b960ede018834eb90efc27162c488cf329c49ca62475661907af0edcd8221364

Analysis

max time kernel
149s
max time network
159s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
07/11/2024, 01:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3ef9e9ab4b0f5c39d65f43b2227984e6ca423adad60e828f6af2e0eb7ac78284.apk
Size

8.5MB
MD5

d96ee475dd19e74082f86e8441711216
SHA1

d8c2ed452a4713c1899f737665a3f9552b162317
SHA256

3ef9e9ab4b0f5c39d65f43b2227984e6ca423adad60e828f6af2e0eb7ac78284
SHA512

f076533d4edf96eb9f9a13a24706336339534aec6bfc53abf031fc339c9082059e1c93209f0d701f977a6be7628c1e0908310b11544a61d842bd8a72f3f09180
SSDEEP

49152:QH4xdmhWvywHDSkvd22aznyBe1lQIPbRLXJ+hXrXmzJzdGGSQTOnnUlYqW0cgR5t:QYvmkywjRAQe1DRLXwhDmzJzB9TI0tRD

Score

7^/10

banker collection credential_access discovery evasion execution impact persistence privilege_escalation

Malware Config

Signatures

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	fs.mazda.rentals

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	fs.mazda.rentals

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	fs.mazda.rentals

Tries to add a device administrator. 2 TTPs 1 IoCs

privilege_escalation impact

Device Administrator Permissions

T1626.001

Account Access Removal

T1640

description	ioc	Process
Intent action	android.app.action.ADD_DEVICE_ADMIN	fs.mazda.rentals

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	fs.mazda.rentals

fs.mazda.rentals
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Tries to add a device administrator.
- Schedules tasks to execute at a specified time
PID:4478

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Foreground Persistence

T1541

Scheduled Task/Job

T1603

Privilege Escalation

Abuse Elevation Control Mechanism

T1626

Device Administrator Permissions

T1626.001

Defense Evasion

Foreground Persistence

T1541

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Account Access Removal

T1640

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/Config/sys/apps/log/log-2024-11-07.txt

Filesize
29B

MD5
ece45f8623243feea4df6c2fe45b36e1

SHA1
ef24e005271d92ed255e24a40a15d94b0d5f6bd3

SHA256
e011b2d4119782d41972729f76497925f6f503f6b87dbf8363a50d5134ff39a2

SHA512
86e5a142bb1c4607af14414558fca4711e9a043842aef5add7229d2b49a640d43d62383729edd60869f26e2ad28218d48228303e358b56038267d8bdaf6353da

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads