Analysis
-
max time kernel
149s -
max time network
152s -
platform
android-9_x86 -
resource
android-x86-arm-20240910-en -
resource tags
arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system -
submitted
07-11-2024 22:02
Static task
static1
Behavioral task
behavioral1
Sample
39bef6990735d531fbb5090138dbd66800e94902e457cb5891a69d9d091611cd.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
39bef6990735d531fbb5090138dbd66800e94902e457cb5891a69d9d091611cd.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral3
Sample
39bef6990735d531fbb5090138dbd66800e94902e457cb5891a69d9d091611cd.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
39bef6990735d531fbb5090138dbd66800e94902e457cb5891a69d9d091611cd.apk
-
Size
5.0MB
-
MD5
6f8654513005a90821a998bbe6b4eab9
-
SHA1
05018b0db5a59b31e34272769e720037b468a16c
-
SHA256
39bef6990735d531fbb5090138dbd66800e94902e457cb5891a69d9d091611cd
-
SHA512
25c2b7951d3498a9a2b6c8baab5955ba4343333173076efe3ca09cf9a0d3d898951ad80fa50076d51bebb8449d5b3e238dd36c59ed2de0708046c17478a8f323
-
SSDEEP
98304:+/Uv3gxLzOouDZoLPXoEFtoSUhUsTqWXYhOJMR5V:+/I+HnuDZzEF2SkOWXYhOJMl
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
Processes:
ksdksdk.skdaksdk.aksdkasdioc pid Process /data/user/0/ksdksdk.skdaksdk.aksdkasd/app_senior/EUQUdd.json 4245 ksdksdk.skdaksdk.aksdkasd -
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
Processes:
ksdksdk.skdaksdk.aksdkasddescription ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId ksdksdk.skdaksdk.aksdkasd Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId ksdksdk.skdaksdk.aksdkasd -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Acquires the wake lock 1 IoCs
Processes:
ksdksdk.skdaksdk.aksdkasddescription ioc Process Framework service call android.os.IPowerManager.acquireWakeLock ksdksdk.skdaksdk.aksdkasd -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
ksdksdk.skdaksdk.aksdkasddescription ioc Process Framework service call android.app.IActivityManager.setServiceForeground ksdksdk.skdaksdk.aksdkasd -
Performs UI accessibility actions on behalf of the user 1 TTPs 5 IoCs
Application may abuse the accessibility service to prevent their removal.
Processes:
ksdksdk.skdaksdk.aksdkasdioc Process android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction ksdksdk.skdaksdk.aksdkasd android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction ksdksdk.skdaksdk.aksdkasd android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction ksdksdk.skdaksdk.aksdkasd android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction ksdksdk.skdaksdk.aksdkasd android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction ksdksdk.skdaksdk.aksdkasd -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
ksdksdk.skdaksdk.aksdkasddescription ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone ksdksdk.skdaksdk.aksdkasd -
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
Processes:
ksdksdk.skdaksdk.aksdkasddescription ioc Process Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS ksdksdk.skdaksdk.aksdkasd -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
ksdksdk.skdaksdk.aksdkasddescription ioc Process Framework service call android.app.IActivityManager.registerReceiver ksdksdk.skdaksdk.aksdkasd -
Checks CPU information 2 TTPs 1 IoCs
Processes:
ksdksdk.skdaksdk.aksdkasddescription ioc Process File opened for read /proc/cpuinfo ksdksdk.skdaksdk.aksdkasd -
Checks memory information 2 TTPs 1 IoCs
Processes:
ksdksdk.skdaksdk.aksdkasddescription ioc Process File opened for read /proc/meminfo ksdksdk.skdaksdk.aksdkasd
Processes
-
ksdksdk.skdaksdk.aksdkasd1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
- Queries the mobile country code (MCC)
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4245 -
getprop ro.miui.ui.version.name2⤵PID:4481
-
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Discovery
Software Discovery
1Security Software Discovery
1System Information Discovery
2System Network Configuration Discovery
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.0MB
MD52e08a8d95038e6cf3b7b9a5e6a2a93ea
SHA1248831867b68635de9685c92d2016376065b427f
SHA256273e899da11bc4c5e07b270d8370fec68bad41f56e1dd4fc65dbe4aba0f56122
SHA51209a159c7b3b38c44543150243e3fbc7b1eb5a26f3f1ba579684470e582c95be357a7823a4ecbe8ec4849ec76cbb4f52767c5be22439c994835b088cd236f49cd
-
Filesize
2.0MB
MD5a80f5eb22e97ab87f4e5aff1f741c3da
SHA1cb1b6056a07c1917d897f7be82d8c22f829b4fcf
SHA256f936a25617dd5f5b5c7ce941470f54b5790ee81a128e21e151630b227dd6add3
SHA512889f8d112c42b0c3687756e1a1934cffd0b64846475b4c8e050dc82a83c47c92bf5a09f42dbca24c5d6c5076a0bef3b4ed6ae05908ddf186101c69865ef89348
-
Filesize
14B
MD54c1809c31f018f8645a2879bf6fe538a
SHA1728a8e37f95bd1bf9ddcbd5d9345ddd4058b45ea
SHA256f749b919effb22a4a479f08e61e22a0a1ea42233dd1bba06be0c14517775a100
SHA51258085450e592182ea74d9fff6cf48a6fc7787153c9d71a9725c95f6bee4cd6686e47b4706c1e4754b0cdd9ee7d14685d3f12d3f9423ef1adc10e3d03509dd3c1
-
Filesize
4B
MD5098f6bcd4621d373cade4e832627b4f6
SHA1a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA2569f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff
-
Filesize
7B
MD58bd634bb8a36e5982b00cead5528b5cc
SHA1f58d82b60c9f338648a00aa6f4fb83b39ed225eb
SHA256d2cb49216759f2d2666a702518a34da8d2a53a6fa042992d517bec6808c833dd
SHA512d3ca77c4be81cf0d0c62831af9417cbbaeb455098b4519364a16c79474779dd98a12f521787f6468fe7eccbc2d7a6034eb1499a60e4a95dc3d35fd0166ab52cc
-
Filesize
516B
MD5d639a6cc12255df590a757c9635e5c81
SHA1d002a8525fd750d66e35b1022aa19e71b0fa5ee6
SHA25675f9990c14e88c2134e3a10ad20d74dab144ddf7e31c2a3871957738c75f00b6
SHA512d27d43ac2d1d3f9423b776a7d74db6a4e7a004b4d1155077feaefa0b8e84006c9d46a54357e105425ede8a144a987a21cf488fa441fcbdb40da8662b65c02e18
-
Filesize
516B
MD50a4a9dc6932e00bd281b70c1154945ac
SHA1273d5bee4f147f6fe078a84854971027919a0e92
SHA256ad7799f6c28aa12a3a69528aea1d1ed4da1a1d0c9a0dfaf7dd88e9508af150d3
SHA51293ad9a270e6cbb59eea6f538f68bba12870c9c07c3a7ddcfa0da173daef3bf25cf19caf817c55c4eb983efa2d9a5d0bd3acdc9a00ec34c45b85be7c76743c130
-
Filesize
5.4MB
MD5a18d06172838e95e52f55fd14c2e47bf
SHA193d3f2c86c88c0ad583f6f90b36b8f1eb29c8c40
SHA2562c3ff2f3d03a3be487d83b3b3963e7a7f8d43c179ed43ef4e980741b850b89a3
SHA51293d612b099fc44ce124acd846a085817f30bcaffa0778fb2c6e00029cedcc6ef15f75ab19cbf1b2373310034e7fbb2d2b8e3831dc173d1ed69c445c9169a1af5