14755f01cbbd82957b10c53ccd04c4be26f11fad36a9648d6e6126ee4dd82685

Analysis

max time kernel
149s
max time network
154s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
06-11-2024 04:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dcdf640e0eef93ff9708e73c461d98f30433770edd2a92f603c8e66f23cf77c1.apk
Size

4.4MB
MD5

bb08e80aec323b4d48fdab77cdb55e64
SHA1

4dfe47e30c12aa55916710595af5b4d9a566f7b8
SHA256

dcdf640e0eef93ff9708e73c461d98f30433770edd2a92f603c8e66f23cf77c1
SHA512

7fb11906ecb30b9965d2e62ec285375c2512c6b9d9258dd6f551bf963eeb91221f57249a19ae4fa72e00a7af8d35697ed332f4cb7bde18922b12df0f70df1e86
SSDEEP

98304:h+MmeDlnUvhrY8dvHgaffSm1jns0s1vYaMeZCmzVzBCTK0tIVwb3:HlnUvNYUvA3mdnPqYmtzyp93

Score

7^/10

collection credential_access evasion execution persistence

Malware Config

Signatures

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	muslim.begins.produced

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	muslim.begins.produced

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	muslim.begins.produced

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	muslim.begins.produced

muslim.begins.produced
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Schedules tasks to execute at a specified time
PID:4508

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Foreground Persistence

T1541

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/Config/sys/apps/log/log-2024-11-06.txt

Filesize
13B

MD5
de2c41a51ee9246eb1708f65b511add0

SHA1
2f442d634c8a18760a232c8829d4b5d74a52f074

SHA256
ad2d914ca347cd1930e32f21c6d5448c34104bea181b93abc85ec518985653ab

SHA512
7cdfbd001594503644e9ed80ae852f90ef9e841a8382e2eec6979e149a2c400a3b83055d205b4d1d66e1600e5127482932d5127eb5800d35a4ee5673fe34d84a

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-11-06.txt

Filesize
21B

MD5
0de6a80ab77b4050a8a4363a240f6962

SHA1
db860200fe4ed0acc53415efe4bdac0f827545d7

SHA256
efadfde37f567c7bcb6272ff212c4a56c30d77f40d83b4af4d6f190f4e75d2a5

SHA512
f098eca4922b320e5e0d46492c41f7c655c612a257f9cd0c433a96a0944aa01509b034c2255c142433dafd8e02c5630c8493703bd197f1f4d109670d5e7b1c79

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads