Analysis
-
max time kernel
148s -
max time network
155s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
-
submitted
23/10/2024, 01:26
General
-
Target
dba4737e91339f67bdb890e2377161c31465f958228ae1ab3a20ce7834c3e9b6.apk
-
Size
13.0MB
-
MD5
718887ad2f0fa61410d21820d81a78c3
-
SHA1
5daac2c3e77b804468031bc4c7ff5bdda2abb9be
-
SHA256
dba4737e91339f67bdb890e2377161c31465f958228ae1ab3a20ce7834c3e9b6
-
SHA512
5ddf55c38006c5eddb29896bd403d14840c5dcac8515ec3b45f7475c574dc67a7423ed4b33785d68ce284b4119d0c2abd9b5b7c0177f9340157c671ad3bec136
-
SSDEEP
393216:QnhjBxXnGGlm7vdwTfDP8ig9aUZ5h9geXQ:Q1PVmBwTfDP+aQ5h9tXQ
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries account information for other applications stored on the device 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries information about running processes on the device 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Acquires the wake lock 1 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about active data network 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 2 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 3 IoCs
Processes
-
com.aaa.ccc1⤵
- Makes use of the framework's Accessibility service
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
-
getprop ro.build.display.id2⤵
-
-
getprop ro.build.display.id2⤵
-
-
getprop ro.build.display.id2⤵
-
-
getprop ro.build.display.id2⤵
-
-
getprop ro.build.display.id2⤵
-
-
getprop ro.build.display.id2⤵
-
-
getprop ro.build.display.id2⤵
-
-
getprop ro.build.display.id2⤵
-
-
getprop ro.build.display.id2⤵
-
-
getprop ro.build.display.id2⤵
-
-
getprop ro.build.display.id2⤵
-
-
getprop ro.build.display.id2⤵
-
-
getprop ro.build.display.id2⤵
-
-
getprop ro.build.display.id2⤵
-
-
getprop ro.build.display.id2⤵
-
-
getprop ro.build.display.id2⤵
-
-
getprop ro.build.display.id2⤵
-
-
getprop ro.build.display.id2⤵
-
-
getprop ro.build.display.id2⤵
-
-
getprop ro.build.display.id2⤵
-
-
getprop ro.build.display.id2⤵
-
-
getprop ro.build.display.id2⤵
-
-
getprop ro.build.display.id2⤵
-
-
getprop ro.build.display.id2⤵
-
-
getprop ro.build.display.id2⤵
-
-
getprop ro.build.display.id2⤵
-
-
getprop ro.build.display.id2⤵
-
-
getprop ro.build.display.id2⤵
-
-
getprop ro.build.display.id2⤵
-
-
com.aaa.ccc:main1⤵
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
-
com.aaa.ccc:s11⤵
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
100KB
MD5901bcd3503fe37e5b12caee044875c8c
SHA195640d20ddc78ae22cd036c263669ffd20ce4889
SHA256c20c54b66161e982e03383b6ccaaab2bc12ceb04556f5ce0d2b45672fdcc8815
SHA512d56ebac17224a805adfe2e49d714d35b6e44c3ed84a7967dfcaeb76d37db761c96785178532ecf42ada9f126f40020916546fc0b5ce30b10d612e7793300336f
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
410KB
MD5529880e3350b1418435d32c2403e453b
SHA1f1d3d6d3d1a2543ec15a9938cbdd6231bef0636f
SHA2563f82f7afce8e672822edc1982e9da105cf3b7070ce445c6f772a9775f82b67a3
SHA512f5b352494ca2328346f58b6c972729e8168b2b1aa2e8119c73874a01dc0462f9fc4795c3bf05774fb1c850e90ba1340790d720f43d7a83f024e6e31a0802f221