Analysis
-
max time kernel
149s -
max time network
156s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
24-10-2024 22:04
Behavioral task
behavioral1
Sample
578a103e3064e135a772471a11bf76c6966cea8ea45746907e8c5b33172bb5c1.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
578a103e3064e135a772471a11bf76c6966cea8ea45746907e8c5b33172bb5c1.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
578a103e3064e135a772471a11bf76c6966cea8ea45746907e8c5b33172bb5c1.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
578a103e3064e135a772471a11bf76c6966cea8ea45746907e8c5b33172bb5c1.apk
-
Size
907KB
-
MD5
41000b5ebb492adcd4afafd049b078cc
-
SHA1
e1e938a4337dce01924c6b4107b4290eb071b11a
-
SHA256
578a103e3064e135a772471a11bf76c6966cea8ea45746907e8c5b33172bb5c1
-
SHA512
8a8a9c8a8ad3055bd1b66fb96d5a18588cd989d72991564afac58f350fdae8a6c80623de85fdb06e5e6de94834e7a72a83485228f0da753b56c8bad94123b4a3
-
SSDEEP
12288:l75K6Rq21wzSvNs+vz8eguM9Bj/wE+cgXJcVfmESeeeeeeeeedIDpsPl7656p7BO:mGNwzSvN/b8bZ9BbjgZ4+E+ol7nYyvkD
Malware Config
Signatures
-
pid Process 4646 com.tencent.mm -
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.tencent.mm Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.tencent.mm Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText com.tencent.mm -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.tencent.mm -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.tencent.mm -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.tencent.mm -
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
description ioc Process Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS com.tencent.mm -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule com.tencent.mm -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.tencent.mm -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.tencent.mm
Processes
-
com.tencent.mm1⤵
- Removes its main activity from the application launcher
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4646
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Foreground Persistence
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
12B
MD5a9256f55737b655c8cff95418411997c
SHA1d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24
SHA256bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412
SHA51210d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574
-
Filesize
48B
MD5534058b03134422eeb6493c1efc51e85
SHA1bf1bf0b14521d4d4002dbf59c8f435a5238390b8
SHA256888e57c1d06dc89ad6a1959cb0daaf41988b79880bb4a7eaa4d77dd68fde51bf
SHA512b9d6db5ceafccd11d37480b18c2c6755590e1061b17cfc2a35391424ee1fa97f09846847c14328fdd48874eb8083d5ab1677ec55be745b6d63a432c237228ff7
-
Filesize
283B
MD58e9b9a424fd79e057dbe3b5d49459077
SHA1f6863434b843f5d6256eb1977cf5929eea2711a6
SHA2569d23579e02b112892a99088ed2b23368fdae322c8cdf8f489788734ed149cb98
SHA5128d3dd6d0e0c718037cb034d16c31b7cc9f69922087e007345e800c8732349bdffb72bd2f186f15e1e9c0dba0baf1eeab662394b3bd21f8d5abbfbdad64f99acc