1e9229bd17bb55be2efe1934f99298beb198f65f76dc957ab3a751cb69d50671

Analysis

max time kernel
1796s
max time network
1798s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
12-09-2024 20:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AJGIZU.apk
Size

2.8MB
MD5

44be87a9d995de4dd012b0cd03f47bb0
SHA1

d037dd795cbadc318a9eb6c0a243d72025712a61
SHA256

1e9229bd17bb55be2efe1934f99298beb198f65f76dc957ab3a751cb69d50671
SHA512

982fa879d7a0c784b2077505771da9e1645080de34ba788224789878443e8083f117768b06427e98afddc5a814dc8b61247e9aebc4b9337ba890f5f941697e40
SSDEEP

49152:ebmGscmts7UKs4FGJXJpEsx+iQQG4LT52xB5VPI/+rbfVVUrbiPEVVETplA:eyGsco+FMXJhxTGgTwnPa+tWCP+6A

Score

6^/10

discovery evasion impact persistence privilege_escalation

Malware Config

Signatures

Acquires the wake lock 1 IoCs

Processes:

com.example.dat.a8andoserverx

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.example.dat.a8andoserverx
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

Foreground Persistence
T1541

Processes:

com.example.dat.a8andoserverx

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.example.dat.a8andoserverx
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.example.dat.a8andoserverx

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.example.dat.a8andoserverx
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
evasion

User Evasion
T1628.002

Processes:

com.example.dat.a8andoserverx

description ioc process

Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS com.example.dat.a8andoserverx
Requests enabling of the accessibility settings. 1 IoCs

Processes:

com.example.dat.a8andoserverx

description ioc process

Intent action android.settings.ACCESSIBILITY_SETTINGS com.example.dat.a8andoserverx
Tries to add a device administrator. 2 TTPs 1 IoCs
privilege_escalation impact

Device Administrator Permissions
T1626.001

Account Access Removal
T1640

Processes:

com.example.dat.a8andoserverx

description ioc process

Intent action android.app.action.ADD_DEVICE_ADMIN com.example.dat.a8andoserverx

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.example.dat.a8andoserverx

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.example.dat.a8andoserverx

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.example.dat.a8andoserverx

description	ioc	process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.example.dat.a8andoserverx

description	ioc	process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	com.example.dat.a8andoserverx

description	ioc	process
Intent action	android.app.action.ADD_DEVICE_ADMIN	com.example.dat.a8andoserverx

com.example.dat.a8andoserverx
1⤵
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
PID:4455