Analysis

  • max time kernel
    29s
  • max time network
    37s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240624-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
  • submitted
    14/10/2024, 17:17

General

  • Target

    880c9f65c5e2007bfed3a2179e64e36854266023a00e1a7066cbcf8ee6c93cbc.apk

  • Size

    2.5MB

  • MD5

    d9763c68ebbfaeef4334cfefc54b322f

  • SHA1

    cb6f9bcd4b491858583ee9f10b72c0582bf94ab1

  • SHA256

    880c9f65c5e2007bfed3a2179e64e36854266023a00e1a7066cbcf8ee6c93cbc

  • SHA512

    4a408c2b284632f54dcb91568161f951d3d36d4092eb9c3f4a823cebf1e5e89395693dd31ba8dbd90bf392b96944fda96c5d01cd149c934c3401e606efe914d4

  • SSDEEP

    49152:XtLVdMwtV/l221ikvxQ/1UVjtCXnmptDGCz4aBR1gwmbu:9LZtV/lCkY1UVjinYtD7z4Dbu

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Performs UI accessibility actions on behalf of the user 1 TTPs 5 IoCs

    Application may abuse the accessibility service to prevent their removal.

  • Reads information about phone network operator. 1 TTPs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • suds.expend.affiliate.rising
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Checks CPU information
    • Checks memory information
    PID:4310

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/suds.expend.affiliate.rising/code_cache/decrypted.dex

          Filesize

          972KB

          MD5

          f9d5b402acee67675f87d33d7d52b364

          SHA1

          c7ebf2adfd6482e1eb2c3b05f79cdff5c733c47b

          SHA256

          6c045a521d4d19bd52165ea992e91d338473a70962bcfded9213e592cea27359

          SHA512

          6b64569a675dd1186e11aebbc136d7cbd302f02493b48e82fe0916bdd86547a40b3e988a4c122895b11c562d857e0311b851f80b4915e28bf9111140afd47a31