e94ae5b644031839e8d88d4331e39751e4de258f2a62bfc4807392cc49a5e166

Analysis

max time kernel
59s
max time network
67s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
01-11-2024 06:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GeoGebra 3.apk
Size

18.2MB
MD5

698f82319c010c941667a1d96c128030
SHA1

e936e30128876cd5e2561b547a68d379f9f45e38
SHA256

e94ae5b644031839e8d88d4331e39751e4de258f2a62bfc4807392cc49a5e166
SHA512

76623d9f767b8e6d94ef1bd3ed82f02be23cf25c028b1715c61195a9079268ccf9d01cdd695e8602e45be3af3ebf19c57c89afa09b20ccd22c8a1b7053b22d34
SSDEEP

393216:bdBwEl5BYwJwhLTvSXUvpYsq3isyHkUkyr795YM3ixSSXHPRl6vIbaQwwHnT9:7JwtSXUvesqyTro4i5LbaQww5

Score

7^/10

banker collection credential_access discovery evasion execution persistence

Malware Config

Signatures

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	calculated.dedicated.turkey

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	calculated.dedicated.turkey

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	calculated.dedicated.turkey

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	calculated.dedicated.turkey

calculated.dedicated.turkey
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
- Schedules tasks to execute at a specified time
PID:4482

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/Config/sys/apps/log/log-2024-11-18.txt

Filesize
49B

MD5
ea469382a0166a5543b8e19dc0011c60

SHA1
dc9563bd3f907d6dc1ede7598674ec88f13c3afe

SHA256
b11cbc0d0378e4bc9bcd200d57d03188ced9680e70f82a12102ef84c1c73a647

SHA512
85f84ee3ab641adb632da3d1fa02ef777fcc57cca32c6fdd8f6e8a16116e7c2f8ef0d1378b9bbf59b71a3df35dd3e9d9a2890552a22dc2ef63953e214af3ee08

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-11-18.txt

Filesize
61B

MD5
6d4e6d48318270119a73d9dc97a75abf

SHA1
da30c0d44c3bdeef9150c7d15bf5964cc171d4c4

SHA256
79ccb6da9fcbf732c1f2926be5e68677ae75149979856b152b5ad22e0c810000

SHA512
c70716f9b35c64c3e36ae2ed3048348eb8418efb2c8340e15db0981be59696841cdba6539858b819800cb0169fd46f3082197c87ed6261729e1a9b69d5b695d6

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-11-18.txt

Filesize
61B

MD5
99625dc900c71895a3a707aab9a907ca

SHA1
02aa48a4ddc9b2cca182a97eeef089a7b3a7f22b

SHA256
9abd9742818ce65d9e89a33ba96693865df282fd139a02df00037261f6a7ec38

SHA512
39d93a4cabef31e2934497042701ee3d86517298a7bcb95cdb3f0ac5d067f8741d19fef7f81e92819f10fbeb445f857ed287eac3d8577a43b2ac761e394e5ad1

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-11-18.txt

Filesize
90B

MD5
09ccd52803262787e27ca7a679d093b1

SHA1
f2f6d4431c41f3e5e7134d581ae30bba0e5bf61a

SHA256
0caedf722bebdd24fbefe62e2158d1592c25e422c093e4f151587720bd93de5b

SHA512
e302f4196230af8682db92944ef9852e10a8d712f8f872cb3869ad4d35f5014021d2f1e61d741c9647cb0cd72173bf4056f52fb09ac61b38b44bba0285c40351

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads