Analysis
-
max time kernel
23s -
max time network
152s -
platform
android-10_x64 -
resource
android-x64-20240910-en -
resource tags
-
submitted
11-09-2024 22:06
General
-
Target
29aabdb820d6e27e4846beaad3c286879b63ca0a91564ae79467db6c851235d4.apk
-
Size
4.5MB
-
MD5
f646f4b5e63f9944ca817d6c15834558
-
SHA1
acd3f7ebee76b2ca6d1d3e6a397d4190b991b0f1
-
SHA256
29aabdb820d6e27e4846beaad3c286879b63ca0a91564ae79467db6c851235d4
-
SHA512
886a32e32d08b3948195a25d4f7fbb0bf9fbb198642d1c4fabd1605f4093ccaa7d2dd6e7cfbb3237f129a0d79a4b9ee01456e7e0ae4f9e1ae426622d397a1d2b
-
SSDEEP
98304:9tnXfW195xR8AhC+0Jjx495S/NtUsurvOuLlhBWHfrbzjD:bX+hPGxICnUZrveD
Malware Config
Signatures
-
Removes its main activity from the application launcher 1 TTPs 3 IoCs
-
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
-
Reads the contacts stored on the device. 1 TTPs 1 IoCs
-
Reads the content of the calendar entry data. 1 TTPs 1 IoCs
-
Reads the content of the call log. 1 TTPs 1 IoCs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Acquires the wake lock 1 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Reads information about phone network operator. 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes
-
com.tencent.mm1⤵
- Removes its main activity from the application launcher
- Makes use of the framework's Accessibility service
- Queries account information for other applications stored on the device
- Reads the contacts stored on the device.
- Reads the content of the calendar entry data.
- Reads the content of the call log.
- Requests cell location
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about the current Wi-Fi connection
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Execution Guardrails
1Geofencing
1Foreground Persistence
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Input Injection
1Discovery
Location Tracking
1Software Discovery
1Security Software Discovery
1System Network Configuration Discovery
1System Network Connections Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
32KB
MD50ec8d5e24581e56eb01c45155efe2049
SHA14de2aebc5e22d0420e54cb553c2739e50481e50a
SHA2565bb1fd7e82a28019975971aae5f49b0eb2ddef4a943663b654ede402d2f7f616
SHA51223f87b81f1b49b80a88b1eab7d5e08e7001486b135bedc434601eed4ab74b72804ae4f907ede18213454dfa9da7058692b012861170306adbe6b12650dd51fd4
-
Filesize
512B
MD5e8045b55230528ad4d4c00afd333fcf6
SHA167d2971de1f85e2167185d187caf8c25bbce2893
SHA256ebc17791ca83fce3ba02a54002d4fa411428264584448bc4c5f7080e105e48b4
SHA51249bdb0d73f1ad95cd205c221a2c846780b0d3ccbf01bf350b6fa44f7ecd1c9f2745f24c2ee9b436eedd48566d61d9ee218e07c8b948989f45a5012778931ebb8
-
Filesize
8KB
MD551e22e2f09c2f59dd8cde84646778b69
SHA12a9c70af13cf61bc8113918024cea3ae1d47f33d
SHA256c2362050452d3dd8890385ae24a6385e639d33eb4f767ce3652f93f3112f2d0a
SHA51224c176cd9171201bed613a4f535855720e45fd8a49213169496f649de6f89391a98d1814de0d9494bc896e0c9ab3ad9c9a49bf518af80f4d9ba149ce8f8fcff6
-
Filesize
8KB
MD5e0ac784f4f6c7e08de25560343ccaf67
SHA16130cae16f512d3451faa855d8390c4b139cfd00
SHA25652b2c4bde83116bfdc3fe3ba4ed1e8febbf2b53da55e974f3bf3c2eb7f80e0f7
SHA5125918308057fa0d5f7dd2c2b1cc005127d5fcfaa190255006d8074c01b985a6321d0d33a76f3db527ff89790bf4cbeed5152dbd6641cb9f570b5a8747d6b2d7dd
-
Filesize
8KB
MD5bcdf68a687fc3b83f0dc501c0bc5620f
SHA11b877a306baf9024e459c5f315d1bb3f3602a0a2
SHA256016f37a7e64fd6dc6c8a44b982378efe5bc520f8c56e8cf9e9253f897fedbc64
SHA512023d20f23c4f6f8b04f44fd116f542b629174b4e4f6db5a8edb9427689698dc04dca09ca654ac06c4b85126ab63023c0f93a5b48cf1ad592af0101b53f1968a9
-
Filesize
8KB
MD53a37b5c6ea0a03ab3ac6bfacab299b4f
SHA1b16983b9d82f2562f4dbb42250b9ea43a3fe7a9d
SHA2566f738b4c9e44bdd296040882f03ee08c1d9bf463c0aaa1c4ddeef7574e1c18b0
SHA51222f008a84f7bcec10a127d1fa43e49865524012379e4b37eb7e6657b6e08e98722bac37340deaa2e57f31c3704f059b5953dd9434c4eb52280377a8c39f7fb82
-
Filesize
16KB
MD587781ba511cedf873179b33e91a603fe
SHA18c3f4f8b312dd02256bd3659ad41536ab2197834
SHA25649b9f1285b0030b4af07309558c7685667c6ecbf10f58ab327806480d4bca53b
SHA51212f630a7196195fd46ee1dc8855438f0481ffa26603e6757fbe3cef44e87e6d0900cf6044e83c073bb7ec19ad21e769ffba7d3bfee7f725259a1a5d37edff4fb
-
Filesize
512B
MD519279fb57fe84e2c13ffb1d9c863e680
SHA166a02b1d9ba7b8d5cd9478b609b1055ac200ce82
SHA2562f85358241124ebe6d042ac91c02544b32eb8a0521710c94b27765a7a8beaa8e
SHA51206ea3d38a2b0184316098b0fb1123dafc71a19f122a133f09c8e7f48fae3d28aa057a9f63aba91a62f098fc19cd94271aaacba3781c60a363762014c0672ed9b
-
Filesize
8KB
MD59035079cb91e6be28403420b9be1f681
SHA1cdbf66dc21eab114acc5242f9102427b29a863e8
SHA2563f922a20947960138a13d2330b46b35fc5a7c7688e581145b0073d12569e7ed6
SHA512eab2e6e330a1d914a776baf65be065fcfc2abd1c14623ec9d8b5b4406d15c4cf4b876b7fcff5e2ad4625bdcf5374ea8524b8d3e7898a7909e0d5c93ec6d94fce
-
Filesize
8KB
MD51581eb9765a60f24a7faaaaee0228799
SHA147134dde5d01e86cf32e86d3bf2a4b3d3aed3d61
SHA256ab6d4032f5e1de41b70b7333c04fe6342ef8c924d515e069c9dca2638481d1c4
SHA512ac2fc9db1169e856ebfb482c654467ba9b7939958a20de485239f9a37f2ee58e6e8cf1a2072908cc20b9c289a21ed30143f66fad5266e816f191b26bd47564ea
-
Filesize
8KB
MD55d2ed8dd59a637c35c5fe19601fbe352
SHA143fe41123c6cc7c48a6595bd7813bacebe7a9a98
SHA256bcba996ba9daf47bee12ce56fc23f79c285da7608de94ad0ec0e27db9dc45ac8
SHA512338c6b9f7c7bdbf06939fcac9560967d925417c33f31d8f2a0337fa603276e54d63bca59ca0eb46ab0c8e0996a71fb468dd09c75807e3a5f56518da4e0c8fec3
-
Filesize
8KB
MD553a55fa7f9ee04a6fe2a9228cb53d716
SHA1fcb1357b92512ea0b50138ab7829abc2e05e6e6e
SHA25653e666cb4a83625646c405e7cac39678d85e322eb2f53bcaa262ececdcc2c172
SHA51279eeef58d74f110d13be9bc70dd2d7d85c41b73147a122d4442c6e42d7349640ec32a0cb68a6f80ec863e05a3e0a853aac5808c08c1535a844bb106d6ab33b0b
-
Filesize
8KB
MD58539b0079e343e8c8cbc7d6a43a48a9a
SHA108ab5847bb73fcf2101ee290f459e8fd3708ee41
SHA256ccd1208d928edbcab7787d0e2902d06c82ad73e446d95397bb4b68d59b1ae4d5
SHA51241087ba47eb15285e50b441afb1f838310cf9113cfc3330b8edfa748ab5979aeba8f053ce4e3d45a87cbb0ed21f0a8988379697dada8079ff80070036aa55c14
-
Filesize
3B
MD558e0494c51d30eb3494f7c9198986bb9
SHA1cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d
SHA25637517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570
SHA512b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4
-
Filesize
108B
MD5d7d5d44b864c34835a3321007ffdd496
SHA168cef310c9eee0dcb851a3e867b46be7b4f6b3c7
SHA256776c5a43e90603baa539aa8e1eb859029a98d8b28043780ff272179a0bf01190
SHA5124938673f028147da24476967a216ee74f37d58a7d4060ef3389e4af261c5d3f9664a54d8dbe86ced11614615704139e941b04e0ae6ce31cc27ded238cc9a356d
-
Filesize
126B
MD5edda97cf87b7e462d9579d982f2a2cad
SHA1170890b634d3a258b30655019f15339d0284d0af
SHA256a8b9b32569d11fc6ba0b825a7d368abf09967f89badf10b8ba1c96dd07ea9973
SHA512d1e7f4fc4a01a49a29ea0d7f80bc6ff2011a4aa98fcb5d2023cf3696177ea832888ccf8ee1d52f902cf7a61ce514d07dcc6e67b2a27263038cfb763c528f07d2
-
Filesize
351B
MD53be5fa177353ddb9e7aa45e4de59ddf0
SHA16b0e5dd3a9559098486304909fae4322d501824c
SHA2562992e99905769e13f5199f288083d2c5b1fc8cf892c36dd7b1326b00fc2e1034
SHA512912075546f16904a225584efa8ac0ef5a9701d7344fa2766fa18e2993bf52880ec94e759e3742c37d0059441a1031f692bb6ab16a33661ad687306d216689905
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
827B
MD5f4a71208fe8acf0fa552d12fbf1a2bb0
SHA14a8844312f1a873e3b8e223949224ba1df48642f
SHA256d4445054148035861b14c75b4e3467932ecf507c67028ab94f52169ec852a66c
SHA512dee682dc54ff3e8dd6dff215c191202d33d4c1752e710a2d63af203bfd4dc85f123bd667dbc7b365540a82f671d8d371a80e97fbd19a2eb6c7f98af31b699e46
-
Filesize
9KB
MD5de42df6381f44c0dc45891054c656259
SHA15a76c1ad2ff42094034a18774912bfaa79489c29
SHA25651c06cbd2eee387145a0eac5b55b387f2da3797cfb737cbb151aacc1b145e747
SHA512700f8a3e85a7ea4f1d15aa3046d6c96ef898ac628b797616f94737570b802ee22db555e4d81c3fe91a90c3c92e9bc45aa940d55dc2c876a6488387743eabc037
-
Filesize
287B
MD5a46f3aa7cbef53ab6a6790bce84084da
SHA12f6913eee269fcc587772a51f580d34d2c533b6e
SHA2564377e27354b31590d2a43540f995af69d60424964b9a773afa932e015e5b8ac1
SHA512efaada614c3a099bf5f2f1d5af5a0b10e17c8d72e55dcd7fe3c333cfc3afa6188a396e659fcbfd9822bf7a87f70e2cca05a3cdcb3a3a127857db5ab9d3fde069
-
Filesize
32B
MD57240822fb8dcd1aa0c3a69137c7dcba2
SHA11a74a9309d020ca4433423a5ebb28c7caabf454b
SHA256920fd239934c08565fde170c81dd16498ec465d1bcb1dfbd58fa52f521725b66
SHA5123e057f1d894dff682d59f616f2f6d827743932edb603bf30b4d7ef06a35159d0b4b98f5dded28faa374df60ea9aaf6095a03b3a9bfe3e62be867cc4192f833e3
-
Filesize
32B
MD55b1363368ef1f6abb6057e642cc8e55b
SHA13de0f6041bfd53019af74917b0e32727978acecb
SHA25689174ad4af501780ebf47f5aa37bf8cb3d58487362a02b529f477f172c5ec8fe
SHA5123f70197b866cf72fe099eb4062a0278a1ee0f3f5344a0113b2dad13b650050a2945a9030406a02a88e9a83a233667736e13e7ee7099fb82a3758db2c087927d0
-
Filesize
12B
MD5a9256f55737b655c8cff95418411997c
SHA1d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24
SHA256bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412
SHA51210d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574