Analysis

  • max time kernel
    47s
  • max time network
    67s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    14/10/2024, 17:29

General

  • Target

    b4b3ab34deb00c4c55ac990c2e276841601e6ccaf7357b65f147a99a49b049ac.apk

  • Size

    3.5MB

  • MD5

    303fc3b4d09701097230cdc4de062301

  • SHA1

    80128b5ceed888aba4b030c278fc2b6652b0477d

  • SHA256

    b4b3ab34deb00c4c55ac990c2e276841601e6ccaf7357b65f147a99a49b049ac

  • SHA512

    84dac40ac5b610032384f5cdc94d428fb74ae6ceb35a4f2edd0b844f8f1dbc853ffeb40394429a1295c160d4378a56d42616f64e4930f720058d6fa5cf0653f3

  • SSDEEP

    98304:cpF3/Hhf9+t4jm7rIpbjTLCKmYzt6oTwrnAK:ij9+s4CbjTLqIxK

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Performs UI accessibility actions on behalf of the user 1 TTPs 2 IoCs

    Application may abuse the accessibility service to prevent their removal.

Processes

  • com.parvane.app
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    PID:4617

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.parvane.app/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

          Filesize

          8B

          MD5

          fa2ba47d959bc905fa6c6a1f3a87d81e

          SHA1

          84cc9b9d8bbf24a6b218c00870f70f07dddb60fb

          SHA256

          998b91e6dc989e179e0b66a8ea8808900a2f8b57c25becabe89a708951253a7d

          SHA512

          cef015cee2ea3fc040c9c84a16f9cc8864d107102c35285f9546b71c57b67076411b28aeae4281f0e88149225042a1e2ae36bb83f63adc451ee3f58f7057bbba

        • /data/misc/profiles/cur/0/com.parvane.app/primary.prof

          Filesize

          1KB

          MD5

          4719f8d69a817a4b188d2d7a23c38dab

          SHA1

          e1681db1f807c553c700f583daaca7b733ba0f53

          SHA256

          320e8c68950b0af91f29c6f8f09d05c19dcdeca1699469172125babc4b82e7e9

          SHA512

          f3ed3d6a09fb06f7edd2b8ff7692715ada0c786b2f970ddf0ddbc4004f4a37043a8edc1461015e6842cab821ed437bb7dd684f2e312a1a4f3bd4a90287ae6e1f

        • /data/misc/profiles/cur/0/com.parvane.app/primary.prof

          Filesize

          2KB

          MD5

          3d406670b37998748de1b2032c5f281d

          SHA1

          29b6c565464fd22d30f8b261f219af2df30da925

          SHA256

          3c38d1e85c9c83450344720aa25af08fe63716a19c0ddc74f94b1035ac373a40

          SHA512

          d36625bf2b329590abe6a09907c478b2b1e57d2300039a4ac0ab31d377061ee30cc39173850661afbfc322b545391d6ecfd2753db819902d32e5b46900948a0b

        • /system_ext/framework/androidx.window.sidecar.jar

          Filesize

          12KB

          MD5

          bdf3529e80318eb14e53a5bf3720c10d

          SHA1

          25c9ace4b1af6e80ebb2572345972c56505969ba

          SHA256

          bbc8300dd1e9cd08de8f66560c1ac2c928615b72b51cef9649f88974f586d64b

          SHA512

          48b9c2d01171bb651b9b54826baa51f4add48431a3efd8ceb5f7cc3bcd6f8f37edf47fabb24349dd15b3a02329cd450f90a8d164bf4f8dfae554bf3b35a8a55b