Analysis

  • max time kernel
    59s
  • max time network
    52s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    31-10-2024 07:07

General

  • Target

    Phone-Poisk (4).apk

  • Size

    3.7MB

  • MD5

    6f3afc9c0af9b67a7c15ff10f8fe48d0

  • SHA1

    54e8b99dd99a6fc0b90bb79018697dac7ac33efb

  • SHA256

    c6332488e93567ca53456647129e50f75f68c36b1a71d98007615ab8d24f83a6

  • SHA512

    9237c10221ef0ed1b418d4418956d2b835648eff48de8686f2b3fe385d91833ecbbdad51aaeacee2011d2f1bf359498aade0bf1e66591ca355e2100da91ff025

  • SSDEEP

    49152:c6Z0+SLA+opMCZymO9Ve+ge+ihVDamzDzdGGxQTOqVUBYqv0cg4cBrikoJS:c03p9ZyzEebvDamzDzBeTW0t4ciJS

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Performs UI accessibility actions on behalf of the user 1 TTPs 8 IoCs

    Application may abuse the accessibility service to prevent their removal.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

Processes

  • out.comply.generations
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries information about active data network
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Schedules tasks to execute at a specified time
    PID:4476

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-31.txt

    Filesize

    29B

    MD5

    30866f03e91769468ea37ec42a7d36c8

    SHA1

    9ff1ef07806bc107587f26c1acd7c5d83dd460c5

    SHA256

    f6a76566acd5f103e575f3c1177ca14e157634bf436f9c103abd20034dd1bc07

    SHA512

    62c70f8ff82e2b6dc9fe3ea7db288d37dafacc1c6d8452e576789cc2577a39b3081398dfe92abad140632ef4cbe858a31e03fbc49d63ce8b06c568c46707ac36

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-31.txt

    Filesize

    25B

    MD5

    ba30336bf53d54ed3c0ea69dd545de8c

    SHA1

    ce99c6724c75b93b7448e2d9fac16ca702a5711f

    SHA256

    2d6988fb5afdaafc4e33fa1f71d6f10c95ab5a49a8ec820add5b13eef05439af

    SHA512

    eea34ca526e03349e746d3687ea660b4748f0174fe2ffdb65161e232e08630b345e03329614852ce881a71362ba68575e9dd08fa361a416e5b2fb231e21a0a3e

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-31.txt

    Filesize

    280B

    MD5

    d6925b7ac2f529c8143d4bbdab295531

    SHA1

    e4dadbd44c7f4237c54d563a3c531867586aa293

    SHA256

    82159f7400e7e1b8ae87ecce5f130f9cbe5e6ad14cf849d4828157301f7fffe5

    SHA512

    2ce332d66ad38bff57973739b4895b150c01230043a789ad4f5e4df9285fdc1403f0cff51707642d3b51e5dfc4c7135eb39b55a3e79c50fba7a579d74abee2d5

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-31.txt

    Filesize

    57B

    MD5

    ad69c68d4527d3d206e7dbe342e40ae1

    SHA1

    88cff13b1fecfedd0625b371b10cb5b373076e20

    SHA256

    600412f56ab610b43c5fe4e9f78d99c33ec1a73308287544621cc1914d0bf073

    SHA512

    28e890305cf89dff95f7ab50d2e53abc86a46f56a63b41da25cf5f2cb8c6499de09f2013e8c17e1b50226a3674a36ac79918f32689d5b8b77a234a77ad12ebd8