Analysis
-
max time kernel
59s -
max time network
52s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
31-10-2024 07:07
Behavioral task
behavioral1
Sample
Phone-Poisk (4).apk
Resource
android-x64-arm64-20240624-en
General
-
Target
Phone-Poisk (4).apk
-
Size
3.7MB
-
MD5
6f3afc9c0af9b67a7c15ff10f8fe48d0
-
SHA1
54e8b99dd99a6fc0b90bb79018697dac7ac33efb
-
SHA256
c6332488e93567ca53456647129e50f75f68c36b1a71d98007615ab8d24f83a6
-
SHA512
9237c10221ef0ed1b418d4418956d2b835648eff48de8686f2b3fe385d91833ecbbdad51aaeacee2011d2f1bf359498aade0bf1e66591ca355e2100da91ff025
-
SSDEEP
49152:c6Z0+SLA+opMCZymO9Ve+ge+ihVDamzDzdGGxQTOqVUBYqv0cg4cBrikoJS:c03p9ZyzEebvDamzDzBeTW0t4ciJS
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId out.comply.generations Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText out.comply.generations Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId out.comply.generations -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock out.comply.generations -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground out.comply.generations -
Performs UI accessibility actions on behalf of the user 1 TTPs 8 IoCs
Application may abuse the accessibility service to prevent their removal.
ioc Process android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction out.comply.generations android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction out.comply.generations android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction out.comply.generations android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction out.comply.generations android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction out.comply.generations android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction out.comply.generations android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction out.comply.generations android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction out.comply.generations -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo out.comply.generations -
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
description ioc Process Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS out.comply.generations -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule out.comply.generations
Processes
-
out.comply.generations1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
- Queries information about active data network
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Schedules tasks to execute at a specified time
PID:4476
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Foreground Persistence
1Hide Artifacts
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Discovery
Software Discovery
1Security Software Discovery
1System Network Connections Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
29B
MD530866f03e91769468ea37ec42a7d36c8
SHA19ff1ef07806bc107587f26c1acd7c5d83dd460c5
SHA256f6a76566acd5f103e575f3c1177ca14e157634bf436f9c103abd20034dd1bc07
SHA51262c70f8ff82e2b6dc9fe3ea7db288d37dafacc1c6d8452e576789cc2577a39b3081398dfe92abad140632ef4cbe858a31e03fbc49d63ce8b06c568c46707ac36
-
Filesize
25B
MD5ba30336bf53d54ed3c0ea69dd545de8c
SHA1ce99c6724c75b93b7448e2d9fac16ca702a5711f
SHA2562d6988fb5afdaafc4e33fa1f71d6f10c95ab5a49a8ec820add5b13eef05439af
SHA512eea34ca526e03349e746d3687ea660b4748f0174fe2ffdb65161e232e08630b345e03329614852ce881a71362ba68575e9dd08fa361a416e5b2fb231e21a0a3e
-
Filesize
280B
MD5d6925b7ac2f529c8143d4bbdab295531
SHA1e4dadbd44c7f4237c54d563a3c531867586aa293
SHA25682159f7400e7e1b8ae87ecce5f130f9cbe5e6ad14cf849d4828157301f7fffe5
SHA5122ce332d66ad38bff57973739b4895b150c01230043a789ad4f5e4df9285fdc1403f0cff51707642d3b51e5dfc4c7135eb39b55a3e79c50fba7a579d74abee2d5
-
Filesize
57B
MD5ad69c68d4527d3d206e7dbe342e40ae1
SHA188cff13b1fecfedd0625b371b10cb5b373076e20
SHA256600412f56ab610b43c5fe4e9f78d99c33ec1a73308287544621cc1914d0bf073
SHA51228e890305cf89dff95f7ab50d2e53abc86a46f56a63b41da25cf5f2cb8c6499de09f2013e8c17e1b50226a3674a36ac79918f32689d5b8b77a234a77ad12ebd8