Overview

overview

10

Static

static

10

29aabdb820...d4.apk

android-9-x86

8

29aabdb820...d4.apk

android-10-x64

8

29aabdb820...d4.apk

android-11-x64

8

Analysis

  • max time kernel
    21s
  • max time network
    152s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    11-09-2024 22:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    29aabdb820d6e27e4846beaad3c286879b63ca0a91564ae79467db6c851235d4.apk

  • Size

    4.5MB

  • MD5

    f646f4b5e63f9944ca817d6c15834558

  • SHA1

    acd3f7ebee76b2ca6d1d3e6a397d4190b991b0f1

  • SHA256

    29aabdb820d6e27e4846beaad3c286879b63ca0a91564ae79467db6c851235d4

  • SHA512

    886a32e32d08b3948195a25d4f7fbb0bf9fbb198642d1c4fabd1605f4093ccaa7d2dd6e7cfbb3237f129a0d79a4b9ee01456e7e0ae4f9e1ae426622d397a1d2b

  • SSDEEP

    98304:9tnXfW195xR8AhC+0Jjx495S/NtUsurvOuLlhBWHfrbzjD:bX+hPGxICnUZrveD

Score
8/10
bankercollectioncredential_accessdiscoveryevasionpersistencestealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
    collection
  • Reads the content of the calendar entry data. 1 TTPs 1 IoCs
    collection
  • Reads the content of the call log. 1 TTPs 1 IoCs
    collection
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence

Processes

  • com.tencent.mm
    1⤵
    • Removes its main activity from the application launcher
    • Makes use of the framework's Accessibility service
    • Queries account information for other applications stored on the device
    • Reads the contacts stored on the device.
    • Reads the content of the calendar entry data.
    • Reads the content of the call log.
    • Requests cell location
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4222

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Execution Guardrails

1
T1627

Geofencing

1
T1627.001

Foreground Persistence

1
T1541

Hide Artifacts

3
T1628

Suppress Application Icon

1
T1628.001

User Evasion

2
T1628.002

Input Injection

1
T1516

Credential Access

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Location Tracking

1
T1430

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Network Configuration Discovery

1
T1422

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Location Tracking

1
T1430

Protected User Data

3
T1636

Calendar Entries

1
T1636.001

Call Log

1
T1636.002

Contact List

1
T1636.003

Screen Capture

1
T1513

Stored Application Data

1
T1409

Command and Control

Exfiltration

Impact

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tencent.mm/databases/Dname-journal
    Filesize

    512B

    MD5

    bb17ed1266d93309cd10777ab1d4bafc

    SHA1

    8a1ec060ed4a2e78c581ff04874bcfb91a153d49

    SHA256

    f4b8bd54d3e92fba3d513c41b48420c444e961ec0d6f0f280f060f18cdf3309b

    SHA512

    b4b5a9b8b4cdaa6401f7a5a16d2a9be5c43883c5b848f4e2b413f4286b12b59c295fdea14c5dd902e11f41c8fef5473f3f7657b10ecfedc418b705046ca9a9db

    Download Submit

  • /data/data/com.tencent.mm/databases/Dname-wal
    Filesize

    60KB

    MD5

    10c3fef53d0742839a133351549f676f

    SHA1

    9e511d15207f064b05a2744cf4d370d6eb2df6c2

    SHA256

    be4aec0e5f603aae3ea41bd95483f4556134b12e6fee7ce44352f82e1c43cf7a

    SHA512

    c22836baa49ca6647a3f0d774f4f888455f1e9c7c404e80397ede5b8cbb1c776d3fde3965a8663ae0c7ace2ba3759fe4a23c01c164ec3d96896a31ff71bca8b0

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    512B

    MD5

    0aeb6134b8d624ce1733553fa3c58e51

    SHA1

    31f1c9caa2966d335829feb689d528bf918b7610

    SHA256

    5e67631649d8471e50d4bd24b1f17b23aa0828f3eeba8aa0c88ebf2f05cea387

    SHA512

    3eae7e8afe559948a49f66737f0c6bc518035bd2b9dca3d580d87858b632a900d59ebd913ee009be1fdcfcdd882a29bd5b3115c17a282bc64364b95cc09dc5c9

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-wal
    Filesize

    36KB

    MD5

    121ad6198e3fcae72cc52ddf69d7cc9e

    SHA1

    2f7f89279922281d0ee884eca05d717acb28e3da

    SHA256

    16d018995e5ab3cfec1185981a157f99734617df9bca5dac762c831a8f197f5a

    SHA512

    2befa673ee277909bd47ecda43d7a075eb3cf38c7e141050c339c7286435e271467d484aa899defe1b5749ca0ae5ccce5d04b9796e70743807d90f3326b841a8

    Download Submit

  • /data/data/com.tencent.mm/files/CallLogs.txt
    Filesize

    3B

    MD5

    58e0494c51d30eb3494f7c9198986bb9

    SHA1

    cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d

    SHA256

    37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570

    SHA512

    b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

    Download Submit

  • /data/data/com.tencent.mm/files/GP.txt
    Filesize

    116B

    MD5

    bf17a1879e0a324e23cdb0b3cd6e982e

    SHA1

    8db12cd2b1f2e6e18fe512492d62cf6158718f98

    SHA256

    c476dcf8d8b35326d3f1f71eb62eeac38e0c290ac8af5cfbb481570af1d6717b

    SHA512

    0cec8a01cc1e72f3e802535cc6277c026ef2601d6339a33ca9660a6c8a9f4e22e6c39d815a572365afae427d0857f4bfcd5a448558b709eb736d0bdb802314ec

    Download Submit

  • /data/data/com.tencent.mm/files/GP.txt
    Filesize

    126B

    MD5

    f8944dec2059ff785efb2d9afe2c93b4

    SHA1

    257cc72849a8469cb95449a3e02015cd52a4d614

    SHA256

    aa82aa11815223441dd0fc243a9a4bf8bf3991d2d8a2da1366f7d5fd8e9bfd9a

    SHA512

    c04721b87730bd4e4f52502339274937bea66d57565c7af2ac536275bae7972ee75319b45cd60c032fa326ff81eca3c38d7cae098c2262fb20aaf9cfacaf7022

    Download Submit

  • /data/data/com.tencent.mm/files/Tree.txt
    Filesize

    282B

    MD5

    882cbdf5cd0f3c294b85838775661f3d

    SHA1

    dc546f79af09947bc886c4c05ff5ebe84fd85f84

    SHA256

    173eb83a98b0f3bd2ed7e2a11e7ab9d8617eb301641c0c799d50f5d5dc995a10

    SHA512

    5df88939ec325251697cd8ab12010347b28e77076e674cd57326610ec8d1c5a884089680d7b1867874651210157b123c13ad5f33365bd4683249119cad017cd2

    Download Submit

  • /data/data/com.tencent.mm/files/accounts.txt
    Filesize

    2B

    MD5

    d751713988987e9331980363e24189ce

    SHA1

    97d170e1550eee4afc0af065b78cda302a97674c

    SHA256

    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

    SHA512

    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

    Download Submit

  • /data/data/com.tencent.mm/files/netinfo.txt
    Filesize

    609B

    MD5

    5d68237a97709d2d1699da66ac886468

    SHA1

    68229b5585d68055f7fe0d36e4287a77e64f474c

    SHA256

    8d6ef04d616b8f5c6d229912730d9ab97c80e95b97ce79ba726a008166ed6204

    SHA512

    ad424845fe6028b55af20cb54bd924bd1c9313b9874ae4b47a9071d5236379757097f570b6b88660fd4b337b0de02aae8ad83718586d1c948abeaed55ac1c26c

    Download Submit

  • /data/data/com.tencent.mm/files/pkinfo.txt
    Filesize

    5KB

    MD5

    9857c0caa99fde5d0bf47c0ee0fd821b

    SHA1

    ef4629899e6ebbdbaf45ca4885f5b960da25538f

    SHA256

    d68311a5561ada62ee327cda3a9b29c41ed0d7bc16586f9af6d5595a96d497a8

    SHA512

    312c11c7b41384fd5a7ef466f06813c09f6c661ade0ed4ffe6e8e88969f2ba31257a90333b13ce8d4b2ab0692318b638f06aecfea11aeb2df3739580e635a148

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-09-11.txt
    Filesize

    287B

    MD5

    70e56227007fe70a615924229ea97b94

    SHA1

    8a1bd4708b5b550a44724e0d9d44a5d430164363

    SHA256

    35f8403bcf43be2fb5b2dac3ad3c4de533597eecf14a5b50683e8a8d9e650458

    SHA512

    eca1d3f841030ed9d0ec98ffdbf9b662d6bc7b32d29e71f5e41b869861d5a4022fe2b7592e44cd8d28092dd03fcdb5a1900b44f52573a9834f586710852bfdb7

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-09-11.txt
    Filesize

    12B

    MD5

    a9256f55737b655c8cff95418411997c

    SHA1

    d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24

    SHA256

    bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412

    SHA512

    10d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-09-11.txt
    Filesize

    32B

    MD5

    5b1363368ef1f6abb6057e642cc8e55b

    SHA1

    3de0f6041bfd53019af74917b0e32727978acecb

    SHA256

    89174ad4af501780ebf47f5aa37bf8cb3d58487362a02b529f477f172c5ec8fe

    SHA512

    3f70197b866cf72fe099eb4062a0278a1ee0f3f5344a0113b2dad13b650050a2945a9030406a02a88e9a83a233667736e13e7ee7099fb82a3758db2c087927d0

    Download Submit