Overview

overview

10

Static

static

10

ready.apk

android-11-x64

7

ready.apk

android-13-x64

7

Analysis

  • max time kernel
    599s
  • max time network
    608s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    27-10-2024 10:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ready.apk

  • Size

    3.8MB

  • MD5

    65d2487a271d425b5c0b12a11f6a0c9d

  • SHA1

    51d4133845836be6228f4961ba711113c8461ecb

  • SHA256

    7dc8ebd9035e77665645b9cadfd026a8fea47b7c1c0b525ac170286f5f04a8b3

  • SHA512

    7817720df7f21c001241e4f691f8648c10503ad3dcfb5060d6ae4a473a7bd382050a7a97b253e82b11ae87fc37a3284c01f3200390af6351cda4a07d35e041af

  • SSDEEP

    49152:wO3XRIciVl0XjkNmvnF6qvLaBRuH3YmzazdGGaQTOJpU3Yqs0cgNHNNRVikD9k:7XRiIAY7zeRuXYmzazB1TA0tNHNN79k

Score
7/10
bankercollectioncredential_accessdiscoveryevasionexecutionimpactpersistence

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 8 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Requests enabling of the accessibility settings. 1 IoCs
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • divisions.jennifer.easier
    1⤵
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries information about active data network
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Requests enabling of the accessibility settings.
    • Schedules tasks to execute at a specified time
    • Checks CPU information
    • Checks memory information
    PID:4440

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Foreground Persistence

1
T1541

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Foreground Persistence

1
T1541

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-27.txt
    Filesize

    29B

    MD5

    f46691b3e54064c1499dd83875f10492

    SHA1

    3a9cea7d69dfd8f23bcb6ba01c27253d1a008796

    SHA256

    cb30df4ec7a2c2a9388cb881bb00d6f9113eab4a939dd76e6b696b99c54783e3

    SHA512

    2ecba81fe35343a26eef57636ae0693ee5d88df277840b8622b3ebc0082a85ec1278a59b426a0f953b87dbd195ae4bfe5acff590b20a30f45f20e79481ffeb7f

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-27.txt
    Filesize

    25B

    MD5

    ba30336bf53d54ed3c0ea69dd545de8c

    SHA1

    ce99c6724c75b93b7448e2d9fac16ca702a5711f

    SHA256

    2d6988fb5afdaafc4e33fa1f71d6f10c95ab5a49a8ec820add5b13eef05439af

    SHA512

    eea34ca526e03349e746d3687ea660b4748f0174fe2ffdb65161e232e08630b345e03329614852ce881a71362ba68575e9dd08fa361a416e5b2fb231e21a0a3e

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-27.txt
    Filesize

    280B

    MD5

    c96caf9120fd89ac856ca6b68121c9a9

    SHA1

    73571bc01cf5257fdd604a4214fc6e92380dff51

    SHA256

    350c7b0ead80c263969c1fe7851e5d3a8d3e0c0d025ec655c1b148044d3ffc58

    SHA512

    ee09bb71e22607730538055cbd5eb2791db28502f0d023320d346ee9b0bba8497814519343971630e8fa9ed82725a44653c0dfaee53e156a316a48aa30bd0b1b

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-27.txt
    Filesize

    57B

    MD5

    3af69119804d1d999d56d230338ffd36

    SHA1

    69350826205583c8acc385ee0a6e3fc2673ee2ca

    SHA256

    10994862cb263ab6b1e4428cc24cc9c585458fc67544fe0f5dfea81a5a7a115c

    SHA512

    4a41b19d28f637b397d9dff225621694c44c750a9bd65f3e6ad5d3b9acf0d118910ddf53d4618213f9e14c61e0fb154f33f2747dd3b8d50459990767f42fc8cb

    Download Submit