Overview

overview

10

Static

static

10

ready (4).apk

android-11-x64

8

Analysis

  • max time kernel
    59s
  • max time network
    54s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    31-10-2024 07:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ready (4).apk

  • Size

    3.7MB

  • MD5

    fa6db6a7015ea8e8e96a6ae5dee7f822

  • SHA1

    689ce0a63b57915974bc80769a5c5ea136ce020c

  • SHA256

    a5cf09df96aa76a68321a8d9f165212161d5ac9cea89d326afdc9df0487c30a6

  • SHA512

    5147f5f5bb65a54216bb5e840536a02f22511263d194fa66b0d4cea1d53b45888d62c23f7fa242dfa385d31687aa624cf09ff0aa7218f87426169a1f53446989

  • SSDEEP

    98304:+AWzZvVNCInTsPRn4WaamzjzBFT20t8juH8:bW5WIqKVzz9t8

Score
8/10
bankercollectioncredential_accessdiscoveryevasionexecutionpersistencestealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • faculty.croatia.tt
    1⤵
    • Removes its main activity from the application launcher
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries information about active data network
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Schedules tasks to execute at a specified time
    PID:4464

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-31.txt
    Filesize

    29B

    MD5

    39cd9eec0d7be0e88434c888a2dfe6bd

    SHA1

    ba157e6598319f3e8d8e331e4917caa453a92419

    SHA256

    6b33bdfba9fa0c827cbee5cb22e5b8c2ff4d305d2929eff960204f90fc68c3ac

    SHA512

    3756de26b88c0da59ed19970c50f2e0dce0571990ce4c1fceb76b6ed2ed7a5237e054ae3ea86ee71880face105b4beb6e35abc77264b4908d826759bdc6d2c03

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-31.txt
    Filesize

    29B

    MD5

    d49bd19b7a7dde512e2fac1cf67b1ac6

    SHA1

    d4ddcedffce740e83bae9030706a5cf47298ab5a

    SHA256

    6bb9f0a0b7c60cfb41c459669db9dbc7f5d7551369527786a26adc0c78fe0605

    SHA512

    86657c9c0d826905e19304c948c9fa6fab77ff5f6590a8d303576185bbe4d51e61e3287868cf9cf7a43501452d43e86c06623210cc65553cb5cdf9395593cf09

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-31.txt
    Filesize

    25B

    MD5

    ba30336bf53d54ed3c0ea69dd545de8c

    SHA1

    ce99c6724c75b93b7448e2d9fac16ca702a5711f

    SHA256

    2d6988fb5afdaafc4e33fa1f71d6f10c95ab5a49a8ec820add5b13eef05439af

    SHA512

    eea34ca526e03349e746d3687ea660b4748f0174fe2ffdb65161e232e08630b345e03329614852ce881a71362ba68575e9dd08fa361a416e5b2fb231e21a0a3e

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-31.txt
    Filesize

    280B

    MD5

    0c7699bed2e84320c2b997e545f4cab5

    SHA1

    3a5bf24317bd49ad405d113f6c1e05d2aac2a4e5

    SHA256

    5e2befd19dd0c9291edeb5040952efbb1cb89540580e04f9d23318d01fb0a468

    SHA512

    dcb79959ee41f537aad53c42cd086e3ec12d3603a9ea2c6ea844def0f68d9ef99b6971a0988868af0431a89349abc21fefb558f73e84008839fd4d76ca379292

    Download Submit