Analysis
-
max time kernel
50s -
max time network
58s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
14/10/2024, 17:29
Static task
static1
Behavioral task
behavioral1
Sample
b4b3ab34deb00c4c55ac990c2e276841601e6ccaf7357b65f147a99a49b049ac.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
b4b3ab34deb00c4c55ac990c2e276841601e6ccaf7357b65f147a99a49b049ac.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
b4b3ab34deb00c4c55ac990c2e276841601e6ccaf7357b65f147a99a49b049ac.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
b4b3ab34deb00c4c55ac990c2e276841601e6ccaf7357b65f147a99a49b049ac.apk
-
Size
3.5MB
-
MD5
303fc3b4d09701097230cdc4de062301
-
SHA1
80128b5ceed888aba4b030c278fc2b6652b0477d
-
SHA256
b4b3ab34deb00c4c55ac990c2e276841601e6ccaf7357b65f147a99a49b049ac
-
SHA512
84dac40ac5b610032384f5cdc94d428fb74ae6ceb35a4f2edd0b844f8f1dbc853ffeb40394429a1295c160d4378a56d42616f64e4930f720058d6fa5cf0653f3
-
SSDEEP
98304:cpF3/Hhf9+t4jm7rIpbjTLCKmYzt6oTwrnAK:ij9+s4CbjTLqIxK
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.parvane.app -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.parvane.app -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.parvane.app -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.parvane.app -
Performs UI accessibility actions on behalf of the user 1 TTPs 2 IoCs
Application may abuse the accessibility service to prevent their removal.
ioc Process android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.parvane.app android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.parvane.app -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.parvane.app
Processes
-
com.parvane.app1⤵
- Makes use of the framework's Accessibility service
- Queries information about running processes on the device
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4256
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Foreground Persistence
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
24B
MD5d340ec46d6a83ed679deb3b7f4e848b7
SHA110dd3602524760528b4bcf55d2f095f7d659da2e
SHA2564c780ae3fda5be922da2fb529b3533e0f0b20f9b8bcc40265a53becd756a2aad
SHA512213c5b5c4d7bc52d5dfbccef8d2bb807e760a89b4a4ed874e23e4b36827d7db25f6106a09ef88fd3439e510e82ee650842f6fb7ddeafca2c81ca76ff01834a65
-
Filesize
8B
MD57b2633efa49a2839464a277cbca1ce1d
SHA1c7a4566d2957b9ef04df9f67ad2b5ada25e3db5f
SHA2569bab63f445ea1a8542484ea1d00d82b42335064e5c4b6c9c860f1f385fbf6edb
SHA51213287d748a1589f20bbd4870f14ea95b308ced2250c8b70c52ab3d4a4c244653a6e417cc65ca841f83dd868fd4d163b128c38f9a4cf2b71180ceaabe2a2d6291
-
Filesize
1KB
MD54719f8d69a817a4b188d2d7a23c38dab
SHA1e1681db1f807c553c700f583daaca7b733ba0f53
SHA256320e8c68950b0af91f29c6f8f09d05c19dcdeca1699469172125babc4b82e7e9
SHA512f3ed3d6a09fb06f7edd2b8ff7692715ada0c786b2f970ddf0ddbc4004f4a37043a8edc1461015e6842cab821ed437bb7dd684f2e312a1a4f3bd4a90287ae6e1f
-
Filesize
3KB
MD53a0f8e09d66248150090383d751dac66
SHA14ccec4a33b3fd0bc0d4ddd6bcb77c2dd7fbeff96
SHA2561b5340fd0316116805e08dc5e0812a17dcf42bdfd04fb89adf0f9d1eadc79e58
SHA512a1c0c0a53cc69a3dc2e3a3fb447b5595bae18bf2288bcce139a1f38c308b294e0e183b43bd27367fe19c66de6631d135713e0ca298726b55a7bcdfcae87278e5