Analysis
-
max time kernel
149s -
max time network
154s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
-
submitted
24-10-2024 22:04
General
-
Target
578a103e3064e135a772471a11bf76c6966cea8ea45746907e8c5b33172bb5c1.apk
-
Size
907KB
-
MD5
41000b5ebb492adcd4afafd049b078cc
-
SHA1
e1e938a4337dce01924c6b4107b4290eb071b11a
-
SHA256
578a103e3064e135a772471a11bf76c6966cea8ea45746907e8c5b33172bb5c1
-
SHA512
8a8a9c8a8ad3055bd1b66fb96d5a18588cd989d72991564afac58f350fdae8a6c80623de85fdb06e5e6de94834e7a72a83485228f0da753b56c8bad94123b4a3
-
SSDEEP
12288:l75K6Rq21wzSvNs+vz8eguM9Bj/wE+cgXJcVfmESeeeeeeeeedIDpsPl7656p7BO:mGNwzSvN/b8bZ9BbjgZ4+E+ol7nYyvkD
Malware Config
Signatures
-
Removes its main activity from the application launcher 1 TTPs 1 IoCs
-
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Acquires the wake lock 1 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.tencent.mm1⤵
- Removes its main activity from the application launcher
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries the mobile country code (MCC)
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Foreground Persistence
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
12B
MD5a9256f55737b655c8cff95418411997c
SHA1d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24
SHA256bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412
SHA51210d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574
-
Filesize
32B
MD5928898e46af173b1274f51f5c36111c7
SHA17611e871c77e45189dbf9858f5a5a5de9166d374
SHA256ea24d7e2abf10f4f594ef55725146333bca52e50450f558129491607869c3f73
SHA5124c1fefc23f1f652cfa8a45cbde1848960b38c0ae453365e598a5ee24e315c4d1a2b0978bff1fdedeac5783455e5d74e22b3e4a0b36dab8fbe5a47f3d6d42bdb9
-
Filesize
283B
MD58093fa3ba1dc6220cc3ac6be44c35749
SHA14225e496bf11d4bbd18402c7ef20f8afb9a3e673
SHA256d51faeb71ed46e4b9c037319e36038e2f97aa8d77803aa8b0c18b5edb8907b65
SHA512489d2339ce849e91c97cdb849196b04459cff0c09988b5291210dc5efd2f89828faa477e5ddb140630e55313db7a402ba6c10de5b5fb6238bb33338acd6b9738