Resubmissions
02-09-2024 12:56
240902-p6p3yazhql 802-09-2024 11:26
240902-nj99xsygml 802-09-2024 11:08
240902-m8vp4azcpe 10Analysis
-
max time kernel
146s -
max time network
157s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
-
submitted
02-09-2024 11:26
General
-
Target
LIVE XXX (3).apk
-
Size
4.8MB
-
MD5
98931c607b3b6be96fecf4e54fd62b48
-
SHA1
4a3ec0ba1d74e61be278a4ab7b2e4f1f55e003a8
-
SHA256
312a30b8abbf7caaf0cf3ac312eef5eef78c8a777af2b04db4195700bdb07cd0
-
SHA512
4255a282c3500afc891bbfdc7b10599b5fc07c86ae9e0bced92a30de9d60398c75d695cbca35015fbdf9307f7ea003bad0c400c3aca6dc5fd9c76687aa88aba2
-
SSDEEP
98304:TbJuaNHeoBzzY9UbDh6BDehFEzj154vqT75v2dOIYAhag:TNkoBfgBDehOzx54al2Nz0g
Malware Config
Signatures
-
Removes its main activity from the application launcher 1 TTPs 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 4 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Acquires the wake lock 1 IoCs
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 2 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes
-
com.tencent.mm1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Schedules tasks to execute at a specified time
-
com.tencent.mm:remote1⤵
- Loads dropped Dex/Jar
- Schedules tasks to execute at a specified time
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
7.9MB
MD5f8e11d98fbaf38ebd77bc811887a0742
SHA11b5aa6aa71e134310021c20c91b4e3584b72090b
SHA2561e1f2f64622098d3530df5819b7cf87b41b2969583f05e60160884eebd38b9d1
SHA5128df0ea75f556a1ef70f023f8fa1521921c4f6f67ee1304c2396324727fcf6b847b05010978cf07c846425f027cc2753d24ff760b489416914c53971d2d155445
-
Filesize
16KB
MD55478a8d2d2d871096a76b7b7ce96a805
SHA108543abdd1e773936868a24adc2f7f11d3d64d39
SHA25615fdffc3e57ed259a57cd896a136180ca68f1a7eea884f8ca300dad459ccfc1b
SHA512607e03419a83b7c24236ccf0e3453a8120a40e04abc5870ebac6ad69ff1975f79e694c8eb7ae80675ddbeb91024133333249ae391da862f83f885f5b63490714
-
Filesize
8KB
MD5275175960a9558d100372ab83392a8dd
SHA1b2cae39d7bce7681e3b6c3fb0d5f516d423da4ee
SHA2563b8bfb459b5ee1c040886eac513a8f46fb853244954e7212ac0b39039a9e6a25
SHA512a9566dc1b2cffabdb2d20d988ebcd5cb85a7be2f736ccdcf7b687b2b9dad21ead3bdad59a0fa45c7590f75a6e1fb90c6bd6258d337a32c77ffd3c68aaa263d10
-
Filesize
8KB
MD5ed59884e813d9b4fd94c10686d853731
SHA194ab9bba9f7b5a7cee1cd0c55cbc3c1beea73a74
SHA256b7c4c8978abc893b0914c4c448e70c82ecb7361c4f5b2b6aed37294b258ac13b
SHA5127519ac2799e1078c72bf460cb0fba9f7a8f88f837e518947fe9c52ef8658e5a360383ee57d36edd7d918abdd7c213b93e4203002c3a22276732f60b29085ad48
-
Filesize
8KB
MD5890799876dc1ffa3ae3c5f6f294141b9
SHA13ef6f21864c67256ea04eb7f37e6c4e88d3f3983
SHA2562bd860ec5dc386e6a8259caed1313509d8aea447d1bec820184a2c0fd171fcd1
SHA51240eaceeadcbd19314a853e57e21ab302cb7796dd34d6785299ba17052f5579e47beaa9eb40137d7b1863c1f4ba8e209311e7135af5763cdd1af1aeff20d37f9c
-
Filesize
8KB
MD5a7f5927471fc54661eb6c4a3c9d3dd13
SHA1a600b69860f28273e24c1396ccb0b9ec70b0ad22
SHA256ee6dad2cb7144fd9070044c8eacd11716efd623d02321488501d45aff0e9702e
SHA5125d6c98fdd04b5a3a3121262cd9e06ca75445b430506787097d88784bde32669bfbc8c637dadb3e39490d5fa1961b07f78767b69d8102722ac2ccb804f4dc0dd8
-
Filesize
8KB
MD5a4cc2e9a7ac1fe6eae105ec1ce83974c
SHA1c67caf6ee50a27597635e34dd70903396665efab
SHA2568076d8bd7ba51cfd40b41e1c71e84704dae29e106fcd96dc5e9b9ce429d14ec7
SHA512e3f3a28359e5fd02b10b7ee82785b8f7ce694fe80ed916d501012bc694454c411d971e1b89ec8c6cf1f6b2b1074339fed51e6a9019ee8fe8fafbc65ae40ac419
-
Filesize
8KB
MD561db980deca5bc82562672b5d7e367b6
SHA1f3da5ab156a55c413f7456b59285f82178537113
SHA25605ae87b3b19ac28e2e9ccab39890d44f6e77b2bfc390d4a165516f06c324db18
SHA512ee2bd3cb2c979097e94968996e2442368c0147d6c88c6ea438a1dfc38fc07c689acb77ae03eb45be69d659f16648b8c086e787abbe3d8efe0fb82bb3b789800d
-
Filesize
33B
MD5365f074d64faad2f0f0c7784608e5b57
SHA12105b80d01621cbd370bec93f73709a7b67d565b
SHA2560c4662ed55fc03738e7903864ed0249c921b8f2d858531577eebd53501237cc4
SHA512d29b5c16d10a78b386ba1f4882f7e80bc6d41887671abe6a36c746b015ea280d4a26f3d2af323b4ad755c256e5851a5b95d0bda8882c6c0a2c125bc748fab47a
-
Filesize
57B
MD5a9ec0c42a43c72d73c499e5c17ccbb8b
SHA1731652fbfe61eac3fdb4b9d3e2eaa010848a0906
SHA2566c5309ce3f31c9af3288b0de3305b7f5ddee97be60ca4ac1184f3c334480c05b
SHA5125f8ed24a51f68cfa0627aceb9190d3a7febaee61bd5a89898ab113ddaa7ce2a41f129a28c4e200d5e5e4ddff7a483abc0393dc38e870782caf1c46d2ec0df2e3
-
Filesize
268B
MD5dfea9c131e76b130311ea97228c2c918
SHA1926a50f0299bdc8c2db6564a09fadc7029155807
SHA256f57087208462b67d9529d0a58ac44b1a23f30b18e6e40cafce4395f209330229
SHA512ce9a770e40843b6800e6f9daba07a346cd6e4a1bd8fd15cd226d9eaaa76f63e924d272efcbe89fbafa67e0918f0a14dfea8aa627ff9b0c779ea5e0a81233ab2d
-
Filesize
45B
MD50fd0027e48564400b030e49702411fcc
SHA15fdbd6adda1197ec3be92a404f363a85b5c15792
SHA256943c9c7f5ce0e54b488c9ae2728f082076dc9e139b1aab4c1dc7705d3cc3175e
SHA5122705ade851abf46df9cbf0601904efe44d3330c2591f4c2572b3a64f09c5bc447bf2bd40033227d7aa23eb8eb99b99c9e209108396c6e442798bf3dc1122cdfe