Overview

overview

10

Static

static

10

Linken Sphere.apk

android-9-x86

7

Linken Sphere.apk

android-10-x64

7

Linken Sphere.apk

android-11-x64

7

Analysis

  • max time kernel
    59s
  • max time network
    45s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    31-10-2024 06:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Linken Sphere.apk

  • Size

    3.8MB

  • MD5

    8169d13048beb90590fa5a9dcb3c40b6

  • SHA1

    94be8da1f709560dfaae4ea4c557ac7128f087fc

  • SHA256

    77277306eee10a779f8e9747e036fbc37cf4ab04dccb605e5a5f07291f102199

  • SHA512

    d9d89fd911e95316a84ae8258e1096897aee5f26f0f8b37f7bed26f3a7363437fd403e08b61a5a504dc7d719f4c76ced2a5a99c7e3b3fb414def9229520f8995

  • SSDEEP

    49152:gpvwLtu3iuk4nFnQwVjaO6jyLzqqWXhmzJzdGGeQTOPpUWYq90cg67Uoik5jW:gBYtuSu5PwjezFWXhmzJzBxT60t67zC

Score
7/10
bankercollectioncredential_accessdiscoveryevasionexecutionpersistence

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • yemen.ef.evidence
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries information about active data network
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:4261

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-31.txt
    Filesize

    29B

    MD5

    04749fa54ae57c46c0d26fa15c0eae2e

    SHA1

    8253e3a830da982e23afb229f247f3c32166676c

    SHA256

    3d0abf2d4c27fbabe603e407de6616a0e17fc02c63e2cd6e88f67685204769b1

    SHA512

    0097d1e54df6d7e1d9236cde33dafc9212ed9b1d6841102e4b76fa922e060f764baa6e407158a48b8796b64dac12adcab54e69b274a6230c42e6efaa012547b2

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-31.txt
    Filesize

    25B

    MD5

    ba30336bf53d54ed3c0ea69dd545de8c

    SHA1

    ce99c6724c75b93b7448e2d9fac16ca702a5711f

    SHA256

    2d6988fb5afdaafc4e33fa1f71d6f10c95ab5a49a8ec820add5b13eef05439af

    SHA512

    eea34ca526e03349e746d3687ea660b4748f0174fe2ffdb65161e232e08630b345e03329614852ce881a71362ba68575e9dd08fa361a416e5b2fb231e21a0a3e

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-31.txt
    Filesize

    284B

    MD5

    aa821b71d8634752593fa73a27c5cea6

    SHA1

    2c35bc07bce159c205ac0b8c5676b7f6fcdd5fe0

    SHA256

    6b6cbe768468d68e3952af8fbfa6a6ad8b30eed43b0f6024f8dad1f5ceea5a10

    SHA512

    ad70bbd9977fe2138c5aed8480306cddf0675105bb243526312aaa9ebbbbcea63d4eec51869db0dc21c91d757ac3db26f7d9821265f5b4dbd7ab939c6055c8d3

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-31.txt
    Filesize

    57B

    MD5

    3af69119804d1d999d56d230338ffd36

    SHA1

    69350826205583c8acc385ee0a6e3fc2673ee2ca

    SHA256

    10994862cb263ab6b1e4428cc24cc9c585458fc67544fe0f5dfea81a5a7a115c

    SHA512

    4a41b19d28f637b397d9dff225621694c44c750a9bd65f3e6ad5d3b9acf0d118910ddf53d4618213f9e14c61e0fb154f33f2747dd3b8d50459990767f42fc8cb

    Download Submit