Overview

overview

10

Static

static

10

6499730a01...27.apk

android-9-x86

8

Analysis

  • max time kernel
    143s
  • max time network
    156s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    04-11-2024 02:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6499730a01703cad20711803829862f3d19ee7a3fedbe72fea2f319394b29627.apk

  • Size

    21.8MB

  • MD5

    c7deaaa7fece968cc24461261302cf15

  • SHA1

    4e6fb0d472c206304f534cea438a57970b050908

  • SHA256

    6499730a01703cad20711803829862f3d19ee7a3fedbe72fea2f319394b29627

  • SHA512

    d988f0fc9fa905c6c38c2248445190bdab31a48d074fb9ef3cf4efc4a26879e1a6ce6b1d7906f660d49884a20218569d9e26f9af1a49b04ad91628726de2ece7

  • SSDEEP

    196608:UH9Tk1h3dBQlogWNJs1sgAXFNgI7a7YSu33Zu9yzhLrZOOZ3mJB4iyyVbUr8hCLV:qkFTss3FNgIuc9zhL9XZ30Fknx

Score
8/10
bankercollectioncredential_accessdiscoveryevasionexecutionpersistence

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 1 IoCs
    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
    collection
  • Reads the content of the SMS messages. 1 TTPs 1 IoCs
    collection
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 2 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 2 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.anydesk.adcontrol.ad1
    1⤵
    • Checks if the Android device is rooted.
    • Makes use of the framework's Accessibility service
    • Queries information about running processes on the device
    • Reads the contacts stored on the device.
    • Reads the content of the SMS messages.
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Checks CPU information
    • Checks memory information
    PID:4244
  • com.anydesk.adcontrol.ad1:remote
    1⤵
    • Makes use of the framework's foreground persistence service
    PID:4444

Network

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Foreground Persistence

1
T1541

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Process Discovery

1
T1424

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

3
T1426

System Network Configuration Discovery

3
T1422

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Protected User Data

2
T1636

Contact List

1
T1636.003

SMS Messages

1
T1636.004

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.anydesk.adcontrol.ad1/app_crashrecord/1004
    Filesize

    232B

    MD5

    0713e56c9666746560c6823b57b6f25e

    SHA1

    10069f39968a75683b3a18cc72d413ae1e7b75ce

    SHA256

    d77c925f2b7f2d377c0356f39ce09cef9d30240ec6e551f16655f223e6e14cdb

    SHA512

    76b7d5f05250f37b2c97fbbed07f0fea872a9ccb05f7b005a5d002601d3e9ded4283696598829ade5375bb3ec264a37e4a2d743f28859e913c52b596c2c74b87

    Download Submit

  • /data/data/com.anydesk.adcontrol.ad1/app_crashrecord/1004
    Filesize

    58B

    MD5

    0d210bfb2a0e1f1b4c082a6a0f79de07

    SHA1

    bb8ed9e364db79d1d9f2fcde3f15091893222faa

    SHA256

    988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

    SHA512

    536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

    Download Submit

  • /data/data/com.anydesk.adcontrol.ad1/cache/wp.jpeg
    Filesize

    143KB

    MD5

    5dc1983554a88c2a224ee046bb7314ec

    SHA1

    5b09273776014bf32fd8aa7bca9ce151d2c7d98f

    SHA256

    6a4d32e8ef673e70a8a4963124417be10eb09089f3aa049e1e3c7de515c69f21

    SHA512

    5ce30ef36c25d33f3416006c103608057a9cc88f2d88fe37de3bd895d68a005644d74aca0abd5bef02f2ed17709a38ae249b0dabeaa16d1c46c8a8c9d85c7e88

    Download Submit

  • /data/data/com.anydesk.adcontrol.ad1/databases/bugly_db_
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.anydesk.adcontrol.ad1/databases/bugly_db_-journal
    Filesize

    512B

    MD5

    ac3ef276c2710a69d16410340e3d1198

    SHA1

    0c0a6c297d8757ed7f1bc47e32dbc9bb8d7a30e9

    SHA256

    d7f391ea10be1d5479e3bb6ba1489bfe39ee1a20b43f3db9fd4da2f51fc51f2a

    SHA512

    2adbbd51c648fd04486a7fee433ed79baea31276080867ac618c44f62ebc53d2b27d3a4eb677681ecd7c0a0453511ab998f88eead628b8da549b4293a11c33d3

    Download Submit

  • /data/data/com.anydesk.adcontrol.ad1/databases/bugly_db_-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.anydesk.adcontrol.ad1/databases/bugly_db_-wal
    Filesize

    88KB

    MD5

    f21edc458378a33527ec4ff928f54a56

    SHA1

    586a28d300e4bc2fadc3047f40e9d88867a591f2

    SHA256

    41d321af77096f78a4d46d1fe5ba7228643191c79a853a8253767170cd7bd2f7

    SHA512

    bec990f0636af1297a7ee69dad2ced7b02686c7789fdccefb2885c713e6308f7fb6dc7528daa73ad24051934e349a48df4d2455502e18afb09226428f40cb0ed

    Download Submit

  • /data/data/com.anydesk.adcontrol.ad1/files/bugly_last_us_up_tm
    Filesize

    13B

    MD5

    0c23697ccfa98f4cc2a278e02cbc6a24

    SHA1

    22c2c83f489f18b2552a6a0e90de782ffbdf97a0

    SHA256

    fe38f04bba90a7258f5d94d3f549c30cfeafd30802178a33d57bb832358a28e9

    SHA512

    2fdbca3b6be02c18a9c6ef43ae76cfe733b5369dc7c17fa6ccf3b9d6c38dda3d5ff1dd59f5fef32dcbfe473f4ffa7c1bae53cb375493b5d7a6a13ba998c623fc

    Download Submit

  • /data/data/com.anydesk.adcontrol.ad1/files/mmkv/mmkv.default
    Filesize

    4KB

    MD5

    620f0b67a91f7f74151bc5be745b7110

    SHA1

    1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

    SHA256

    ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

    SHA512

    2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

    Download Submit

  • /data/data/com.anydesk.adcontrol.ad1/files/profileInstalled
    Filesize

    24B

    MD5

    b484c0992b5bd00862ce6ed7043f8b23

    SHA1

    5cd32f6de78d0a2de5b3a561900ecab5d8ab1cb6

    SHA256

    d71e31a35923dadf57faac598a75c941a8083b3784d7f46e3fa53ab3ddb43bbf

    SHA512

    37ce67aa40e7a36a2a0860cadbe088bb7f37717e829037f3be7a916472624dfdfa65f21d0f95e40cdd7557a6ba9cd1977662a554f4ccb248b86b5b7c74efd3cf

    Download Submit

  • /data/data/com.anydesk.adcontrol.ad1/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
    Filesize

    8B

    MD5

    9e3536bbb867b912040d0faff304dc9f

    SHA1

    f67d389d9f85675eeac377bcd3124b793fe1766d

    SHA256

    38eb149b635d7f438a2a761b8c9f31d237d7914e10b32f18dff198d792f1433a

    SHA512

    1020c3fe3f9eddbd0ecfd951e3f0bcfd716c740540fe77e6ed55e3d1137c842441b5a58ffa4830f7c4509309391a4c94bef6e8d7a123dac729e5f4f99e15334f

    Download Submit

  • /data/misc/profiles/cur/0/com.anydesk.adcontrol.ad1/primary.prof
    Filesize

    1KB

    MD5

    c32885b0c33584cc6da54437a4b4b19d

    SHA1

    e3a595f4d62cd084c9e31850b4df0628469d68c4

    SHA256

    61f8f8e127efdaf037d45bd7ff3e19be9f4198870be97ad974b82ccd622c5a3d

    SHA512

    b2e6ac2a0efa3f80cc281f01e5f8338728b482b0ed057a6c8f759f313477fd7846d37893800686d8f2f153203aa7d6a23b1b0435b2e5d5c5f840e05495036d6c

    Download Submit

  • /data/misc/profiles/cur/0/com.anydesk.adcontrol.ad1/primary.prof
    Filesize

    13KB

    MD5

    6df95b9319c6bd8c7c9c9cd227a30605

    SHA1

    bf1434e07089731c1342fb8748de4a3d9954efd6

    SHA256

    2b227485feaaf1096c0d2f323e8c133db98738db505d65ecd90d9348c61c4695

    SHA512

    c5a25f9df98e589f15c77765eb97b163a194572a0248ee9c9ef08fe691f1269cc66d77ab13f794a672066458be71e77855cec58c1fd05c47e2817c94e4c18d5b

    Download Submit

  • /storage/emulated/0/Android/data/com.anydesk.adcontrol.ad1/files/log_data.idx
    Filesize

    1KB

    MD5

    7846917ca7b91b9bc28a7d5fb0f0522d

    SHA1

    65810ea4eb9966fab3f1338e63a617bb64c575b7

    SHA256

    4b867b4d40b5df7e9f7513f2c120c2c5c5cd9d42fadc9b121d3583e4d4c7ed17

    SHA512

    b3d80d1d9385330f9ea70e54c59a7bfa5c6d745696224791386b200ef31636205e37008b61184e49b7e182764d7c7a71f9ad9cd6ce4133260a6679fe7474ca51

    Download Submit

  • /storage/emulated/0/Android/data/com.anydesk.adcontrol.ad1/files/log_data_000
    Filesize

    30KB

    MD5

    6620cb60412bb4e7fecb51cea8d19357

    SHA1

    c41ba6c7895394349db7d2facb5467cc472b4aa6

    SHA256

    acd5951d5b134b9bea2ca95d5388ad63960f78889d821d2aca7a1ce77c13d3a5

    SHA512

    03e6e863163f791ed2b6221780405446fc1a676147f00db95061564b5e58bd2702047faa219345ffa99e55ba695900102ce7259df421c0ec46190a83c4ab7e6c

    Download Submit