Overview

overview

10

Static

static

10

Poisk-Phone.apk

android-11-x64

7

Analysis

  • max time kernel
    59s
  • max time network
    50s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    31-10-2024 07:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Poisk-Phone.apk

  • Size

    3.7MB

  • MD5

    7e9837ebdbc8d7a06ae173464ef93c64

  • SHA1

    a8a2bfc9193160024f283b95933d969505223a15

  • SHA256

    c33deb1d25b66f2471ca0a9fcd534a7d0c5f87cc103b2f9793615176c69aa71e

  • SHA512

    4f1401d24fc89e989fb38f9e103b0501538451e6e084c0e7c045d77d740172ed9bbf4289a6f2cc327d70043bb142aa513214d48247e9d551449d181125416420

  • SSDEEP

    49152:6f89W2GOEzzrqIU543qhOEEIGDnbig+mzHzdGGEQTOTuU+Yq00cgwtx1dbik1MCt:73czXqIUuE8jGg+mzHzBTTY0twtrj

Score
7/10
bankercollectioncredential_accessdiscoveryevasionexecutionpersistence

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 8 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • respectively.sin.egg
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries information about active data network
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Schedules tasks to execute at a specified time
    PID:4504

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-31.txt
    Filesize

    29B

    MD5

    74f5a889996072248099815edf049a88

    SHA1

    b54d24dec41aaee23a30a0db4eebcf44e044490d

    SHA256

    e276a7fe8f738c5035f18cab0e8c6e8b613963d26f587f909fff9933783a1fbd

    SHA512

    ce276cc7308adfa54e8d1ea1173317924ec279fef970a68f331e8b0f330d38ebb5ab8cb8954615a5c150b16adf9aa4e7e7080df67bbcf78c6f47cf5cc9189bd7

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-31.txt
    Filesize

    29B

    MD5

    a75abeadab57445c0bc9539d3b042f97

    SHA1

    fd5376d756500f61be2c780cf28e1b24fd1c605c

    SHA256

    db7f64d364473a9714df5a549133a815a0e67ce560074a2936877805ff8d7743

    SHA512

    450aaebafcc4a398bcdac7321cc5c5bbe04553008b9d5f13497e33c62ad4f7ffad984f81daadf78fd72d76aceedbe61fc3f6951dedce56ac2c746df847ebcaf8

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-31.txt
    Filesize

    25B

    MD5

    ba30336bf53d54ed3c0ea69dd545de8c

    SHA1

    ce99c6724c75b93b7448e2d9fac16ca702a5711f

    SHA256

    2d6988fb5afdaafc4e33fa1f71d6f10c95ab5a49a8ec820add5b13eef05439af

    SHA512

    eea34ca526e03349e746d3687ea660b4748f0174fe2ffdb65161e232e08630b345e03329614852ce881a71362ba68575e9dd08fa361a416e5b2fb231e21a0a3e

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-31.txt
    Filesize

    280B

    MD5

    e7f240c09a6a1688b8f06874746eea65

    SHA1

    60f37b65fed0b06d5e835e56a1b97cb7459ec2cb

    SHA256

    dd978cd059a58d684e7243758c83da5f29bfaca3a6e545bb109ed97d05451b2b

    SHA512

    810f71214703967961d120b866abe1bb944215dbf6e678651306e70b02ddf035dd868c406cd1e5b446aa0a200546e2e115ea5bebafd4e972b0b2e5f8fdc32c6b

    Download Submit