40aa6f968973ce35adf461872d5aa44fd64bd35c6bc50f6d4e7228239c22c0d2

Analysis

max time kernel
17s
max time network
151s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
16-10-2024 22:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40aa6f968973ce35adf461872d5aa44fd64bd35c6bc50f6d4e7228239c22c0d2.apk
Size

4.4MB
MD5

963b8373e3ab385651cfbe4d0d226d19
SHA1

7587a27b6ebabf7e56b75c4e931851295cd39007
SHA256

40aa6f968973ce35adf461872d5aa44fd64bd35c6bc50f6d4e7228239c22c0d2
SHA512

46cef2cfd195c6c1bd110fcf33219f6c9117e0788f69e9969c2cb5e77c356e778a9be6d4090a17fc844e5a5b6648e053fa0d09fa118df483a63d1e49939abf7b
SSDEEP

98304:ZHfrbzjXCFpZpKmqk5sjcstp0ZU05uZEpSYcNQ6i2infseJjPUYl:1Skk5sjXcoZiFIOsyMk

Score

8^/10

banker collection credential_access discovery evasion persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

Suppress Application Icon
T1628.001

Processes:

com.tencent.mm

pid process

4258 com.tencent.mm

pid	process
4258	com.tencent.mm

Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

Processes:

com.tencent.mm

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.tencent.mm

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
collection

Stored Application Data
T1409

Processes:

com.tencent.mm

description ioc process

Framework service call android.accounts.IAccountManager.getAccounts com.tencent.mm
Reads the contacts stored on the device. 1 TTPs 1 IoCs
collection

Contact List
T1636.003

Processes:

com.tencent.mm

description ioc process

URI accessed for read content://com.android.contacts/data/phones com.tencent.mm
Reads the content of the calendar entry data. 1 TTPs 1 IoCs
collection

Calendar Entries
T1636.001

Processes:

com.tencent.mm

description ioc process

URI accessed for read content://com.android.calendar/events com.tencent.mm
Reads the content of the call log. 1 TTPs 1 IoCs
collection

Call Log
T1636.002

Processes:

com.tencent.mm

description ioc process

URI accessed for read content://call_log/calls com.tencent.mm
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery evasion

Location Tracking
T1430

Geofencing
T1627.001

Processes:

com.tencent.mm

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.tencent.mm
Acquires the wake lock 1 IoCs

Processes:

com.tencent.mm

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.tencent.mm
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

Foreground Persistence
T1541

Processes:

com.tencent.mm

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.tencent.mm
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.tencent.mm

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.tencent.mm
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
evasion

User Evasion
T1628.002

Processes:

com.tencent.mm

description ioc process

Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS com.tencent.mm
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
evasion

User Evasion
T1628.002

Processes:

com.tencent.mm

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.tencent.mm
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.tencent.mm

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.tencent.mm

description	ioc	process
Framework service call	android.accounts.IAccountManager.getAccounts	com.tencent.mm

description	ioc	process
URI accessed for read	content://com.android.contacts/data/phones	com.tencent.mm

description	ioc	process
URI accessed for read	content://com.android.calendar/events	com.tencent.mm

description	ioc	process
URI accessed for read	content://call_log/calls	com.tencent.mm

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.tencent.mm

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.tencent.mm

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.tencent.mm

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.tencent.mm

description	ioc	process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.tencent.mm

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.tencent.mm

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.tencent.mm

com.tencent.mm
1⤵
- Removes its main activity from the application launcher
- Makes use of the framework's Accessibility service
- Queries account information for other applications stored on the device
- Reads the contacts stored on the device.
- Reads the content of the calendar entry data.
- Reads the content of the call log.
- Requests cell location
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about the current Wi-Fi connection
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4258

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Foreground Persistence

T1541

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

User Evasion

T1628.002

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Location Tracking

T1430

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Location Tracking

T1430

Protected User Data

T1636

Calendar Entries

T1636.001

Call Log

T1636.002

Contact List

T1636.003

Screen Capture

T1513

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.tencent.mm/databases/Dname-journal

Filesize
512B

MD5
f4972271fd43ec46232a4cd76abfee9b

SHA1
a17d52916580aabc6d61f702b709f45cf97bc2ba

SHA256
94074e91315555ad63865e389dd1af7c9b19a69c9de9199ea7b1fff1d3c9c5c3

SHA512
5f7d0d54e909258c1d72c8906c63c24ffc8938ebf7024999aa9b2756929fc2fec35f89906bfa9170b3b9f9b6a7cb9cdf6e1fde342013d1ba8a6b8ba500bb94d7

Download Submit
/data/data/com.tencent.mm/databases/Dname-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.tencent.mm/databases/Dname-wal

Filesize
60KB

MD5
0a31f45c462f54669cee9ae7dae12ae8

SHA1
17b34ea71b91d095baeab8f05db9e34f9b5528a6

SHA256
bd5378ffd7e02a706d6d908068375063780ef0a116478314737b657c47f9dfd8

SHA512
75e8fcd9978a62006a86246d8d9df79f4bc55247aa1cb048a75e58dde6dcb317ab7146727916e273072a5886a5da44c9d7656a0b0a72ced6169af9e863b298a7

Download Submit
/data/data/com.tencent.mm/databases/evernote_jobs.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.tencent.mm/databases/evernote_jobs.db-journal

Filesize
512B

MD5
795b770526f436804f0ae0630c0f90e1

SHA1
1ba5013528714534d8fbbdc989c7d47fbb4194c4

SHA256
4df207adafcfdd41ae02d79f4f692bcb4e82322c5f544e7d88e7ff03a4068707

SHA512
64683a46ccc3456bb0c8421bc7941a8913f6e90f85149c1dddc950eb1f76f8c998a1feb3335c0dd2c54264d43927b6fc70c61be3b28b8a43de30be7881e13ce1

Download Submit
/data/data/com.tencent.mm/databases/evernote_jobs.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.tencent.mm/databases/evernote_jobs.db-wal

Filesize
32KB

MD5
e5e5e38242c50d136a3f9eeea727fb32

SHA1
c2345bb5e0591a14f01ec4b7094ac9879ea99a98

SHA256
0ddef91d996852d327888809635bc7485e8beef6091b3f62f2950b7318882684

SHA512
a13e1082c6501d9dab3ed82568b2efc5ddbdbf692ebe36380a60e00fd30a2cecf4759c04439d056207a52c6a0fe4d54150e7b5c5f07c9323c5f69743418cf21b

Download Submit
/data/data/com.tencent.mm/files/CallLogs.txt

Filesize
3B

MD5
58e0494c51d30eb3494f7c9198986bb9

SHA1
cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d

SHA256
37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570

SHA512
b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

Download Submit
/data/data/com.tencent.mm/files/GP.txt

Filesize
116B

MD5
b55927b645e2d2c11c9d6e1499502f76

SHA1
332df02eed278f37f42c5763f29f1d12339ac2a6

SHA256
4242cd87b1b9b16086d4cbee8cc8487467f38d24b282af300277925aeed0fa99

SHA512
d6b9baacd80ad505c4cfde40fc090816f90000a552bce36db3471c682bfd219b78842556370b323ee1f9f0abcbf3c0be107b9a68473948c91cb32147b4b9ca27

Download Submit
/data/data/com.tencent.mm/files/GP.txt

Filesize
126B

MD5
a1600aa83b646d231bbde0b0c192e083

SHA1
2545dee110403e7591dc01c235783f88e077549f

SHA256
fb653cd8e4bcb9be9662284063c57e0c3aa9ae33eabd2c69d89b0b35793aa95f

SHA512
de2f53c58b209428b6b4bd6f0ab78c630e68fd9e9df670eb919b64a4bda1f3d1a2c6e34457143cb881aa1804bf49d2d93b74cfd6ad2e70f500ddc53b59bda68d

Download Submit
/data/data/com.tencent.mm/files/Tree.txt

Filesize
282B

MD5
2d022d560de94bff00db27f44e164385

SHA1
c540d20f37bc9b4a3541ae994b6f72f08eaf18c6

SHA256
dc45589dec804b2a860b28e1fc97b77b40fdecdd4de504f5ee50ee095b14bf13

SHA512
ea6bfcccca9badd3d3ceb687b368c16d8e21134a333e4787b16a58dbd33aa8f42906eadddb87a99621f7101fe9eeaa1320d637abd5c637f5125f6f342a392e06

Download Submit
/data/data/com.tencent.mm/files/accounts.txt

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
/data/data/com.tencent.mm/files/netinfo.txt

Filesize
609B

MD5
8c54ffaa1deb7f6a1e830cce71d82a56

SHA1
a5ba0e2d1749290194f4c840c766ce0119df94a5

SHA256
dcf3e8d55b7cd08b9177626d61f39c68c91e45ac1cfbaf6b12d796a08b86e69e

SHA512
deb2676ece8edc1d36f92332fa16f42fbd194df97ffc708622893ffe4ab370c842299344c3fedc7fc154728bded84dd05fefdb77831a28a2fc934a3a703b14ae

Download Submit
/data/data/com.tencent.mm/files/pkinfo.txt

Filesize
5KB

MD5
9857c0caa99fde5d0bf47c0ee0fd821b

SHA1
ef4629899e6ebbdbaf45ca4885f5b960da25538f

SHA256
d68311a5561ada62ee327cda3a9b29c41ed0d7bc16586f9af6d5595a96d497a8

SHA512
312c11c7b41384fd5a7ef466f06813c09f6c661ade0ed4ffe6e8e88969f2ba31257a90333b13ce8d4b2ab0692318b638f06aecfea11aeb2df3739580e635a148

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-10-16.txt

Filesize
287B

MD5
ab06149c8ca16299223a8078542e283e

SHA1
a8bb5818ad8250c1c2a65b1f51f37c91c5cad229

SHA256
204e160a99fc4874eab3634f8ecc9c3ed8d558f35c47048702a779516b64def9

SHA512
fb570358c6bdc5a515446040458f7a6dbb6b1c79c365650c992db4d0f065115e763f050ffbbd82d4fafe4b408203a9a792249514bba56c9998e86bbc5cc06173

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-10-16.txt

Filesize
12B

MD5
a9256f55737b655c8cff95418411997c

SHA1
d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24

SHA256
bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412

SHA512
10d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-10-16.txt

Filesize
32B

MD5
2645a22ef836e09fa68c45107ec71b41

SHA1
fb78bf6cb7a2a04b7a0cf7f2046847f9a994c3b0

SHA256
965a834278b9e32d974557cbb26a7c6d783b0631ea85f2447f9eca791edf5409

SHA512
ee5c668a6f10bfa5a30c937c3b190549bb3f989cb0367af233df610f1ec3efd251a69ff6b3ef6398d6420689c990d2691fdcdc5d4bda73a237e1ff1cf72dcfd0

Download Submit