Analysis
-
max time kernel
49s -
max time network
60s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
14/10/2024, 17:29
Static task
static1
Behavioral task
behavioral1
Sample
b4b3ab34deb00c4c55ac990c2e276841601e6ccaf7357b65f147a99a49b049ac.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
b4b3ab34deb00c4c55ac990c2e276841601e6ccaf7357b65f147a99a49b049ac.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
b4b3ab34deb00c4c55ac990c2e276841601e6ccaf7357b65f147a99a49b049ac.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
b4b3ab34deb00c4c55ac990c2e276841601e6ccaf7357b65f147a99a49b049ac.apk
-
Size
3.5MB
-
MD5
303fc3b4d09701097230cdc4de062301
-
SHA1
80128b5ceed888aba4b030c278fc2b6652b0477d
-
SHA256
b4b3ab34deb00c4c55ac990c2e276841601e6ccaf7357b65f147a99a49b049ac
-
SHA512
84dac40ac5b610032384f5cdc94d428fb74ae6ceb35a4f2edd0b844f8f1dbc853ffeb40394429a1295c160d4378a56d42616f64e4930f720058d6fa5cf0653f3
-
SSDEEP
98304:cpF3/Hhf9+t4jm7rIpbjTLCKmYzt6oTwrnAK:ij9+s4CbjTLqIxK
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.parvane.app -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.parvane.app -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.parvane.app -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.parvane.app -
Performs UI accessibility actions on behalf of the user 1 TTPs 2 IoCs
Application may abuse the accessibility service to prevent their removal.
ioc Process android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.parvane.app android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.parvane.app -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.parvane.app
Processes
-
com.parvane.app1⤵
- Makes use of the framework's Accessibility service
- Queries information about running processes on the device
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4980
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Foreground Persistence
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
24B
MD5cf36818691ecc17954fcf10244a7aff2
SHA1715d7774c228c2fb19ac58dfda88341d443c4450
SHA256aa78c644a2ddfb657efd35cc6a6b46011274c6b15a2bbafd02c33eb490bfc95c
SHA5129e544081a40d8e0e2ce961ca15d0f2540fcefe33a1f0595f20c5c001e3de19ee33208ac2929bc93ba39d868d4cb1f0874527e076de58015e1d6d678b7d6ddd6c
-
Filesize
8B
MD53eb874626962d1dfac7fe40060514adc
SHA1f523fb06fa8482628d11c46c68b51a2267fc429f
SHA256f51c03255fd3b7778e5e9a5e5aa2c9276df945f99228e0fe86c4933bc618464b
SHA512ae40c6d9421597a25d968e09d280b99995c5082051f7f5999392ecc20f4f9fd9602a86a0434f4b2064dc0919365adefb3db6332b2a6e25fc7fdd3c59d77a3593
-
Filesize
1KB
MD54719f8d69a817a4b188d2d7a23c38dab
SHA1e1681db1f807c553c700f583daaca7b733ba0f53
SHA256320e8c68950b0af91f29c6f8f09d05c19dcdeca1699469172125babc4b82e7e9
SHA512f3ed3d6a09fb06f7edd2b8ff7692715ada0c786b2f970ddf0ddbc4004f4a37043a8edc1461015e6842cab821ed437bb7dd684f2e312a1a4f3bd4a90287ae6e1f
-
Filesize
3KB
MD55797bb452e1db694d6ecc2d2af1ad1f7
SHA19f007e1f41c1b4b13b0d30cc1f68b155926483fe
SHA256be2b31387eca50844852912094671172082317aeb197cfac39b8c695c9ba8087
SHA512fc89ecb61cade5e2771edc63d454f416adf68a03fd3a1fbcaceae8e528aac4727ce2b37db852ef6df0c9c770a3da14b6b288afa2b099882eebbc26cf47d3a262