Analysis
-
max time kernel
72s -
max time network
157s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
08-10-2024 22:04
Static task
static1
Behavioral task
behavioral1
Sample
99a2a79ff131e7ae1c2ee9e9728ddab0d06d4d25494d3bce7034e2df51fd7c4a.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
99a2a79ff131e7ae1c2ee9e9728ddab0d06d4d25494d3bce7034e2df51fd7c4a.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral3
Sample
99a2a79ff131e7ae1c2ee9e9728ddab0d06d4d25494d3bce7034e2df51fd7c4a.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
99a2a79ff131e7ae1c2ee9e9728ddab0d06d4d25494d3bce7034e2df51fd7c4a.apk
-
Size
1.3MB
-
MD5
3354c6b284c0148424b140f55b1cb095
-
SHA1
397e87352e66e5b33406d428390754efb15cc33e
-
SHA256
99a2a79ff131e7ae1c2ee9e9728ddab0d06d4d25494d3bce7034e2df51fd7c4a
-
SHA512
c373fbf00eec82d7c6780155ef8b92ac75bb32b33d6d54b7e61c7c2cb6326a3053fa86e3c5876b82208eada43606432c9d2ea9e3bb696f0d08cd73d1d262e70b
-
SSDEEP
24576:4pysdMgH+BOf3/cD7FXiSAc0a37qzUqs69+J7UfiGdrI8cUacUaIgSg0qh9+:4pyBgH+BOvUD7dik3auJ7BGdrNcUacUp
Malware Config
Extracted
cerberus
http://162.55.21.189
Signatures
-
pid Process 4586 com.trophy.abstract -
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.trophy.abstract/app_DynamicOptDex/jMNjB.json 4586 com.trophy.abstract [anon:dalvik-classes.dex extracted in memory from /data/user/0/com.trophy.abstract/app_DynamicOptDex/jMNjB.json] 4586 com.trophy.abstract [anon:dalvik-classes.dex extracted in memory from /data/user/0/com.trophy.abstract/app_DynamicOptDex/jMNjB.json] 4586 com.trophy.abstract -
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.trophy.abstract Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.trophy.abstract -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.trophy.abstract -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs
Application may abuse the accessibility service to prevent their removal.
ioc Process android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.trophy.abstract android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.trophy.abstract android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.trophy.abstract android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.trophy.abstract -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.trophy.abstract -
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
description ioc Process Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS com.trophy.abstract -
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener com.trophy.abstract -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.trophy.abstract -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.trophy.abstract
Processes
-
com.trophy.abstract1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Performs UI accessibility actions on behalf of the user
- Queries the mobile country code (MCC)
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Listens for changes in the sensor environment (might be used to detect emulation)
- Checks CPU information
- Checks memory information
PID:4586
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
3Suppress Application Icon
1User Evasion
2Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
63KB
MD595f45e059960bf4cb5cbad2ec8e32848
SHA1e09b16e1aed978d2e2cc8ce55d094ab6a1f84bb7
SHA2567a3d6515e57f161cab4b2b780ac2df3b3eb1f5ada8a8821ba33efe8efa816389
SHA512ce9d1577a75accfbee428cbd922487a21812616ab73907940150478087065e6f8154d9971b520c35a9d19c8af4c7a8e8a010ce00ac726acdecc22f070b59d0ea
-
Filesize
63KB
MD586fdbcab44ac3f3c8c40d7c95645eaec
SHA13791a59bc52a02dd1af9607a97ce13db59c2e0de
SHA2562f2f663ef7a2f78974bc22663f6eba1c0ca237c383a0460bef0c44a873e519d7
SHA51288930bf07f98a3a76c9658961e70e517af0fcd3b033f0504ca90889465ac778d3f10fb6f4297a9a3eb99419322b01e0c8c21be3df7bc265504a96d9784614fbb
-
Filesize
165B
MD56f1ba2fb262053a1d9f3700dcbd7e2d1
SHA11818476b8a7c928ef574f9e2cfbbd0243177f14f
SHA256a3a059766b8972375c760bf90250b69614f2c2c53a95f97cbf7c0c59ebec7c13
SHA5121e13816801dee8be4583cdf7b4a266655cd453a880502005a3facb3e51d8a895a033f9323f21b5da37991b95daf6f6dd9ab90219c6944e8893febb14f350a957
-
Filesize
124KB
MD5c53223654123f2923597a1c127472ee5
SHA19bb34c577fb276530a5b0baea81648fd8a88c939
SHA256642680ca77be88c96b9cb35c5a1d49b07bdf0cdc1345d6f5f5db84b05bc1be38
SHA512225c8cd60ffeabe4bfa8921a3de14d326f5bfb29c8189219303b42ee94c73b67bbb8c267b58c49acd7ceb00c4406bc03eab4a4878d0379bcbc267138b82f4610