Analysis
-
max time kernel
59s -
max time network
66s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
31-10-2024 05:51
Behavioral task
behavioral1
Sample
Phone-Poisk.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
Phone-Poisk.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
Phone-Poisk.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
Phone-Poisk.apk
-
Size
3.8MB
-
MD5
9f24fe7ab9d64c7327535f8fa5ec872d
-
SHA1
c2b8af6bf0675e8bcdd95bd2d415702fe45fff37
-
SHA256
e1e2ec0993f5c6d2cf679676f1c658d1da3ab42f834081f44201f894708020e3
-
SHA512
7063f25b33a71c57d2847cafc50cdcbbe9a8ac09b8e280130aa377aa93f594bb22ceb75aa96eb2ef8574269945fe34cdb3f1504eeaf50cb150a55ffef1bafe0c
-
SSDEEP
98304:NjvHH9OqbSbczMk5fhFxGYTwkMndmzEzBVTY0tNpvF:9VOqbSgr9w/nwz6Dp
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId sense.aerial.donate Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText sense.aerial.donate Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId sense.aerial.donate -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock sense.aerial.donate -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground sense.aerial.donate -
Performs UI accessibility actions on behalf of the user 1 TTPs 8 IoCs
Application may abuse the accessibility service to prevent their removal.
ioc Process android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction sense.aerial.donate android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction sense.aerial.donate android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction sense.aerial.donate android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction sense.aerial.donate android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction sense.aerial.donate android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction sense.aerial.donate android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction sense.aerial.donate android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction sense.aerial.donate -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo sense.aerial.donate -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver sense.aerial.donate -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule sense.aerial.donate
Processes
-
sense.aerial.donate1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:4971
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Foreground Persistence
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Discovery
Software Discovery
1Security Software Discovery
1System Network Connections Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
29B
MD530866f03e91769468ea37ec42a7d36c8
SHA19ff1ef07806bc107587f26c1acd7c5d83dd460c5
SHA256f6a76566acd5f103e575f3c1177ca14e157634bf436f9c103abd20034dd1bc07
SHA51262c70f8ff82e2b6dc9fe3ea7db288d37dafacc1c6d8452e576789cc2577a39b3081398dfe92abad140632ef4cbe858a31e03fbc49d63ce8b06c568c46707ac36
-
Filesize
25B
MD5ba30336bf53d54ed3c0ea69dd545de8c
SHA1ce99c6724c75b93b7448e2d9fac16ca702a5711f
SHA2562d6988fb5afdaafc4e33fa1f71d6f10c95ab5a49a8ec820add5b13eef05439af
SHA512eea34ca526e03349e746d3687ea660b4748f0174fe2ffdb65161e232e08630b345e03329614852ce881a71362ba68575e9dd08fa361a416e5b2fb231e21a0a3e
-
Filesize
280B
MD5d6925b7ac2f529c8143d4bbdab295531
SHA1e4dadbd44c7f4237c54d563a3c531867586aa293
SHA25682159f7400e7e1b8ae87ecce5f130f9cbe5e6ad14cf849d4828157301f7fffe5
SHA5122ce332d66ad38bff57973739b4895b150c01230043a789ad4f5e4df9285fdc1403f0cff51707642d3b51e5dfc4c7135eb39b55a3e79c50fba7a579d74abee2d5
-
Filesize
57B
MD5ad69c68d4527d3d206e7dbe342e40ae1
SHA188cff13b1fecfedd0625b371b10cb5b373076e20
SHA256600412f56ab610b43c5fe4e9f78d99c33ec1a73308287544621cc1914d0bf073
SHA51228e890305cf89dff95f7ab50d2e53abc86a46f56a63b41da25cf5f2cb8c6499de09f2013e8c17e1b50226a3674a36ac79918f32689d5b8b77a234a77ad12ebd8