79e602a062d05fbb1409afc16e6d41ac0645576b2b5c1899dc93e6852c30a71f

Analysis

max time kernel
131s
max time network
153s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
09-10-2024 04:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

doublelocker.apk
Size

359KB
MD5

85cfbd81ff6729927c968fbbb2d1d84d
SHA1

01d962f809ae061d1895cf71db9eeb07900929b8
SHA256

79e602a062d05fbb1409afc16e6d41ac0645576b2b5c1899dc93e6852c30a71f
SHA512

26b24f7ee92e1185aa9f1160582c60cde8a814732dc3d293085eb0bf14fa48efe47f182d40d2bdb06f83f62e505ef542d5a042f2d2fc037811d70eb3c5865c86
SSDEEP

6144:y4qHaAiB3RywInnBfnn3wy+bl/i2PNSlotYLAynYa9Bv1Mcq:y96AG3RyFnnBfnAy+bFzNSqtYLAyYa9a

Score

7^/10

collection credential_access discovery evasion persistence

Malware Config

Signatures

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	owd.qusutsqfdo.mbpepvxhxly

Performs UI accessibility actions on behalf of the user 1 TTPs 64 IoCs

Application may abuse the accessibility service to prevent their removal.

evasion

Prevent Application Removal

T1629.001

ioc	Process
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	owd.qusutsqfdo.mbpepvxhxly

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	owd.qusutsqfdo.mbpepvxhxly

Requests enabling of the accessibility settings. 1 IoCs

description	ioc	Process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	owd.qusutsqfdo.mbpepvxhxly

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	owd.qusutsqfdo.mbpepvxhxly

owd.qusutsqfdo.mbpepvxhxly
1⤵
- Makes use of the framework's Accessibility service
- Performs UI accessibility actions on behalf of the user
- Queries information about active data network
- Requests enabling of the accessibility settings.
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4256

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Impair Defenses

T1629

Prevent Application Removal

T1629.001

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/owd.qusutsqfdo.mbpepvxhxly/databases/init.db

Filesize
24KB

MD5
b49243e688558238565e58f39d077063

SHA1
9077df1e2f6df2fdc125b205000981ea84a636bd

SHA256
9dc71ec384f0b8cf449d9cab48020fd6af5909ccce0fe1607dcd97f16489f8c7

SHA512
b9b5428ace9ee70afe8b754ccd216f93f081fe75e6bedf46cf0ed87809c1c34933f7d41d71f90a3ececea0a1b066154d2036e558ca97e8c0fc5b3053a9d7648c

Download Submit
/data/data/owd.qusutsqfdo.mbpepvxhxly/databases/init.db-journal

Filesize
512B

MD5
1157962507c7f2385fd25a568ae3e372

SHA1
5a7c9c907690aaedac6da52f7de1d7abf3362b5b

SHA256
0a0988f1d13abe2695e2bed2454639606651291cac2e67f0e33ff93bb8907259

SHA512
b5092269bafe3298f5385c8a66251baf8da631937dc6de35220d121ade0b3f4438064e84c7e6585de289b670402e25eb1cf6ea08f7ce87b6e9f678efa0463037

Download Submit
/data/data/owd.qusutsqfdo.mbpepvxhxly/databases/init.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/owd.qusutsqfdo.mbpepvxhxly/databases/init.db-wal

Filesize
36KB

MD5
4eecafba92443a033322abfb351f2191

SHA1
1a431d4a6a3cb84374c57dc8c7125397ddd76bbe

SHA256
0c59757a15be6df23aa6f783a48c12a29f9f9ee2f336527ff29067c1836a92b9

SHA512
0b0f466e2046a005836c6711ecf32ced1d2d0cd0ac201c7c5a494c1edb10aeb75ed2ba104ecf57abee3eb481b76c1ad442d1a359f95cc42ac24488eda6f5ff9f

Download Submit
/data/data/owd.qusutsqfdo.mbpepvxhxly/databases/init.db-wal

Filesize
40KB

MD5
c6ac38971976b1f1464d85752262d1a0

SHA1
f3db60b8db9531b58449f4bd41817d00385737d4

SHA256
5152ce8cc6a70e27fb1e7e52034e813bac0d97bb1d92c152ee36b8d9ed0acefb

SHA512
7847b069b72b137fcf4a885645fe3799ad1369c1ad1b404433788868ad08cc884549e57cdc26ab34c3ecd0a97f2cf272654dee1307b12b62dcc3a1c2b0caf2c2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads