Analysis
-
max time kernel
23s -
max time network
154s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
24-10-2024 22:04
Behavioral task
behavioral1
Sample
578a103e3064e135a772471a11bf76c6966cea8ea45746907e8c5b33172bb5c1.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
578a103e3064e135a772471a11bf76c6966cea8ea45746907e8c5b33172bb5c1.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
578a103e3064e135a772471a11bf76c6966cea8ea45746907e8c5b33172bb5c1.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
578a103e3064e135a772471a11bf76c6966cea8ea45746907e8c5b33172bb5c1.apk
-
Size
907KB
-
MD5
41000b5ebb492adcd4afafd049b078cc
-
SHA1
e1e938a4337dce01924c6b4107b4290eb071b11a
-
SHA256
578a103e3064e135a772471a11bf76c6966cea8ea45746907e8c5b33172bb5c1
-
SHA512
8a8a9c8a8ad3055bd1b66fb96d5a18588cd989d72991564afac58f350fdae8a6c80623de85fdb06e5e6de94834e7a72a83485228f0da753b56c8bad94123b4a3
-
SSDEEP
12288:l75K6Rq21wzSvNs+vz8eguM9Bj/wE+cgXJcVfmESeeeeeeeeedIDpsPl7656p7BO:mGNwzSvN/b8bZ9BbjgZ4+E+ol7nYyvkD
Malware Config
Signatures
-
pid Process 5141 com.tencent.mm -
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.tencent.mm Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.tencent.mm Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText com.tencent.mm -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.tencent.mm -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.tencent.mm -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.tencent.mm -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.tencent.mm -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.tencent.mm -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.tencent.mm -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.tencent.mm -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.tencent.mm
Processes
-
com.tencent.mm1⤵
- Removes its main activity from the application launcher
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:5141
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Foreground Persistence
1Hide Artifacts
1Suppress Application Icon
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
System Information Discovery
2System Network Configuration Discovery
1System Network Connections Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
48B
MD5534058b03134422eeb6493c1efc51e85
SHA1bf1bf0b14521d4d4002dbf59c8f435a5238390b8
SHA256888e57c1d06dc89ad6a1959cb0daaf41988b79880bb4a7eaa4d77dd68fde51bf
SHA512b9d6db5ceafccd11d37480b18c2c6755590e1061b17cfc2a35391424ee1fa97f09846847c14328fdd48874eb8083d5ab1677ec55be745b6d63a432c237228ff7
-
Filesize
12B
MD5a9256f55737b655c8cff95418411997c
SHA1d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24
SHA256bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412
SHA51210d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574
-
Filesize
283B
MD58e9b9a424fd79e057dbe3b5d49459077
SHA1f6863434b843f5d6256eb1977cf5929eea2711a6
SHA2569d23579e02b112892a99088ed2b23368fdae322c8cdf8f489788734ed149cb98
SHA5128d3dd6d0e0c718037cb034d16c31b7cc9f69922087e007345e800c8732349bdffb72bd2f186f15e1e9c0dba0baf1eeab662394b3bd21f8d5abbfbdad64f99acc