Analysis
-
max time kernel
15s -
max time network
143s -
platform
android_x64 -
resource
android-33-x64-arm64-20240624-en -
resource tags
androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system -
submitted
10-11-2024 01:32
Static task
static1
Behavioral task
behavioral1
Sample
8916722da4fa14539c7785b8ae24570043287a20870a45b33c0c50cc8c9df2ef.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
8916722da4fa14539c7785b8ae24570043287a20870a45b33c0c50cc8c9df2ef.apk
Resource
android-33-x64-arm64-20240624-en
General
-
Target
8916722da4fa14539c7785b8ae24570043287a20870a45b33c0c50cc8c9df2ef.apk
-
Size
4.6MB
-
MD5
799322311ea8b30d4d61bf671db5694c
-
SHA1
386746d10fbea70c779ea97bf2a992b91dbc000d
-
SHA256
8916722da4fa14539c7785b8ae24570043287a20870a45b33c0c50cc8c9df2ef
-
SHA512
115add7f90b86ac94df7227286af12cf9ebeeeae5364f32feff6f58c6aac72e431b4392f417446f492063e276c22021f7206d02f64fc1a08c588cb9915d144df
-
SSDEEP
49152:SeyctKx3GV++PeiNNjs1hmMr1YXPevsfSdPGRoB38GVXQBFJUEH4ircnurRvb5pt:NKxWVWiMhmeoLoBhVXQBe0np/4lpUnIg
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
Processes:
kjjff.jsjdjsdj.ssssdescription ioc process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId kjjff.jsjdjsdj.ssss -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
kjjff.jsjdjsdj.ssssdescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener kjjff.jsjdjsdj.ssss -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Acquires the wake lock 1 IoCs
Processes:
kjjff.jsjdjsdj.ssssdescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock kjjff.jsjdjsdj.ssss -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
kjjff.jsjdjsdj.ssssdescription ioc process Framework service call android.app.IActivityManager.setServiceForeground kjjff.jsjdjsdj.ssss -
Performs UI accessibility actions on behalf of the user 1 TTPs 6 IoCs
Application may abuse the accessibility service to prevent their removal.
Processes:
kjjff.jsjdjsdj.ssssioc process android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction kjjff.jsjdjsdj.ssss android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction kjjff.jsjdjsdj.ssss android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction kjjff.jsjdjsdj.ssss android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction kjjff.jsjdjsdj.ssss android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction kjjff.jsjdjsdj.ssss android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction kjjff.jsjdjsdj.ssss -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
kjjff.jsjdjsdj.ssssdescription ioc process Framework API call javax.crypto.Cipher.doFinal kjjff.jsjdjsdj.ssss -
Checks CPU information 2 TTPs 1 IoCs
Processes:
kjjff.jsjdjsdj.ssssdescription ioc process File opened for read /proc/cpuinfo kjjff.jsjdjsdj.ssss -
Checks memory information 2 TTPs 1 IoCs
Processes:
kjjff.jsjdjsdj.ssssdescription ioc process File opened for read /proc/meminfo kjjff.jsjdjsdj.ssss
Processes
-
kjjff.jsjdjsdj.ssss1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4346
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Foreground Persistence
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
Software Discovery
1Security Software Discovery
1System Information Discovery
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4B
MD5098f6bcd4621d373cade4e832627b4f6
SHA1a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA2569f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff
-
Filesize
516B
MD5615889b741927c929dbd59e92bed8522
SHA1165b1bbd413cd17c07bd4e65c1a3d1f19899dbbb
SHA25666bbe3481ed16439ee58b015f68d234aa7d2d3ee14c2d3522c18e9fa03d41496
SHA5122b704750052a5c375c16d858e76c550e65a39000687dac41236eb1c5ad1e48699c1180d91a642da1336edc91722317343759e6cc011594070394694b1f2e3cfe
-
Filesize
516B
MD537cd951e9663a69e5f4998cb53952ac6
SHA11dea316d769fbed3138123918f46826dd308de21
SHA256acd993e6c85a8562f9d085ac3abea7c0489692da1a8c53a05d1d04d4fea32e6f
SHA512317dd3d5619f09c00634ceeba2ca9d07894cd34324bfca44832c3c0e785c2f469be9be543d737125ebc65f83aed32807327ab46aaf3864e52667ae51ff868ad6
-
Filesize
1.7MB
MD5c57ec092b51247e160e49fea97b5e2e8
SHA1b7b8047e42bd9e6247e9135d29f8fec4de508da8
SHA25645dcff3a75b3c6fa937ff362cf510432149797b99484a35c871683f303fc3bb5
SHA51200d695d78b43a2cc364f9c720f9dd0a11db8750768d946294865428eb1631f54c72c46ed739ee1dedfa5742540974dd12fd2198456f07d664617eecbbe58ce24
-
Filesize
8B
MD576111eecd6d9f9349dbcca3aae6d1747
SHA19db362cbe8bf3f07201d5d6fd8c18640012c2a17
SHA2560d9bd10397a5b9f64266841319cb6d9a72e80d33ffe17c431393847222e1f6ad
SHA51266b33684c5a9be30095ef174c0a4c7da0cbd458e442d372dade83fadc8c4b03b8a26272d7fafc885f0212a5274b624a479a4297877019c09a655d0332476e463