Analysis

  • max time kernel
    59s
  • max time network
    66s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    31-10-2024 05:51

General

  • Target

    Phone-Poisk.apk

  • Size

    3.8MB

  • MD5

    9f24fe7ab9d64c7327535f8fa5ec872d

  • SHA1

    c2b8af6bf0675e8bcdd95bd2d415702fe45fff37

  • SHA256

    e1e2ec0993f5c6d2cf679676f1c658d1da3ab42f834081f44201f894708020e3

  • SHA512

    7063f25b33a71c57d2847cafc50cdcbbe9a8ac09b8e280130aa377aa93f594bb22ceb75aa96eb2ef8574269945fe34cdb3f1504eeaf50cb150a55ffef1bafe0c

  • SSDEEP

    98304:NjvHH9OqbSbczMk5fhFxGYTwkMndmzEzBVTY0tNpvF:9VOqbSgr9w/nwz6Dp

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Performs UI accessibility actions on behalf of the user 1 TTPs 8 IoCs

    Application may abuse the accessibility service to prevent their removal.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

Processes

  • sense.aerial.donate
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:4971

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-31.txt

    Filesize

    29B

    MD5

    30866f03e91769468ea37ec42a7d36c8

    SHA1

    9ff1ef07806bc107587f26c1acd7c5d83dd460c5

    SHA256

    f6a76566acd5f103e575f3c1177ca14e157634bf436f9c103abd20034dd1bc07

    SHA512

    62c70f8ff82e2b6dc9fe3ea7db288d37dafacc1c6d8452e576789cc2577a39b3081398dfe92abad140632ef4cbe858a31e03fbc49d63ce8b06c568c46707ac36

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-31.txt

    Filesize

    25B

    MD5

    ba30336bf53d54ed3c0ea69dd545de8c

    SHA1

    ce99c6724c75b93b7448e2d9fac16ca702a5711f

    SHA256

    2d6988fb5afdaafc4e33fa1f71d6f10c95ab5a49a8ec820add5b13eef05439af

    SHA512

    eea34ca526e03349e746d3687ea660b4748f0174fe2ffdb65161e232e08630b345e03329614852ce881a71362ba68575e9dd08fa361a416e5b2fb231e21a0a3e

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-31.txt

    Filesize

    280B

    MD5

    d6925b7ac2f529c8143d4bbdab295531

    SHA1

    e4dadbd44c7f4237c54d563a3c531867586aa293

    SHA256

    82159f7400e7e1b8ae87ecce5f130f9cbe5e6ad14cf849d4828157301f7fffe5

    SHA512

    2ce332d66ad38bff57973739b4895b150c01230043a789ad4f5e4df9285fdc1403f0cff51707642d3b51e5dfc4c7135eb39b55a3e79c50fba7a579d74abee2d5

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-31.txt

    Filesize

    57B

    MD5

    ad69c68d4527d3d206e7dbe342e40ae1

    SHA1

    88cff13b1fecfedd0625b371b10cb5b373076e20

    SHA256

    600412f56ab610b43c5fe4e9f78d99c33ec1a73308287544621cc1914d0bf073

    SHA512

    28e890305cf89dff95f7ab50d2e53abc86a46f56a63b41da25cf5f2cb8c6499de09f2013e8c17e1b50226a3674a36ac79918f32689d5b8b77a234a77ad12ebd8