Overview

overview

10

Static

static

10

20bfd2b246...fb.apk

android-9-x86

7

20bfd2b246...fb.apk

android-10-x64

7

20bfd2b246...fb.apk

android-11-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    07-11-2024 01:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    20bfd2b2466fad95b88cf5067b29a0dbabf5016ccbffbb3a672c7366b8ec7dfb.apk

  • Size

    3.8MB

  • MD5

    42d05c75286bcfaff3d1721d813f182b

  • SHA1

    e28b64dcfcd1f985e66557e9defa50893d3673e0

  • SHA256

    20bfd2b2466fad95b88cf5067b29a0dbabf5016ccbffbb3a672c7366b8ec7dfb

  • SHA512

    65cedc6f876bfd56b7dcc797cde5471a27aa5cdb83a1ed0e52265b5ba6b3e3a1a787587e1377f7cb4a5f51e45343a863493cbf07f25a57da0b5940f8638eac76

  • SSDEEP

    98304:btyuPe0dVqg8144bQimzLzBATc0tUSaKz:htGrg81lQNzKvDR

Score
7/10
bankercollectioncredential_accessdiscoveryevasionexecutionpersistence

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • guild.arts.seeking
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Checks CPU information
    • Checks memory information
    PID:4262

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-07.txt
    Filesize

    41B

    MD5

    bc7a1de6d4dbada6b99f42fd40dd43e7

    SHA1

    16e7245a2b44d195c173d50cdc56de1a88857d24

    SHA256

    416d5d568fc5038622f9c4fd39059cbca7309bf96ef769065d6d2776fd86e64c

    SHA512

    ff9faedd6c4f57862de4eb241347b06724961130f8834f99881eed93c2a9d96f9e5e4d3aecb60276ae22c7cb59c34daee89c517cad67dda3342089573e7363c3

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-07.txt
    Filesize

    25B

    MD5

    ba30336bf53d54ed3c0ea69dd545de8c

    SHA1

    ce99c6724c75b93b7448e2d9fac16ca702a5711f

    SHA256

    2d6988fb5afdaafc4e33fa1f71d6f10c95ab5a49a8ec820add5b13eef05439af

    SHA512

    eea34ca526e03349e746d3687ea660b4748f0174fe2ffdb65161e232e08630b345e03329614852ce881a71362ba68575e9dd08fa361a416e5b2fb231e21a0a3e

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-07.txt
    Filesize

    296B

    MD5

    1d160906d920760ca7aa4626148e7d73

    SHA1

    6820361cbd8aca2dc902943213347c7f7e081b2e

    SHA256

    644384772028d904ef6ae26caef21e7004161670e8114a65f3202d26f2bdcb95

    SHA512

    f8141c13de2f6704f5a66a87ea97874f5bf9281f0c888404307b6e6cbf7e4ac2517289f5e0823d4e81c9d33cd497a44b084d0adf92e73a3920068e5a73ce99cc

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-07.txt
    Filesize

    69B

    MD5

    eae1a075878b97fa7b4ddcb26c97d019

    SHA1

    931472823c26a0c31a018d749a3d3a28ff95a39e

    SHA256

    bbdafa121bc0460dee47e8ffbb351cdee699ec0defcdcb7be7f82e1ffbedb2a6

    SHA512

    49bdf691853661037f478e010dac9e779ac9d234abdb6759ab37760618aaeb37d8f5df73d949b94d65d81c489c31e5540ad8aaf7dedb07f43d116f7a789bdd2f

    Download Submit