97cf6752734816208ff03eea523825bcfc7270d52d8c5f0f02951236885e0403

Analysis

max time kernel
149s
max time network
162s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
11-11-2024 11:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

97cf6752734816208ff03eea523825bcfc7270d52d8c5f0f02951236885e0403.apk
Size

12.5MB
MD5

42ad0ff73e0b4295a4ae2ca600b9e5fa
SHA1

7dd9260843bb1ee8613fc2eb913e776b4c0fcbb4
SHA256

97cf6752734816208ff03eea523825bcfc7270d52d8c5f0f02951236885e0403
SHA512

59efd73b3eb3ff2a17bf88b42575d142fd54c9eda6eb5316444efa14c1980991e11e1780ea3f71d082d5bef7ec74fe023d221ed962b083650ed9f4c6ffc766ee
SSDEEP

196608:mAgbdVg7aNmVAcIro36mugUFcs1Pohd2r7+2Lejjd/1dTWr2pRCYgY8:mAg5N8Atro78cskT2LijZHWipRFP8

Score

7^/10

collection credential_access evasion execution persistence

Malware Config

Signatures

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.shes.maox3000k

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.shes.maox3000k

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.shes.maox3000k

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.shes.maox3000k

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.shes.maox3000k

com.shes.maox3000k
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:5058

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/Config/sys/apps/log/log-2024-11-11.txt

Filesize
20B

MD5
d6ea019461671ae729691261cbdb2e45

SHA1
980a183c51b94314887117d2d150883a42f83b84

SHA256
1ed4ca672c92b231ac046c50cb0b4f4b688104b9a318a48ae566cd2f0bf6d523

SHA512
d4329310857942f95628dedda7cf4d3f0e2c9f0dcaae56e048b40f803d940a0867d18f5f2f1931ffac45f179dccc3ad5fafdbf1ec9ae5fd0186ea64faf93fd91

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads