Analysis
-
max time kernel
146s -
max time network
155s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
-
submitted
28/09/2024, 21:59
General
-
Target
ccplaymerket.apk
-
Size
4.8MB
-
MD5
1c36c043536a78ce8751f85e47b30e46
-
SHA1
48f50de5a315ef85b5d08530dce857c59cb82633
-
SHA256
12ed220844272ad227251986b5de2a75146a70c21d8d2827402f2b7c77a30e57
-
SHA512
27584d5c44c66a9e4710cc4b01d279772203685ac130a47b5a6681cd86c85a8811b659fe47287a73bc16c04365d0e2149db59ab6005595fbc59e3b26a250103d
-
SSDEEP
98304:PVONhlsYaJE6AtyBl2bPgkZO9FY2YBNakTShyvLbV6+9kMro0xB2Sfjr5+ZQNshn:Shlfn3t+BsHvXGMB24jtgXhhuQ
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Queries information about active data network 1 TTPs 1 IoCs
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Reads information about phone network operator. 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes
-
com.lion.market1⤵
- Makes use of the framework's Accessibility service
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Hide Artifacts
1User Evasion
1Input Injection
1Discovery
Location Tracking
1Process Discovery
1Software Discovery
1Security Software Discovery
1System Network Configuration Discovery
1System Network Connections Discovery
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5dd488d3a0ea849653d3356c68cd8f1a8
SHA1adf2b7abefe25df220c0161feae2f4eada193a15
SHA25658be45fa1fdcbbc7f2c6574c270dd309e347a76b755e170d843714047b047f7e
SHA51227f081ca41c8889e264ba6ef2b57a9fb16aa9c41a68d26ea1fef484de480dc1d04418ee908ac81dc5fd72e2b7f7a55a88d6bc9fff25f28cfddd4516597b87b62
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
56KB
MD598c72ffb3a71527ed04e8c0bf3c2dcbc
SHA1f4603e62c8bfd197fad1adea6530eca3320136b9
SHA256a76051cdea9381732bfb40c279253fec629ab02a273a8725dae115a92490eaa7
SHA5121e2a7850acfafcc181f00c1b3b00a3bae78831e789ba295ecacd787f596101e3e272046f40f6e688976f6b7a2fc03d27f9db9900ff56ab3ffaf68da6eaae279a
-
Filesize
20KB
MD5bd26f401db8c24c5987e091d711715c4
SHA1d799695c834f0dddd098a1fa953414e0137cfeef
SHA256845e4dbb2d3411fb84d030c282686124acc771975fd2b4b2da5201a0bea7f0ef
SHA5129cd6abbffcfa88c030e9b9443c625237dd676c796ccecdae3dcadaa46f3e9109b76398da69aff02f225aae5bcd40d9d3483f49e33fb0eb8b2667e3f316894059
-
Filesize
24KB
MD5ee5d9a76fef6de551877bce4c3ba0606
SHA106a151fa8150df29a3947ef5c84e261638b9473a
SHA2567f0c5c5b5992f990421728568528b2e8ac68e5c7aafc7c12313bb6fdd8159249
SHA5126753b9adbf5109c34bc4ac8020c2f97fd6fc53394cf0e8117d6abc3bc044c8aeeb11fb58a30cf70755f29593603bd45f0929cc5f4e86d197f24a46f985bf6a8f
-
Filesize
24KB
MD571fc55d71d3a15da0ef74f619227141a
SHA1eb47ff185ff339b36387e7e7a5be232cf1c186f8
SHA2565dc65400af0fc0e133b98f258d06e30142d9a51319d5832e9b006ed255269090
SHA512932ed0a89c54dd5c535a386c88c8066133afec23c234d22d451b1c3926cf717fcbd0da51f323808d8ff334f9ab11fba5a938e5409dbc69dd59dbe805cacc2a29
-
Filesize
28KB
MD5270877935f6786595081cf097c052507
SHA13c26f642b251d6b73a04cb5bb3ba1db1fefadc4d
SHA25628f7849b8377e4e448f798507ca3c179b7448482eb773e5fd90132bb8afeebde
SHA5122a94ceb9d2456cb68956a22c9a46c2d59c43088691ef7b969e69e0c432c067554ede7351dfb30d184a48a49ba693310e50c702176cbf2a79d621918ab4044062
-
Filesize
28KB
MD5ba1cefae2730ffe9090d1b060abbddfb
SHA1554d8a4f16d9f96eca2e6d4b286b7035057ca9c4
SHA25610fc3ab71876b40be84b92f433d834e38d99b65c6ee4c626ddfc1e92b54c27fd
SHA51267e82a104e74d072c774a67662486a485526df039ac5f3458d66d8563f9e7e5c230b9ce9ccd399e89ebd4c36ebca31ea1605578f35619e1133928429defcd210
-
Filesize
32KB
MD50fcb31920c258bcb52a89d3acddf2d4a
SHA1dd764d611e087ef4e43f0a5cd3f3be85e062eb17
SHA256b455bb6d9ca4b802054f6f1e72d66184b37897ba60a1e5b5de456454ddd07828
SHA512009f5d30aedf58e5c88835cee9a6b87a073660627beda8a09070eeb9139be05f78d11677ce31152f57a988ff132a469d9231140fea3f4c7cb078d39fa55509a3
-
Filesize
512B
MD57b74f80d3a71fb233ab433c26067b171
SHA1928d5c4a5d79e9d6ceee53abbe61b451f7c618d4
SHA256ee9b10f4646e198f81dca3bf583513f2e1899a9295d2bc5e450eb900e10dd658
SHA51297677500746c367bab1b73af9ccfb7f0331c9e4816c35577aeb0f014ed0f12b1ecb9afb66affd4b249c9b9435eb6e97fbd34b6b77834b6840223f270e516ea41
-
Filesize
72KB
MD5de7cf43635bbf3407f490ecea67b8405
SHA1db342fce2af3be7d7b1a91bb147438bc043ccee1
SHA256407224d6226b2912c309362964986f36d28e8c349ac64d6a8674bfe537d6feee
SHA512cb27d578ff1d72e04aeb33e0bbbf9c1111f1e9c517039f1ad7191e8e716118cf5bbd082ea4822966d86cff6b5fefd4d2987407a2457021898706b3a763d70bba
-
Filesize
8KB
MD5ba814d2d762bcb23fb964d1f94af3fd6
SHA1ad4e93639af014464fcfd2b4d74534514b32385c
SHA2566c649db527b03980f453f3c956f6e24e11495d187da1e5d8524b65e2b5d53bfa
SHA512f17e973a126f2c1af9c6d01477b189597f233b047255acfc35c9d0e0d530043955bfcf470cfbee33232c30fd3005bc163526488d6a1d32239dcd539677d70b1b
-
Filesize
8KB
MD5d69523a44e6a613d35f63f4d41430e79
SHA129c3985e280349568eaf82c3e00909ebeeb47a07
SHA256c238988a4e9bde2f730db4444e6e0e5d9f10a3360d928af0551c28546e0dec61
SHA5123bbb5cccdfe1a7b4948a2a9b0aae89a20a5c2fcbf43847e726bf7d64494d3d7902e27ba366bf050b3cd84a1c0daf09b668275dcf4a7fd338bb1a85e4b9d4b5fe
-
Filesize
8KB
MD54253727aec6c9c31963813ed36c858ef
SHA193f2c70669e234444a016ce824dd66f83b676d83
SHA256ab6c48777f34391ccfe215ae12d4bbed502163db26602ab88355a0fee8bca981
SHA512344759d50ad7863e16caccbfc445289a1baf68c890bff0b7fa897711ba225f4eb2ac3659a69fa0b7a19306ab400cf290a56cb779a44239a919517cbdf6d87598
-
Filesize
8KB
MD5418009f89508b5670f776535b4f84fe7
SHA155fdb4a2731141af26897e2eef789121771ff145
SHA256cc848c77b04039d901dd8c05f39ab8354fa1db0fdacbd41a02a0f97ba732ab25
SHA512005155ddc1a024dd4820337a27431c60ccff95e80709fc1faf3b9f8b0762fc090e59b6c082415e07f4a76755f881e8bdcf0875004c4064cbb4daa0c497c57838
-
Filesize
8KB
MD59681880e979fc02f5c63f1afa8208920
SHA1840266153977d3af6ee2ce50eea9ff198f9c032f
SHA256462cc17fcc37d5db75fbe778f8512aa8c4400668a89c0ccf7f78d9bd7a80aab4
SHA512c1885351a684df8ba33598b13bcb8a58fd138a1ff7e1e1fa66e324a032e3932b0eb21d110ae453969d1865be4a4231e68bf6bc5de544cdbd50a5f9a0b095a445
-
Filesize
132B
MD5ff5e1ff10ac5dc02a7f34378bfbf6119
SHA1178c342272dbd27d9fcdb3b14a57d7d74c67bed6
SHA256200ec727e757877faea181d76cea8e77c055b0133ce1c3b5cbd858646b20b8ce
SHA5126c2f373912dcd59ccf7f2eace5a29d61f2b1c4b759f0c959e043ac4a5436181b82b4e6722f8afedca92580c7b794bcce62afb05bf824cbdc963a36e7a8d69382