Analysis
-
max time kernel
149s -
max time network
148s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
-
submitted
23-10-2024 15:11
General
-
Target
ready.apk
-
Size
30.0MB
-
MD5
fe30c5244d8c0dcd120bad0ae5a5a6fe
-
SHA1
baffcc6ef4f1888b16a6c0c1d88814bd048a77e6
-
SHA256
4b01ec065b4cd922e567193200bbaf1f22cf55a29a9d770e645a01e266e1b04f
-
SHA512
6bf6562dadfe963aac6f76723d7afa9361c9261d7522d891905f5d759243881390757ccf956bbdf81212d2d8f1f1ef8443c2f8a179803b8ce56959ec749ac717
-
SSDEEP
12288:tw6ngF8WhKT8IizVJ7VulZMPh585XNLusT3cgtN0F346Rq21hg0QtWDrQd:U8WhK5ipcZMPh5OLHT3SF34GNSKrI
Malware Config
Signatures
-
Removes its main activity from the application launcher 1 TTPs 1 IoCs
-
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Acquires the wake lock 1 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.appser.verapp1⤵
- Removes its main activity from the application launcher
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries the mobile country code (MCC)
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Foreground Persistence
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36B
MD555126f07bbd59853268feff1ca6c6463
SHA106b854eb3aef35df9712b5bac0c0d1a576b42c71
SHA2560919a5c670966b1972ce0c519cdce446f8b6772ab0305d418764d0fd38fcb3fd
SHA51275fc4c3704460f9f1d76f067348fb36e2a0574008977ec8adf8960f6ff12a2e4b44d1f36ced4191beda3900133d5c96bb8bf7bb2bb7c3df859b3a6b307292e62
-
Filesize
275B
MD57e028d2168485ca549bbd24bbe6705e8
SHA184b0802edb73259a0c4053c9f66a07761b249d4e
SHA2561da985e6d432eaf9134c1a4fd4b00ef928cb8ac0bed3865d7751f6fab8175d0d
SHA512bb48f9989464f4afc4a6b72e54a5871c7d8a4b3fb1e5c38321794507cdb095c23f9a12d5b37827d84c96e568c7f67667b7b76b5947757acf9dfd9c36e350bc91
-
Filesize
28B
MD5d2b49bb9a8a1e20f18508e760b47811d
SHA1e7c6a4de64f8a00ddc43c52edcb3a7d1bd5fe802
SHA2565105c68bc744dce2b52b19d8b7ef6b9798d5dc786a2c65750b8eabcf0d508e49
SHA512dd6cbce6e9dc9848c72181afbb7d0a6135c47bb1f1c4217cd29ec4603048622b2e30fb171a0be8ce09ae31db61503b5695abd6e5a1eaca34e4d0ae8a528996c2