Analysis

  • max time kernel
    122s
  • max time network
    151s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    12-10-2024 22:04

General

  • Target

    i.apk

  • Size

    3.9MB

  • MD5

    399d516ccc8046fcff9300397a441dc7

  • SHA1

    9c5340383eb9e5cfb400d4710dfb667bca25a1dc

  • SHA256

    06c2692c014d22ec9689c082b57b8905771d31679c354e3731b1503fcdd799d7

  • SHA512

    a795e971af49b74b6c0e71f6683faac3afdb91acbdb2c066a84c31412c93c10bcf2f528c7a13ba4d5ed94a2df2aa415767402fd822c17d78b39a793f05ddb247

  • SSDEEP

    98304:e3IhYC3gkvbsCa5Q93phhqJzhcavkts05koUM44eMT7M4z:vR/TwQC5hcN9qMIMM4z

Malware Config

Signatures

  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs

    Application may abuse the accessibility service to prevent their removal.

  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • com.demodulation.xanthocyanopsia
    1⤵
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4860

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads