Analysis
-
max time kernel
122s -
max time network
152s -
platform
android-11_x64 -
resource
android-x64-arm64-20240910-en -
resource tags
-
submitted
01-11-2024 17:06
General
-
Target
update.apk
-
Size
8.1MB
-
MD5
4a2a8507583ce69ab265d7a042dbac62
-
SHA1
112148013a7cd0edffc21b0eec3addace9f96988
-
SHA256
4b98c2682cf0a97ad67c2c9e57048882b56477ecf966edac26352f2a52d4d7d4
-
SHA512
bf55a38e22cf8776e8dedf01047eed56d3d0875687cf71fec610206c4c9e0433468fd4f7532ce1d36a1babad9bd2d1f6a3692a6ad4f3af5dc0cf2e793313d5ec
-
SSDEEP
196608:k5DSkcg1MKk+TwUREMVpy9oQl2FsJe9UacZZoKV60T:kUg1MlAvEOyyQlxJtZZ5
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs
Application may abuse the accessibility service to prevent their removal.
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.support.litework1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Foreground Persistence
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
1System Checks
1Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1