Analysis

  • max time kernel
    59s
  • max time network
    51s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    31-10-2024 04:29

General

  • Target

    ready.apk

  • Size

    5.5MB

  • MD5

    6c6e47e1a51e53eef22b9305abaaf392

  • SHA1

    063fe806f986f5319a9ef4876cfefb59e2cd6f69

  • SHA256

    7126d929d329e5f0fe69290814abbbf57ad2ff35d05de5ef00d0d4b053ac4686

  • SHA512

    573eea6fa065a47ee686997276f69571fa96c86489cdb76e6d5e154a57feb805ec47f4fac9af52a1f8771cec7d7da69df50d05138a76adf3df1f6490b2d47754

  • SSDEEP

    98304:L/wlsLSQoZEYK7S859Xt0yfbTfRTZ89Hwemz5zBYTq0tSYDB:L/wljQTYKR5xzXpTZj5zoJ9

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs

    Application may abuse the accessibility service to prevent their removal.

  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

Processes

  • routers.competing.cruz
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Schedules tasks to execute at a specified time
    PID:4470

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-31.txt

    Filesize

    21B

    MD5

    1d8b5f0135eca5b8c727aba60f715ca8

    SHA1

    eed286ab3329d5f37fda5c274e552739e1d8b52e

    SHA256

    6b28e5ccd53d436c7910e01d805f55612a3a60253390a530de7e6f0919fdc33d

    SHA512

    2aee10ef49de59a5d10e4a24bf7ef67f1fbb17178bc8bd22f571224202d36bc186a71a27aba82d11424438308ef3e7eb64ac299f87c7d7d1ab6144df6efcc5b4

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-31.txt

    Filesize

    33B

    MD5

    cccac2c2a5ccbbc19de1e65f4a713fde

    SHA1

    8f81bdc29817ff1359ce9cf1f86a6e5ca6bd4839

    SHA256

    b0a40190c703a9589642e774b871e2c82ccc0d47351d225d3cd39073b0ad4570

    SHA512

    1356bc74b373ea3bd39fe7220019d85734ebcf632f30dfce7af89c80c744a1567ef2ec50d3476394665d302aa5ddee7debdbdef66ff5bc5b66ed7db3d6fc39d3

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-31.txt

    Filesize

    219B

    MD5

    3f15e6b141cb03b4756e16ca7dcfdc4b

    SHA1

    39672a78a3082d32657e11fb688589b97f48a2de

    SHA256

    489fdd9cd94764756b096fb79860fadc227651fb58f19bfad82e717dc76466e4

    SHA512

    1b1d98c950da687e662efc1966375395db5ef00e1f5fda1d031c3262da34edc9f0941da4ee72bba9a5594b976f63f0ed0e878080447ccfb25392e0fda5941c20

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-31.txt

    Filesize

    272B

    MD5

    8259933c1e49b310382102fcf4443eab

    SHA1

    f03a129d3431bd6d72932d2201487cb687e74676

    SHA256

    24f094d11bc63b8a579456797d01a416be8dc10bf05af534d46771556ae5ee47

    SHA512

    6019567441be091cfe45c66cbd6ff808a7aff89c3bb4b3968ee566e795af84edba69d9226acdbc570bc832bea6c0b5d0669dc49259fe18d7fc2ff0748a639311