5415d740f286a1ff7f7a22df18a9910c66841402a151a37b7fb2bb673b1cf63b

Analysis

max time kernel
149s
max time network
156s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
06-11-2024 02:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5415d740f286a1ff7f7a22df18a9910c66841402a151a37b7fb2bb673b1cf63b.apk
Size

64.0MB
MD5

b261bda3ea80addbea9e282f840ebe10
SHA1

660ea4e4177fddd07ad4aa70eed41d100e6c9938
SHA256

5415d740f286a1ff7f7a22df18a9910c66841402a151a37b7fb2bb673b1cf63b
SHA512

ef9848686f672dcb9df064bc2b8abc4735009a7d20b8ab600274546eb060b24dc07277633e3ab9eb0baadbca327339f7b1d283d83961c2c8c8bd1a4068f6958c
SSDEEP

1572864:5DaeuGCBiCYbdIqLcuc4ET4SoxM1m/9DlQrct2zOSj5KF+Be:pCcdBct4Dx7pQYq/Ur

Score

7^/10

collection credential_access evasion execution persistence

Malware Config

Signatures

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	rel.competition.closer

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	rel.competition.closer

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
119	1.tcp.ngrok.io
6	1.tcp.ngrok.io
65	1.tcp.ngrok.io

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	rel.competition.closer

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	rel.competition.closer

rel.competition.closer
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:4264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/Config/sys/apps/log/log-2024-11-06.txt

Filesize
13B

MD5
de2c41a51ee9246eb1708f65b511add0

SHA1
2f442d634c8a18760a232c8829d4b5d74a52f074

SHA256
ad2d914ca347cd1930e32f21c6d5448c34104bea181b93abc85ec518985653ab

SHA512
7cdfbd001594503644e9ed80ae852f90ef9e841a8382e2eec6979e149a2c400a3b83055d205b4d1d66e1600e5127482932d5127eb5800d35a4ee5673fe34d84a

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-11-06.txt

Filesize
29B

MD5
0330478a07d4b5e0488ccf196966c176

SHA1
7e0ad1f9ece697fdfb4757d53ba3b1ba247bbd2a

SHA256
bfa96b5b81ec911eb68b5bfc3c3d669dfa97e2cdbb53e1fe0d05b177fc4f285a

SHA512
50e75409d9db149e05001ff27e863bc2f6278f8d42b1c7b1ed1c1bfff9fa6c8fe2219a107c8d95ef93cf698b91e409224693175538c5d5a6793e0d971791ce4a

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-11-06.txt

Filesize
45B

MD5
54c6a11bcfee5ba7ba120c25db4c3ea2

SHA1
84ace4968ffaca96ceb4963474d0982b5aa7f8b9

SHA256
ba02e9b68f9ce65fca9fad4f1aaad7bf04a06d0a4518d6be015d98010b410f34

SHA512
e4c5c7cc1d8f9e88ecea91408eca461daeb659a52b5f17e10bb33f50b8ee5e9255124c4c0af4bd186756bd36b08a76398858709556fafb625d45303b75df9d2e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads