Overview

overview

10

Static

static

10

ready----.apk

android-11-x64

8

Analysis

  • max time kernel
    59s
  • max time network
    44s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    31-10-2024 07:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ready----.apk

  • Size

    3.7MB

  • MD5

    7476b1a2503407e068ac601be0607a82

  • SHA1

    a66d5de4dcdfb68d06bdfc88bc686c50e91af86c

  • SHA256

    830edb3a54f5a3b9013254458db3b9f63da4b2105675b3f189ae3cfb43502559

  • SHA512

    3e7ac93b7756e218c42bcbda7a66290f652f61e4fb16a52106ae126f9307bf8d18175ec948d980cc298fde80384958b423ad07d6a913e4147ab83ea0d39c7a09

  • SSDEEP

    98304:DpzBtTjmz7+K0tUCuNBh3aAwU1PkxctuAw:dCz7wyXh3ykPkRAw

Score
8/10
bankercollectioncredential_accessdiscoveryevasionexecutionpersistencestealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • kick.whether.theory
    1⤵
    • Removes its main activity from the application launcher
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries information about active data network
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Schedules tasks to execute at a specified time
    PID:4781

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-31.txt
    Filesize

    29B

    MD5

    ea2cd29c192da6b91c2d9c5ab7871659

    SHA1

    fbc2f5f7cba4581aa7788645826fc56b542f88e8

    SHA256

    f33d22e972838b1c4322a0bd77e1b0abe1b1a01bec7454fac71a698154749301

    SHA512

    7078fa705af06cff9072101120e9c6ff7454785bd564cafeb6f15825c3373887154a6ab2a18d2823ce0fc1d042d04de6aad87e7f682f246ca498b2fe5cf8cdfa

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-31.txt
    Filesize

    25B

    MD5

    ba30336bf53d54ed3c0ea69dd545de8c

    SHA1

    ce99c6724c75b93b7448e2d9fac16ca702a5711f

    SHA256

    2d6988fb5afdaafc4e33fa1f71d6f10c95ab5a49a8ec820add5b13eef05439af

    SHA512

    eea34ca526e03349e746d3687ea660b4748f0174fe2ffdb65161e232e08630b345e03329614852ce881a71362ba68575e9dd08fa361a416e5b2fb231e21a0a3e

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-31.txt
    Filesize

    280B

    MD5

    0fe2175cebbfa5838ba9aedd873e3f62

    SHA1

    3657f5418c8499df9ffe7121b98f535103ac451c

    SHA256

    112c4edbd77fe022d3f8276dd856f290fa1956de23fa146384382a49b274cd6e

    SHA512

    60d3903724554d4fd8146059ac50e5cccee33c250f561adfd6e6e9b1dd6e1ffbc37b62cb698880e2acc74c6af71cebcc2472260e5897163924b76b0c65a25497

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-31.txt
    Filesize

    37B

    MD5

    e47b9add18179072620881e5de875b16

    SHA1

    485f6bff4b38774693cff6f68f1063c75323b347

    SHA256

    9b0288628b4b43fc10f43e4a15310dd3415c5df4d5cc93b0352e6375ee57bb3a

    SHA512

    aacc15b3d7c7261f51032f848de07214204e9c1845d300e30cfc3104dcc1cfbb5b509673cda6e48669de1ce676536d7edec34c5cb27e908a09b63c8a8185edc7

    Download Submit