Analysis
-
max time kernel
102s -
max time network
157s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
04/11/2024, 20:32
Static task
static1
Behavioral task
behavioral1
Sample
baf5bd5d99a20b1581db2a999a40a98a833b12fb1a6fe5eedf9ca34e8a93e8f6.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral2
Sample
baf5bd5d99a20b1581db2a999a40a98a833b12fb1a6fe5eedf9ca34e8a93e8f6.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral3
Sample
baf5bd5d99a20b1581db2a999a40a98a833b12fb1a6fe5eedf9ca34e8a93e8f6.apk
Resource
android-33-x64-arm64-20240624-en
Behavioral task
behavioral4
Sample
baf5bd5d99a20b1581db2a999a40a98a833b12fb1a6fe5eedf9ca34e8a93e8f6.apk
Resource
android-x86-arm-20240624-en
General
-
Target
baf5bd5d99a20b1581db2a999a40a98a833b12fb1a6fe5eedf9ca34e8a93e8f6.apk
-
Size
8.1MB
-
MD5
aa38fa826b9ee13fb036d64eabfa7ea9
-
SHA1
6e7ac2466b955695d9101fe3c67cbe8cc70dc88f
-
SHA256
baf5bd5d99a20b1581db2a999a40a98a833b12fb1a6fe5eedf9ca34e8a93e8f6
-
SHA512
a42c6baa281886f94bfced0e4c3894d1f9eedf97ff7f5842840b7651eb2df8a58b8517b6e70074c88f53e7a55a1b4e202f2a9ef2c7030b380cb9030c1c37d55f
-
SSDEEP
196608:k5DSkcg1MKk+TwUREMVpy9oQl2Fs0G/acZZoXP8:kUg1MlAvEOyyQlx04ZZd
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.support.litework -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.support.litework -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.support.litework -
Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs
Application may abuse the accessibility service to prevent their removal.
ioc Process android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.support.litework -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.support.litework -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.support.litework -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.support.litework
Processes
-
com.support.litework1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4944
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Foreground Persistence
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
1System Checks
1Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
Software Discovery
1Security Software Discovery
1System Information Discovery
1System Network Configuration Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
24B
MD5833258ce694380aba4e3cf7ced9945df
SHA15d73f4c7dd812e786c1d9b0e067a36dafcf1d860
SHA2566928466daeab220299655707c11ef21660383207048ae5eca7c5d8f742683576
SHA512bd20e296bc73c1227e30629ac5383d145809a2aab975298f16c4d297802ea770c1052db0c4939569d8575e978c4075e09c34ddbad66c28b45532a398bb48b2e3