Analysis
-
max time kernel
59s -
max time network
45s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
30-10-2024 23:41
Behavioral task
behavioral1
Sample
Vavada.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
Vavada.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
Vavada.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
Vavada.apk
-
Size
3.8MB
-
MD5
d83333cf8add0987d3b3e5ebb98ff12c
-
SHA1
41ded4b0f5efb4ccfbe34e6ca43a07fa39ec9a43
-
SHA256
5b4fa3c6c80e071c55defa741ae1d95e5d19566f1a8c8bc326f1c7cd85289416
-
SHA512
0d95e8a203a2c4f7c6a957e57d252a8773e15dae3a52e852e98cfab660d077b0f0774950cadc939d3ed1fbb8c4fb5ec5a9d99f09488d69fd6fb4f9a8bca55998
-
SSDEEP
49152:inFc7vtaOUX4O6R+AHmB81kUdc1wmzZzdGGpQTOT3UBYqu0cghQ9jikGK:2q7v4H4O58fCwmzZzBmTg0thQcK
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId matrix.predicted.indicates Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText matrix.predicted.indicates Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId matrix.predicted.indicates -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock matrix.predicted.indicates -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground matrix.predicted.indicates -
Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs
Application may abuse the accessibility service to prevent their removal.
ioc Process android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction matrix.predicted.indicates android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction matrix.predicted.indicates android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction matrix.predicted.indicates android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction matrix.predicted.indicates -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo matrix.predicted.indicates -
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
description ioc Process Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS matrix.predicted.indicates -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver matrix.predicted.indicates -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule matrix.predicted.indicates
Processes
-
matrix.predicted.indicates1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
- Queries information about active data network
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:4262
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Foreground Persistence
1Hide Artifacts
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Discovery
Software Discovery
1Security Software Discovery
1System Network Connections Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
21B
MD5a321fc986b2570a7b24effe9e6475da9
SHA184fb8302687d1bf7e971f85b7ad80098c033fe2d
SHA2564e7076ecf79121835420f9c2cc90c3155fcd7f943695e54e8ec57218d2398abf
SHA5123b5249fdd93e67d625b1c45234a81979d3a34b9338a6c3c8960366ba9a5c26007364247c1da45f1f82391043d4c13fa060723b93e809170859a276d57c46ec4e
-
Filesize
25B
MD5ba30336bf53d54ed3c0ea69dd545de8c
SHA1ce99c6724c75b93b7448e2d9fac16ca702a5711f
SHA2562d6988fb5afdaafc4e33fa1f71d6f10c95ab5a49a8ec820add5b13eef05439af
SHA512eea34ca526e03349e746d3687ea660b4748f0174fe2ffdb65161e232e08630b345e03329614852ce881a71362ba68575e9dd08fa361a416e5b2fb231e21a0a3e
-
Filesize
276B
MD5ad306204c5771b12c2fcad91bcbaae0a
SHA1b5cea55c7b372b30d784ff7e904390a7293e8b34
SHA2566a7852f3b8dbf59d31bf1fb2880d60a5c0479f1048b386b528f0fdc8f0960a18
SHA5122d9b8acea928c114038edbc83f300765a16fa041da1ce9ae40cc81b55849108afb44446364f96bb7d95d575f34db00555fdf9e40159496cf501277a521d1e76f
-
Filesize
57B
MD53af69119804d1d999d56d230338ffd36
SHA169350826205583c8acc385ee0a6e3fc2673ee2ca
SHA25610994862cb263ab6b1e4428cc24cc9c585458fc67544fe0f5dfea81a5a7a115c
SHA5124a41b19d28f637b397d9dff225621694c44c750a9bd65f3e6ad5d3b9acf0d118910ddf53d4618213f9e14c61e0fb154f33f2747dd3b8d50459990767f42fc8cb