29aabdb820d6e27e4846beaad3c286879b63ca0a91564ae79467db6c851235d4

Analysis

max time kernel
22s
max time network
152s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
11-09-2024 22:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

29aabdb820d6e27e4846beaad3c286879b63ca0a91564ae79467db6c851235d4.apk
Size

4.5MB
MD5

f646f4b5e63f9944ca817d6c15834558
SHA1

acd3f7ebee76b2ca6d1d3e6a397d4190b991b0f1
SHA256

29aabdb820d6e27e4846beaad3c286879b63ca0a91564ae79467db6c851235d4
SHA512

886a32e32d08b3948195a25d4f7fbb0bf9fbb198642d1c4fabd1605f4093ccaa7d2dd6e7cfbb3237f129a0d79a4b9ee01456e7e0ae4f9e1ae426622d397a1d2b
SSDEEP

98304:9tnXfW195xR8AhC+0Jjx495S/NtUsurvOuLlhBWHfrbzjD:bX+hPGxICnUZrveD

Score

8^/10

banker collection credential_access discovery evasion execution persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 2 IoCs
stealth trojan evasion

Suppress Application Icon
T1628.001

Processes:

com.tencent.mm

pid process

4699 com.tencent.mm
4699 com.tencent.mm

pid	process
4699	com.tencent.mm
4699	com.tencent.mm

Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

Processes:

com.tencent.mm

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.tencent.mm

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
collection

Stored Application Data
T1409

Processes:

com.tencent.mm

description ioc process

Framework service call android.accounts.IAccountManager.getAccountsAsUser com.tencent.mm
Reads the contacts stored on the device. 1 TTPs 1 IoCs
collection

Contact List
T1636.003

Processes:

com.tencent.mm

description ioc process

URI accessed for read content://com.android.contacts/data/phones com.tencent.mm
Reads the content of the calendar entry data. 1 TTPs 1 IoCs
collection

Calendar Entries
T1636.001

Processes:

com.tencent.mm

description ioc process

URI accessed for read content://com.android.calendar/events com.tencent.mm
Reads the content of the call log. 1 TTPs 1 IoCs
collection

Call Log
T1636.002

Processes:

com.tencent.mm

description ioc process

URI accessed for read content://call_log/calls com.tencent.mm
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery evasion

Location Tracking
T1430

Geofencing
T1627.001

Processes:

com.tencent.mm

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.tencent.mm
Acquires the wake lock 1 IoCs

Processes:

com.tencent.mm

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.tencent.mm
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

Foreground Persistence
T1541

Processes:

com.tencent.mm

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.tencent.mm
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.tencent.mm

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.tencent.mm
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
evasion

User Evasion
T1628.002

Processes:

com.tencent.mm

description ioc process

Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS com.tencent.mm
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
evasion

User Evasion
T1628.002

Processes:

com.tencent.mm

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.tencent.mm
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

Scheduled Task/Job
T1603

Processes:

com.tencent.mm

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.tencent.mm

description	ioc	process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	com.tencent.mm

description	ioc	process
URI accessed for read	content://com.android.contacts/data/phones	com.tencent.mm

description	ioc	process
URI accessed for read	content://com.android.calendar/events	com.tencent.mm

description	ioc	process
URI accessed for read	content://call_log/calls	com.tencent.mm

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.tencent.mm

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.tencent.mm

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.tencent.mm

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.tencent.mm

description	ioc	process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.tencent.mm

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.tencent.mm

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.tencent.mm

com.tencent.mm
1⤵
- Removes its main activity from the application launcher
- Makes use of the framework's Accessibility service
- Queries account information for other applications stored on the device
- Reads the contacts stored on the device.
- Reads the content of the calendar entry data.
- Reads the content of the call log.
- Requests cell location
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about the current Wi-Fi connection
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Listens for changes in the sensor environment (might be used to detect emulation)
- Schedules tasks to execute at a specified time
PID:4699

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Foreground Persistence

T1541

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Foreground Persistence

T1541

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

User Evasion

T1628.002

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Location Tracking

T1430

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Location Tracking

T1430

Protected User Data

T1636

Calendar Entries

T1636.001

Call Log

T1636.002

Contact List

T1636.003

Screen Capture

T1513

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.tencent.mm/databases/Dname

Filesize
32KB

MD5
1854505a3f6d683ed7eb81612934370c

SHA1
4f710add9a652d2fb92b7ce45589e27bf03f0b2a

SHA256
8100330a266f3027b929ea1bde99440ce4a544c9d9a0abb2ef0d1a73aa4cd9a4

SHA512
104a6e9c840b1fddd22ae579624a549c911abfbb48dc4454d3d231619c41a9abbf22f0dc5362a80c8c8245cc18566661f3645ac48c61259132886d4bf4678962

Download Submit
/data/user/0/com.tencent.mm/databases/Dname-journal

Filesize
512B

MD5
7e2ea6208d053fd8e83d11bc07c27159

SHA1
4b02e65e0f39ff4e95403f8ee6b2dccbd09be1bd

SHA256
1582b4a1dd6ce378f28ceabccc13d7596fb32446e6070ba8b40ea3d939b23d43

SHA512
11c9777a32c51771eb0d0289bd2890edbc159d456a5a469e315dfedd436cf04057f44390b7472063c4e793d21692ff2e5dbbf1357ee1c317dcf2e84f6e6a07ac

Download Submit
/data/user/0/com.tencent.mm/databases/Dname-journal

Filesize
8KB

MD5
d26a7d4d3133694f48ef9794b2f131e1

SHA1
afc51ae80e61a6a72f27bfe832020a319cddfbd9

SHA256
09ff9f2e3c0b3fc5e201c4054e85abb36a4effc5422d7eeee040b4f67b009e96

SHA512
53965bbbf80519c0e2336a2801ef4222cb6d0fdad421efba022177844d448130384e291e908a1cf29bd457d153cf07ca9578680510512bbd7ca7b5f0290b2b10

Download Submit
/data/user/0/com.tencent.mm/databases/Dname-journal

Filesize
8KB

MD5
b93420fb0e797c32624b7adc7d2ee6af

SHA1
2778f7657c9017d9637257a85af15b7a7cb1a1a2

SHA256
cd626a8645b6287b8126206ef4d26869ffa36c2f70b01d7aad01973db46d42a4

SHA512
7018d2931ee6442438832a68d90eafa16e805164852aa939533800ce323328c15eff333a6e418cd415f0a3772ff10cc63c86c8a91899f9310fe400d0d288627e

Download Submit
/data/user/0/com.tencent.mm/databases/Dname-journal

Filesize
8KB

MD5
7aac84e81a372ca0ce36b146be91b43b

SHA1
c712d54fc287afa4f86b795b087055fcbb327cc9

SHA256
d96eda49389057d2eea01e9de0e0bb27aa93c9943f1a1e61f39a1cf8a398cc9e

SHA512
95f9e502ee098561a31c9fece06c2347c259efa0575d15f599b0ecef7f984697bbcd6977b58a2ec561c0c230a7ca49c8a4d2fb306afba0a28c8b970c80bc884c

Download Submit
/data/user/0/com.tencent.mm/databases/Dname-journal

Filesize
8KB

MD5
c16107dd2aa8e2d0dc437648ec072e6e

SHA1
fcf7682524a7db146fd305fe7927d0864711cb38

SHA256
32d636fbd33c86549e99d56b12a9e92d64b412f078c2c4b44555016ea86ba990

SHA512
295b081e92060e8dbe65f42316e08d521f92a011cd0fa6374c11b2891109cc820e6b1e8c2ce0a2ca12d0f0232ee652e59c008bcf1654736ec58cb247ca3daf16

Download Submit
/data/user/0/com.tencent.mm/databases/evernote_jobs.db

Filesize
16KB

MD5
16c5d93329c3d33ef9415924020485a7

SHA1
fae172735f9b2f2fe8be4f3e429f8ddaaede03bb

SHA256
0204fa76690ee503e06d749a293bfeaf72663b6e3f692259a0725fdf2aa1921f

SHA512
878a3b0b799cd63ea800a161a8cdb2b46c263935f03e0efd74caa5676e9ad4328231e513016f1834eb54386470d27a4edb1d04dee8d8e5d07a2bbe43a1061e71

Download Submit
/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

Filesize
512B

MD5
ac9b98f451b326624524fd0adf8dbfc4

SHA1
bfbfb58532143d227471f130fd94fd8b6510e2af

SHA256
99f75709c86003b9455e993efe2b52960c6afe811ba8724edb444607b3f1b60a

SHA512
32024b8c99871be8f9f92f8d5a2417f8319d32f55352c8e96f20e267988b12042722d070d81310f2d8087be9e6b99824ad024c672716007883abdd10f92b0c79

Download Submit
/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
1ef548f5a9b2a492f0e2ffd6e017c389

SHA1
096c6ef3d85019ca5cd2448a33a0d84255afe1da

SHA256
a26003e42e3a7a4dd0342136404fa7ec6020368886a0bdb221ae5c11062b02b0

SHA512
42ef810b1a2ad15cf0a2f9b70da2baf1dba5c3f09c94dfa3e25c048b8dfaee032bf5921d720375f95d0a5cec2312862ea86f643eeec54252bdd2baf46fe805e2

Download Submit
/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
056c0d859a47ee7d2423cb1c121325a8

SHA1
eb88e3d23ce0ba86c63070bccf058f19c9964fcf

SHA256
993df142ac8cc49579fa1b1ee3a90371e759e6710cd49b41dd79689d511e42f8

SHA512
55000d3bbc83659735d5b7ef6a960f397f0d142285f2bf7818c52696ff7f056e9f3cbd4b779c742145096716e3dd51d23633aebdd52b36bd58cc7a5564481f45

Download Submit
/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
c32b2f28f7455796b664d4754dc306c9

SHA1
dcaf56509f25f343267bd19b5647084e0b256dbf

SHA256
b45e607a8f6e672ceca73bf37d019c6e856576750c2e509c9673bd4052307fb2

SHA512
3d5775672c2cfd52130bb23203f5f942967dfe624b4f1c2a7f424ddf211c0ce8541eff30b29fc4cd7431c50f02fe7a9509a0faec51679514e5606a2de308994d

Download Submit
/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
0dfb6583332ed57624fc4d6451bc4fec

SHA1
d3535973bfec415279bf879e4380ed15f7f782c4

SHA256
6694822e339fc6d3c08543d984ca328a9fe3db24844337edceaf176c25c470a8

SHA512
a32030d20ce1fdb4b7c1f7fb8362a8e23f55df0ba80c624f24106efe94cec0e2fe633352b087d7a22e49e0cc20e2f14e7eb17e6497dfdd2dd73533ca8006aa84

Download Submit
/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
ade9d6ef44683b75670220d6e141feb0

SHA1
339326f29cf0edd23004c8f66724c2319f408721

SHA256
bbfd051dcd7f7be2ae0a23c70dc920a0862eeeffae51bcf4d53350504f5e4132

SHA512
4dfcf4e45612ef0d1dd82c0dcbea184061bd0ca7e422bf123e2bf696bd29eea0cbd3163c9eac529ab726e7f13423fb052b677ea2580781982013af66a12885eb

Download Submit
/data/user/0/com.tencent.mm/files/CallLogs.txt

Filesize
3B

MD5
58e0494c51d30eb3494f7c9198986bb9

SHA1
cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d

SHA256
37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570

SHA512
b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

Download Submit
/data/user/0/com.tencent.mm/files/GP.txt

Filesize
108B

MD5
c3634e11786d268ff412da690bcaa2a9

SHA1
9b5593b1129d0ec9850a836618fa2a3a7508b7e0

SHA256
8aef6ff10d5e9408e7f9f8b212b96fd80c6162664bdd34c1ad493104b7e086b6

SHA512
94e5504089bf36b111a44f81d8b17e45849fa16aad18a3e91f5b4c3d323538391e9e59f41b6ab4c0e515642eed623b5cd896889940c083160f7dbeb7ec5fcb61

Download Submit
/data/user/0/com.tencent.mm/files/Tree.txt

Filesize
566B

MD5
f69fb1ccb78b98fa7c55ca432cbb7870

SHA1
55d36d1fc7090120b3facb7efb5c26fb8d20766a

SHA256
e3f8dba15cb8e54801a445b500afc9ebfea7eb327b967bafb3d320ed9a126e8a

SHA512
a03d43616321f8d9fd85e7346ccb63af63e5c2f3427dee370f41d9be3b9e19f93b7cc85e12219b5975327ee5ab1fa9295d1f474d5a7c039271d2204ee1539f74

Download Submit
/data/user/0/com.tencent.mm/files/accounts.txt

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
/data/user/0/com.tencent.mm/files/netinfo.txt

Filesize
854B

MD5
be5f86d442aa3277a2a4de91afc3a550

SHA1
ecc6c9c5f61bc8412f0a404dfe8bcde4758ba80e

SHA256
2968144223ec94acebba82a32f33d421fed9788fb4379c8261463202cdf399b7

SHA512
28e4681030e2a6e826cdabf74d419fffd82013c002005a7a899ea17175b1c22ae793f34257a7930e78d15a6354d02e25b3d741b63501dff247fa4eb25e8f7115

Download Submit
/data/user/0/com.tencent.mm/files/pkinfo.txt

Filesize
10KB

MD5
b593d0594fc2e98f60b0288475ba950b

SHA1
1c10ef393a2666d7640ca45e663321019a5675fb

SHA256
49e287b4855336cc22b24d4f912538f43d226ddca9b322d769fb3ef0306d9411

SHA512
7ba2ceeddfbc8efee39b6a5d9f81001cca3e07d6d6311ae16e0eff38fd395567fa3236aa7f7b59def32a5a7ed27d24cd852b3936d32bd05b467dbd1ed8dcd40b

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-09-11.txt

Filesize
32B

MD5
5b1363368ef1f6abb6057e642cc8e55b

SHA1
3de0f6041bfd53019af74917b0e32727978acecb

SHA256
89174ad4af501780ebf47f5aa37bf8cb3d58487362a02b529f477f172c5ec8fe

SHA512
3f70197b866cf72fe099eb4062a0278a1ee0f3f5344a0113b2dad13b650050a2945a9030406a02a88e9a83a233667736e13e7ee7099fb82a3758db2c087927d0

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-09-11.txt

Filesize
287B

MD5
ec0c5d251f54364d361d8cbd3895268d

SHA1
26ca82041cf6435e17dfe25cd93ad03709e43cc5

SHA256
cf54f9339ffcc2f23703a1e8274c208d1cf713eef68d1ce2dde45678b228f08f

SHA512
31b642c5fd917d282f8444f83459b9a5ccd659c2ec0c7505c530374f2d24874fb5c2b4035ff05cb525a9062fc325ea2131a227375248149ce2897072f60b339f

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-09-11.txt

Filesize
12B

MD5
a9256f55737b655c8cff95418411997c

SHA1
d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24

SHA256
bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412

SHA512
10d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574

Download Submit