f5c64a938914274b9c17a8ddfa998fcdcbcbcd6c25f1604659dbe53874c4617e345962ce77f4a24b2c1b72fb9426492ac71d8a737aa3e495427adc1729

Download Submit
/data/data/com.tencent.mm/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
64a585f4bd0259a48d89861c8f4c0659

SHA1
3a1253eb1ae6b8b3d93a54b34174247399f00b4d

SHA256
c741989c6a2fc0e953c43fe4343e0ddc82ff7e89970728eba6d85a545d61e459

SHA512
13eb39f8e4482b30f25daebb07b631ba94d11271039171679af999ee0e9f60c150d48d809fd75edd70dea06f578932379c6716f941c1d110f96122f91c67b48b

Download Submit
/data/data/com.tencent.mm/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
c2d56e7e1dd8d4922447b72164cf4f17

SHA1
347f2fd160f199016fabd5ebbfecc00ce1684219

SHA256
aacb87c3d86fb440a6605ed2d31b0e2b8e023f96f36c1542b072b2fc813c8956

SHA512
7723318d70f6773bb47e6381a75eb69a67dc52ba5fa68655ce56edfde4192cb94e75fca29200fd25efe100cb292623c90345a4209f4420f43294a0967ae5fe1a

Download Submit
/data/data/com.tencent.mm/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
cc00a795f34ec9200f84689d06db14c4

SHA1
76e577521385c6734c90bfb6ca328ff730c594cc

SHA256
033e1de4f14be8ec83beea3e5a654d64ff6e551561a93e8eaec13d7acc479579

SHA512
cb7586ed8256bb4138a2e55d8f61cf7ae63daa683e5a8054deeeccea0f3596b2e99345a5fab2eb729a0e66d7df81dcd71dd9ec6b6f28a587f104ffb69c250c9e

Download Submit
/data/data/com.tencent.mm/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
45ceb91e88e406e949fd6a83286ef2a6

SHA1
b28fae7dc90444f4593ff3b65a354e82454e74f4

SHA256
c219b0297097b84887bb707c0208ba7eb2223cb018b4b4cfc18a792771e0fd7f

SHA512
e901b2302367189dd6cd5732ad2f542808e3ed720a7f4ba7adff96fb2826c0bd7b7fe5fed6272832f16b9b741198b736ad800254346ad41b4fa4df8b3897a9d7

Download Submit
/data/data/com.tencent.mm/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
ac4838a3854b3af5e95fe1c4d94d6f4e

SHA1
f6ccc25cfd0ad8b490ad1dd3c5b9ad4f8b8afd1b

SHA256
ba8f8973bf0160a81857cba5fbe6da85aee9dff3ab7b630ab1063880966571de

SHA512
447be003d698bebcb12bcdbb626036d45b889511c7d84d19c353e78fefff2a8742cf4ab756cb50cbbf24c602c9251a33f0359e0a4e0d0a0a731f43c331a0bc89

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-09-02.txt

Filesize
33B

MD5
365f074d64faad2f0f0c7784608e5b57

SHA1
2105b80d01621cbd370bec93f73709a7b67d565b

SHA256
0c4662ed55fc03738e7903864ed0249c921b8f2d858531577eebd53501237cc4

SHA512
d29b5c16d10a78b386ba1f4882f7e80bc6d41887671abe6a36c746b015ea280d4a26f3d2af323b4ad755c256e5851a5b95d0bda8882c6c0a2c125bc748fab47a

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-09-02.txt

Filesize
268B

MD5
4b2c9430eac7b74cece26b748ec7adfc

SHA1
9f079d5b98b14510b684478934d6224cdbc5187a

SHA256
75db9b69dabdcc4389b74367f8716551781c5942d08ac6668955e4b4c41fcef8

SHA512
e32249748919bfa7acb2d3b2f726caa8cdc8d2ce44ea8ce5ba37b2bfb1cc1101559f80d81eafc380d6b4113298b135758af161a884d6a04bd7782d2a891df3c3

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-09-02.txt

Filesize
45B

MD5
0fd0027e48564400b030e49702411fcc

SHA1
5fdbd6adda1197ec3be92a404f363a85b5c15792

SHA256
943c9c7f5ce0e54b488c9ae2728f082076dc9e139b1aab4c1dc7705d3cc3175e

SHA512
2705ade851abf46df9cbf0601904efe44d3330c2591f4c2572b3a64f09c5bc447bf2bd40033227d7aa23eb8eb99b99c9e209108396c6e442798bf3dc1122cdfe

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-09-02.txt

Filesize
57B

MD5
a9ec0c42a43c72d73c499e5c17ccbb8b

SHA1
731652fbfe61eac3fdb4b9d3e2eaa010848a0906

SHA256
6c5309ce3f31c9af3288b0de3305b7f5ddee97be60ca4ac1184f3c334480c05b

SHA512
5f8ed24a51f68cfa0627aceb9190d3a7febaee61bd5a89898ab113ddaa7ce2a41f129a28c4e200d5e5e4ddff7a483abc0393dc38e870782caf1c46d2ec0df2e3

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads