Analysis
-
max time kernel
59s -
max time network
57s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
31-10-2024 04:29
Behavioral task
behavioral1
Sample
ready.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
ready.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
ready.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
ready.apk
-
Size
5.5MB
-
MD5
6c6e47e1a51e53eef22b9305abaaf392
-
SHA1
063fe806f986f5319a9ef4876cfefb59e2cd6f69
-
SHA256
7126d929d329e5f0fe69290814abbbf57ad2ff35d05de5ef00d0d4b053ac4686
-
SHA512
573eea6fa065a47ee686997276f69571fa96c86489cdb76e6d5e154a57feb805ec47f4fac9af52a1f8771cec7d7da69df50d05138a76adf3df1f6490b2d47754
-
SSDEEP
98304:L/wlsLSQoZEYK7S859Xt0yfbTfRTZ89Hwemz5zBYTq0tSYDB:L/wljQTYKR5xzXpTZj5zoJ9
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
Processes:
routers.competing.cruzdescription ioc process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId routers.competing.cruz Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId routers.competing.cruz Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText routers.competing.cruz -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Acquires the wake lock 1 IoCs
Processes:
routers.competing.cruzdescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock routers.competing.cruz -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
routers.competing.cruzdescription ioc process Framework service call android.app.IActivityManager.setServiceForeground routers.competing.cruz -
Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs
Application may abuse the accessibility service to prevent their removal.
Processes:
routers.competing.cruzioc process android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction routers.competing.cruz android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction routers.competing.cruz android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction routers.competing.cruz android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction routers.competing.cruz -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
routers.competing.cruzdescription ioc process Framework service call android.app.IActivityManager.registerReceiver routers.competing.cruz -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
routers.competing.cruzdescription ioc process Framework service call android.app.job.IJobScheduler.schedule routers.competing.cruz
Processes
-
routers.competing.cruz1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:4946
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Foreground Persistence
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
21B
MD51d8b5f0135eca5b8c727aba60f715ca8
SHA1eed286ab3329d5f37fda5c274e552739e1d8b52e
SHA2566b28e5ccd53d436c7910e01d805f55612a3a60253390a530de7e6f0919fdc33d
SHA5122aee10ef49de59a5d10e4a24bf7ef67f1fbb17178bc8bd22f571224202d36bc186a71a27aba82d11424438308ef3e7eb64ac299f87c7d7d1ab6144df6efcc5b4
-
Filesize
33B
MD5cccac2c2a5ccbbc19de1e65f4a713fde
SHA18f81bdc29817ff1359ce9cf1f86a6e5ca6bd4839
SHA256b0a40190c703a9589642e774b871e2c82ccc0d47351d225d3cd39073b0ad4570
SHA5121356bc74b373ea3bd39fe7220019d85734ebcf632f30dfce7af89c80c744a1567ef2ec50d3476394665d302aa5ddee7debdbdef66ff5bc5b66ed7db3d6fc39d3
-
Filesize
219B
MD53f15e6b141cb03b4756e16ca7dcfdc4b
SHA139672a78a3082d32657e11fb688589b97f48a2de
SHA256489fdd9cd94764756b096fb79860fadc227651fb58f19bfad82e717dc76466e4
SHA5121b1d98c950da687e662efc1966375395db5ef00e1f5fda1d031c3262da34edc9f0941da4ee72bba9a5594b976f63f0ed0e878080447ccfb25392e0fda5941c20
-
Filesize
272B
MD58259933c1e49b310382102fcf4443eab
SHA1f03a129d3431bd6d72932d2201487cb687e74676
SHA25624f094d11bc63b8a579456797d01a416be8dc10bf05af534d46771556ae5ee47
SHA5126019567441be091cfe45c66cbd6ff808a7aff89c3bb4b3968ee566e795af84edba69d9226acdbc570bc832bea6c0b5d0669dc49259fe18d7fc2ff0748a639311