2d5b6806d9ad74062f2cc6cf2dc5e0f6545639a1b3e6c00ca2f5528f09612783

General

Target

Pixel Art.apk
Size

5.5MB
MD5

33dc08a89280839d5ebe61f8ba3c5b83
SHA1

6b9ba586147691f86a1318007d35408085a384b7
SHA256

2d5b6806d9ad74062f2cc6cf2dc5e0f6545639a1b3e6c00ca2f5528f09612783
SHA512

836b2d0c30a34ef2ec544326bac9e605881aedc4d61fcefbbc81ee92919904148e493f76fc26c9a9fecacc9b12ec327c44cb5cec9f3a4f35f53bee39823ea845
SSDEEP

98304:959As3Vg0JZ6hzQTs7dyxcP3FtzoNEV5mzMzBiTs0txFzI3:9gai0JZ3Ts7dy6P3ciVMzx/2

Score

7^/10

collection credential_access evasion execution persistence

Malware Config

Signatures

Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

Processes:

criticism.searchcom.looks

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	criticism.searchcom.looks
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	criticism.searchcom.looks
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	criticism.searchcom.looks

Acquires the wake lock 1 IoCs

Processes:

criticism.searchcom.looks

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock criticism.searchcom.looks
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

Foreground Persistence
T1541

Processes:

criticism.searchcom.looks

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground criticism.searchcom.looks

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	criticism.searchcom.looks

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	criticism.searchcom.looks

Performs UI accessibility actions on behalf of the user 1 TTPs 8 IoCs

Application may abuse the accessibility service to prevent their removal.

evasion

Prevent Application Removal

T1629.001

Processes:

criticism.searchcom.looks

ioc	process
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	criticism.searchcom.looks
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	criticism.searchcom.looks
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	criticism.searchcom.looks
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	criticism.searchcom.looks
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	criticism.searchcom.looks
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	criticism.searchcom.looks
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	criticism.searchcom.looks
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	criticism.searchcom.looks

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

criticism.searchcom.looks

description ioc process

Framework service call android.app.IActivityManager.registerReceiver criticism.searchcom.looks
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

Scheduled Task/Job
T1603

Processes:

criticism.searchcom.looks

description ioc process

Framework service call android.app.job.IJobScheduler.schedule criticism.searchcom.looks

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	criticism.searchcom.looks

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	criticism.searchcom.looks

criticism.searchcom.looks
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:4965

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1

T1603

Persistence

Event Triggered Execution

1

T1624

Broadcast Receivers

1

T1624.001

Foreground Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Foreground Persistence

1

T1541

Impair Defenses

1

T1629

Prevent Application Removal

Input Injection

Credential Access

Input Capture

2

T1417

GUI Input Capture

1

T1417.002

Keylogging

1

T1417.001

Discovery

Lateral Movement

Collection

Input Capture

2

T1417

GUI Input Capture

1

T1417.002

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

1

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/Config/sys/apps/log/log-2024-10-30.txt

Filesize
25B

MD5
0300ec2f8d88e07f8983e99b902851d4

SHA1
ab19b1319d461e2ca7808025c2d2a1852f39cced

SHA256
ff7c4baeb96176e50875a3530f2d6fe37a3ab1c0b33c568db7326e0a52bcf7a8

SHA512
d8e7c24644da8672b1df959ded2ee1dc2ab673151a1e987ad1e4a1d52da3e784e076ec91fa096a665d75dd91c7ac9563e689d452e405119352ae4761d93bd5bf

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-10-30.txt

Filesize
25B

MD5
0d5535c5355c354fc9673314251ad301

SHA1
2f50797480887c0fcffef8e0eee926dc5ac35d99

SHA256
05f5a9fd6ff214222c4951e2abf569982e205c8cc7bdfb107c85578207e9777d

SHA512
466b1ba376fbde4ed889bba63172cb49ce760b52843bd496dc74a96993a37d5c4f8f13c8ddf46fc6a15b80b1d60ce9f6a220dc5f3345284e1e5f577484248365

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-10-30.txt

Filesize
25B

MD5
ba30336bf53d54ed3c0ea69dd545de8c

SHA1
ce99c6724c75b93b7448e2d9fac16ca702a5711f

SHA256
2d6988fb5afdaafc4e33fa1f71d6f10c95ab5a49a8ec820add5b13eef05439af

SHA512
eea34ca526e03349e746d3687ea660b4748f0174fe2ffdb65161e232e08630b345e03329614852ce881a71362ba68575e9dd08fa361a416e5b2fb231e21a0a3e

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-10-30.txt

Filesize
280B

MD5
86d3da1bdc14e0832affe21a219dd5d1

SHA1
d09d4a12d1772b35311c68a71d423e603d70e140

SHA256
9e459cc0a118029b6f18dd781b711823ff9e039d512621add4dd419dfc39026c

SHA512
17f56709e795ff4314245963d99a1c21a4fdf695961f214cc76039d38001527c798791f1940db5f5298fabbe9111b999ad1a73e459c2e247f70fc21eead499c3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads