Analysis
-
max time kernel
146s -
max time network
158s -
platform
android-11_x64 -
resource
android-x64-arm64-20240910-en -
resource tags
arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system -
submitted
08/11/2024, 22:01 UTC
Behavioral task
behavioral1
Sample
4a9ffd7bb29962d6cc668b4a9c5e65957dc7e3ef02630ce6a01fe0fc871e81ff.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
4a9ffd7bb29962d6cc668b4a9c5e65957dc7e3ef02630ce6a01fe0fc871e81ff.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
4a9ffd7bb29962d6cc668b4a9c5e65957dc7e3ef02630ce6a01fe0fc871e81ff.apk
Resource
android-x64-arm64-20240910-en
General
-
Target
4a9ffd7bb29962d6cc668b4a9c5e65957dc7e3ef02630ce6a01fe0fc871e81ff.apk
-
Size
760KB
-
MD5
3ed9ade08e0b5c31aec010fe264d7c73
-
SHA1
0a073df5e06a907a8756211278fef880c354763e
-
SHA256
4a9ffd7bb29962d6cc668b4a9c5e65957dc7e3ef02630ce6a01fe0fc871e81ff
-
SHA512
a6b320a129904813de1bc0be5964124a7dc268febd5bbdbc9460510681628b6042f8b6dc02f46cef1be9e5dc86795f70bc71b0d60ead868712f0dcc42ffea846
-
SSDEEP
12288:z+QfWqa1a8LrewbK5STXb5WmpYshXZPbGwidNpgA:z+Ua1a2ew+STXb5WmD9idNpz
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground cmf0.c3b5bm90zq.patch -
Requests enabling of the accessibility settings. 1 IoCs
description ioc Process Intent action android.settings.ACCESSIBILITY_SETTINGS cmf0.c3b5bm90zq.patch -
Tries to add a device administrator. 2 TTPs 1 IoCs
description ioc Process Intent action android.app.action.ADD_DEVICE_ADMIN cmf0.c3b5bm90zq.patch
Processes
Network
-
Remote address:1.1.1.1:53Requestandroid.apis.google.comIN AResponseandroid.apis.google.comIN CNAMEclients.l.google.comclients.l.google.comIN A172.217.169.14
-
Remote address:1.1.1.1:53Requestwww.youtube.comIN AResponsewww.youtube.comIN CNAMEyoutube-ui.l.google.comyoutube-ui.l.google.comIN A216.58.213.14youtube-ui.l.google.comIN A216.58.201.110youtube-ui.l.google.comIN A142.250.200.14youtube-ui.l.google.comIN A142.250.178.14youtube-ui.l.google.comIN A142.250.187.206youtube-ui.l.google.comIN A216.58.204.78youtube-ui.l.google.comIN A142.250.179.238youtube-ui.l.google.comIN A142.250.187.238youtube-ui.l.google.comIN A142.250.180.14youtube-ui.l.google.comIN A142.250.200.46youtube-ui.l.google.comIN A172.217.169.46youtube-ui.l.google.comIN A172.217.16.238youtube-ui.l.google.comIN A172.217.169.14youtube-ui.l.google.comIN A216.58.212.206
-
Remote address:1.1.1.1:53Requestssl.google-analytics.comIN AResponsessl.google-analytics.comIN A142.250.187.200
-
1.4kB 40 B 1 1
-
2.5kB 6.1kB 11 11
-
2.1kB 8.3kB 17 14
-
2.7kB 6.1kB 13 11
-
128 B 40 B 2 1
-
1.4kB 6.3kB 10 10
-
128 B 40 B 2 1
-
135 B 40 B 2 1
-
135 B 40 B 2 1
-
135 B 40 B 2 1
-
128 B 40 B 2 1
-
128 B 40 B 2 1
-
3.8kB 12
-
69 B 109 B 1 1
DNS Request
android.apis.google.com
DNS Response
172.217.169.14
-
61 B 319 B 1 1
DNS Request
www.youtube.com
DNS Response
216.58.213.14216.58.201.110142.250.200.14142.250.178.14142.250.187.206216.58.204.78142.250.179.238142.250.187.238142.250.180.14142.250.200.46172.217.169.46172.217.16.238172.217.169.14216.58.212.206
-
1.4kB 54 B 1 1
-
70 B 86 B 1 1
DNS Request
ssl.google-analytics.com
DNS Response
142.250.187.200