Analysis
-
max time kernel
47s -
max time network
67s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
14/10/2024, 17:29
Static task
static1
Behavioral task
behavioral1
Sample
b4b3ab34deb00c4c55ac990c2e276841601e6ccaf7357b65f147a99a49b049ac.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
b4b3ab34deb00c4c55ac990c2e276841601e6ccaf7357b65f147a99a49b049ac.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
b4b3ab34deb00c4c55ac990c2e276841601e6ccaf7357b65f147a99a49b049ac.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
b4b3ab34deb00c4c55ac990c2e276841601e6ccaf7357b65f147a99a49b049ac.apk
-
Size
3.5MB
-
MD5
303fc3b4d09701097230cdc4de062301
-
SHA1
80128b5ceed888aba4b030c278fc2b6652b0477d
-
SHA256
b4b3ab34deb00c4c55ac990c2e276841601e6ccaf7357b65f147a99a49b049ac
-
SHA512
84dac40ac5b610032384f5cdc94d428fb74ae6ceb35a4f2edd0b844f8f1dbc853ffeb40394429a1295c160d4378a56d42616f64e4930f720058d6fa5cf0653f3
-
SSDEEP
98304:cpF3/Hhf9+t4jm7rIpbjTLCKmYzt6oTwrnAK:ij9+s4CbjTLqIxK
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /system_ext/framework/androidx.window.sidecar.jar 4617 com.parvane.app /system_ext/framework/androidx.window.sidecar.jar 4617 com.parvane.app -
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.parvane.app -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.parvane.app -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.parvane.app -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.parvane.app -
Performs UI accessibility actions on behalf of the user 1 TTPs 2 IoCs
Application may abuse the accessibility service to prevent their removal.
ioc Process android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.parvane.app android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.parvane.app
Processes
-
com.parvane.app1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Queries information about running processes on the device
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
PID:4617
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8B
MD5fa2ba47d959bc905fa6c6a1f3a87d81e
SHA184cc9b9d8bbf24a6b218c00870f70f07dddb60fb
SHA256998b91e6dc989e179e0b66a8ea8808900a2f8b57c25becabe89a708951253a7d
SHA512cef015cee2ea3fc040c9c84a16f9cc8864d107102c35285f9546b71c57b67076411b28aeae4281f0e88149225042a1e2ae36bb83f63adc451ee3f58f7057bbba
-
Filesize
1KB
MD54719f8d69a817a4b188d2d7a23c38dab
SHA1e1681db1f807c553c700f583daaca7b733ba0f53
SHA256320e8c68950b0af91f29c6f8f09d05c19dcdeca1699469172125babc4b82e7e9
SHA512f3ed3d6a09fb06f7edd2b8ff7692715ada0c786b2f970ddf0ddbc4004f4a37043a8edc1461015e6842cab821ed437bb7dd684f2e312a1a4f3bd4a90287ae6e1f
-
Filesize
2KB
MD53d406670b37998748de1b2032c5f281d
SHA129b6c565464fd22d30f8b261f219af2df30da925
SHA2563c38d1e85c9c83450344720aa25af08fe63716a19c0ddc74f94b1035ac373a40
SHA512d36625bf2b329590abe6a09907c478b2b1e57d2300039a4ac0ab31d377061ee30cc39173850661afbfc322b545391d6ecfd2753db819902d32e5b46900948a0b
-
Filesize
12KB
MD5bdf3529e80318eb14e53a5bf3720c10d
SHA125c9ace4b1af6e80ebb2572345972c56505969ba
SHA256bbc8300dd1e9cd08de8f66560c1ac2c928615b72b51cef9649f88974f586d64b
SHA51248b9c2d01171bb651b9b54826baa51f4add48431a3efd8ceb5f7cc3bcd6f8f37edf47fabb24349dd15b3a02329cd450f90a8d164bf4f8dfae554bf3b35a8a55b