Overview

overview

10

Static

static

10

M-Pajak.apk

android-9-x86

7

Analysis

  • max time kernel
    149s
  • max time network
    140s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    22/10/2024, 14:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    M-Pajak.apk

  • Size

    13.0MB

  • MD5

    c99bcdb39aefa4cb6bc9b636a901e18d

  • SHA1

    413d0eb3abc888dd1084c8d45c0215d8f043ef33

  • SHA256

    2c94a882439bab72e612f424125b2854314c30e3748585b3ee4501edea5d5f7b

  • SHA512

    7fb77d22214d06d278ec1d8f05cc08a754a906ff03bccd92d1103106fece6423d1d4b0fd49e075d2a0d53b3b54a05e5ee81b17d84ce3eb22efd3a5a2fbcd06ae

  • SSDEEP

    196608:lpN6uZTK7VmWuFxX+uUubL1Nb7E6MjjjFYkhL7Ila4i+SPEEgWsteZZo9:lnWV+xXvX1d+Xai+SsEgaG9

Score
7/10
collectioncredential_accessdiscoveryevasionexecutionimpactpersistence

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries account information for other applications stored on the device 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Queries information about running processes on the device 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 3 IoCs
    impact

Processes

  • com.aa.bb
    1⤵
    • Makes use of the framework's Accessibility service
    • Queries account information for other applications stored on the device
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4316
    • getprop ro.build.display.id
      2⤵
        PID:4679
      • getprop ro.build.display.id
        2⤵
          PID:4839
        • getprop ro.build.display.id
          2⤵
            PID:4874
          • getprop ro.build.display.id
            2⤵
              PID:4906
            • getprop ro.build.display.id
              2⤵
                PID:4926
              • getprop ro.build.display.id
                2⤵
                  PID:4967
              • com.aa.bb:main
                1⤵
                • Queries account information for other applications stored on the device
                • Queries information about running processes on the device
                • Schedules tasks to execute at a specified time
                • Uses Crypto APIs (Might try to encrypt user data)
                PID:4417
              • com.aa.bb:s1
                1⤵
                • Queries account information for other applications stored on the device
                • Queries information about running processes on the device
                • Uses Crypto APIs (Might try to encrypt user data)
                PID:4441

              Network

              MITRE ATT&CK Mobile v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • /data/data/com.aa.bb/no_backup/androidx.work.workdb
                Filesize

                100KB

                MD5

                42c888c60844774dadaddfc74f2eab3f

                SHA1

                1d7cebbc48d12e6483bebe4ffbdcd3bfcd1735f1

                SHA256

                0bc2c97c0d190cee193cc55b7c3e56247e27f3b5e098b0667839c51f825c57cc

                SHA512

                36375daea51aae97e1b5c03b152f7a1ac428bcd4343849c251196d74232a8c9611e495c1d0a74c96365c4a7f17d6d747fca2a7ead6dcf31f841ab79e3848586b

                Download Submit

              • /data/data/com.aa.bb/no_backup/androidx.work.workdb-shm
                Filesize

                32KB

                MD5

                bb7df04e1b0a2570657527a7e108ae23

                SHA1

                5188431849b4613152fd7bdba6a3ff0a4fd6424b

                SHA256

                c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

                SHA512

                768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

                Download Submit

              • /data/data/com.aa.bb/no_backup/androidx.work.workdb-wal
                Filesize

                402KB

                MD5

                f4706fdda5c03391a02fe7fb7a57ca7b

                SHA1

                c15a148e8732fe4d75505a7eaf810304d87c69f8

                SHA256

                7818a68863caa0130996f4b5baf88d472a9cbd685d13f37a05e3ce7bd4c05a31

                SHA512

                a7c315116bdaa986ac47bb795d5c5dc4b87d4f5d38a614435f4c09f8ee88e9f00e5da37a94982c95b409f9365449fd8ac4a90535ac86f1c2fb48b74bd817bf04

                Download Submit