Analysis
-
max time kernel
150s -
max time network
156s -
platform
android-11_x64 -
resource
android-x64-arm64-20240910-en -
resource tags
-
submitted
06-11-2024 03:23
General
-
Target
ac29f87ad5fd5d3da35e8c4516cae207c81656c024bad3466c7c9c6f1b619687.apk
-
Size
680KB
-
MD5
ca55f28d7f288ffc4e3805ac91ab2a30
-
SHA1
dab80264250e4046a21709c09c3038302dbdb593
-
SHA256
ac29f87ad5fd5d3da35e8c4516cae207c81656c024bad3466c7c9c6f1b619687
-
SHA512
6418ce1b48d70f587b14ade3882b2150bf9b5b5c83f352620e0a879f7375d50b23ac0ecbf8c514e99ae17cc029259f6c67e1dca373490740bdb9d047deecf7b1
-
SSDEEP
12288:lwlbo9GgLRBWItYYyow7HCgI4xoQBjj1dFvFIt1+QvZI46Rq21tg+75vV:lwlfglBWItYYjwjCgI4C+jpStUD4GNOm
Malware Config
Signatures
-
Removes its main activity from the application launcher 1 TTPs 1 IoCs
-
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Acquires the wake lock 1 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
karenn1.expiration.picked1⤵
- Removes its main activity from the application launcher
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Foreground Persistence
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
32B
MD5272448d83f5e277405b7ed65aebc147c
SHA19ac46ca1f477ecc0bf9251e61fb1c3956b7ba12d
SHA256d53bc4f41fa122aa8ac5edd8b311a8cb6e01bceef6d1698ad87041ddad276e73
SHA5123f6d8ad72406605dc77f00d6afc27cbd7820c7e5ff56616a650495f6c00791af730426126ba867dfa06d9654f3fd07782ad2a0d7a38cce92b7ef0807bd9d610f
-
Filesize
12B
MD5a9256f55737b655c8cff95418411997c
SHA1d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24
SHA256bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412
SHA51210d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574
-
Filesize
275B
MD5e283381084e76431e5097822a03e013c
SHA1f20cafa7b6b3dc75f89e7f4749ad865c9b421568
SHA256f5b677b2ac0b960e08ef1befdce5222c388a0bfd3f3f9f6663ca72447218e900
SHA5126603e580724a3e8817558a20b8d6d199db321b7ae39c60433a8b145d7c072a7907b2e225fe7125bf5bfafb63113e460bfa02b0a4d0c1fb6de5abbccddd1d207d