Analysis
-
max time kernel
149s -
max time network
158s -
platform
android-11_x64 -
resource
android-x64-arm64-20240910-en -
resource tags
arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system -
submitted
06/11/2024, 02:40 UTC
Behavioral task
behavioral1
Sample
5415d740f286a1ff7f7a22df18a9910c66841402a151a37b7fb2bb673b1cf63b.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
5415d740f286a1ff7f7a22df18a9910c66841402a151a37b7fb2bb673b1cf63b.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral3
Sample
5415d740f286a1ff7f7a22df18a9910c66841402a151a37b7fb2bb673b1cf63b.apk
Resource
android-x64-arm64-20240910-en
General
-
Target
5415d740f286a1ff7f7a22df18a9910c66841402a151a37b7fb2bb673b1cf63b.apk
-
Size
64.0MB
-
MD5
b261bda3ea80addbea9e282f840ebe10
-
SHA1
660ea4e4177fddd07ad4aa70eed41d100e6c9938
-
SHA256
5415d740f286a1ff7f7a22df18a9910c66841402a151a37b7fb2bb673b1cf63b
-
SHA512
ef9848686f672dcb9df064bc2b8abc4735009a7d20b8ab600274546eb060b24dc07277633e3ab9eb0baadbca327339f7b1d283d83961c2c8c8bd1a4068f6958c
-
SSDEEP
1572864:5DaeuGCBiCYbdIqLcuc4ET4SoxM1m/9DlQrct2zOSj5KF+Be:pCcdBct4Dx7pQYq/Ur
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId rel.competition.closer -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock rel.competition.closer -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
flow ioc 29 1.tcp.ngrok.io 84 1.tcp.ngrok.io 139 1.tcp.ngrok.io -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule rel.competition.closer
Processes
Network
-
Remote address:1.1.1.1:53Requestandroid.apis.google.comIN AResponseandroid.apis.google.comIN CNAMEclients.l.google.comclients.l.google.comIN A216.58.201.110
-
Remote address:1.1.1.1:53Requestwww.youtube.comIN AResponsewww.youtube.comIN CNAMEyoutube-ui.l.google.comyoutube-ui.l.google.comIN A216.58.204.78youtube-ui.l.google.comIN A142.250.200.46youtube-ui.l.google.comIN A172.217.16.238youtube-ui.l.google.comIN A172.217.169.46youtube-ui.l.google.comIN A216.58.213.14youtube-ui.l.google.comIN A172.217.169.78youtube-ui.l.google.comIN A216.58.201.110youtube-ui.l.google.comIN A142.250.180.14youtube-ui.l.google.comIN A172.217.169.14youtube-ui.l.google.comIN A142.250.200.14youtube-ui.l.google.comIN A142.250.179.238youtube-ui.l.google.comIN A142.250.187.206youtube-ui.l.google.comIN A216.58.212.206youtube-ui.l.google.comIN A142.250.178.14youtube-ui.l.google.comIN A142.250.187.238
-
Remote address:1.1.1.1:53Requestandroid.apis.google.comIN AResponseandroid.apis.google.comIN CNAMEclients.l.google.comclients.l.google.comIN A216.58.201.110
-
Remote address:1.1.1.1:53Requestssl.google-analytics.comIN AResponsessl.google-analytics.comIN A172.217.16.232
-
Remote address:1.1.1.1:53Requestssl.google-analytics.comIN A
-
Remote address:1.1.1.1:53Request1.tcp.ngrok.ioIN AResponse1.tcp.ngrok.ioIN A3.141.109.23
-
Remote address:1.1.1.1:53Request1.tcp.ngrok.ioIN AResponse1.tcp.ngrok.ioIN A3.135.79.72
-
Remote address:1.1.1.1:53Request1.tcp.ngrok.ioIN AResponse1.tcp.ngrok.ioIN A3.135.79.72
-
920 B 40 B 1 1
-
1.1kB 4.5kB 9 7
-
8.6kB 40 B 4 1
-
2.5kB 5.9kB 11 10
-
2.1kB 8.3kB 17 14
-
2.7kB 6.0kB 13 11
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
1.3kB 6.3kB 9 9
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
180 B 40 B 3 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
120 B 40 B 2 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
520 B 10
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
120 B 40 B 2 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
128 B 40 B 2 1
-
135 B 40 B 2 1
-
135 B 40 B 2 1
-
128 B 40 B 2 1
-
60 B 40 B 1 1
-
128 B 40 B 2 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
60 B 40 B 1 1
-
69 B 109 B 1 1
DNS Request
android.apis.google.com
DNS Response
216.58.201.110
-
3.9kB 13
-
61 B 335 B 1 1
DNS Request
www.youtube.com
DNS Response
216.58.204.78142.250.200.46172.217.16.238172.217.169.46216.58.213.14172.217.169.78216.58.201.110142.250.180.14172.217.169.14142.250.200.14142.250.179.238142.250.187.206216.58.212.206142.250.178.14142.250.187.238
-
1.4kB 54 B 1 1
-
69 B 109 B 1 1
DNS Request
android.apis.google.com
DNS Response
216.58.201.110
-
140 B 86 B 2 1
DNS Request
ssl.google-analytics.com
DNS Request
ssl.google-analytics.com
DNS Response
172.217.16.232
-
60 B 76 B 1 1
DNS Request
1.tcp.ngrok.io
DNS Response
3.141.109.23
-
60 B 76 B 1 1
DNS Request
1.tcp.ngrok.io
DNS Response
3.135.79.72
-
60 B 76 B 1 1
DNS Request
1.tcp.ngrok.io
DNS Response
3.135.79.72
MITRE ATT&CK Enterprise v15
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
13B
MD5de2c41a51ee9246eb1708f65b511add0
SHA12f442d634c8a18760a232c8829d4b5d74a52f074
SHA256ad2d914ca347cd1930e32f21c6d5448c34104bea181b93abc85ec518985653ab
SHA5127cdfbd001594503644e9ed80ae852f90ef9e841a8382e2eec6979e149a2c400a3b83055d205b4d1d66e1600e5127482932d5127eb5800d35a4ee5673fe34d84a
-
Filesize
29B
MD5621f9425436b66436a4ee0be89b42d8e
SHA1f3fa61140cf45325628a68700dc8b61029f99736
SHA256b0dbbd96c28234895fb6c04b93a509967bc59884c0dcfa7c5b5e7143bf403d5b
SHA5124002e1ef91d4c5ca68755132e7a0201b7fe227c19adc6f88eba8b8a348778eb315ae6e2714a898e8abeb6cf7eecfb714e9f3fbf5bd9fb7ed4440c37322c12bf2
-
Filesize
45B
MD554c6a11bcfee5ba7ba120c25db4c3ea2
SHA184ace4968ffaca96ceb4963474d0982b5aa7f8b9
SHA256ba02e9b68f9ce65fca9fad4f1aaad7bf04a06d0a4518d6be015d98010b410f34
SHA512e4c5c7cc1d8f9e88ecea91408eca461daeb659a52b5f17e10bb33f50b8ee5e9255124c4c0af4bd186756bd36b08a76398858709556fafb625d45303b75df9d2e