Overview

overview

10

Static

static

10

e9515238f0...a9.apk

android-9-x86

7

e9515238f0...a9.apk

android-10-x64

7

e9515238f0...a9.apk

android-11-x64

7

Resubmissions

14-11-2024 13:54

241114-q7t9qazfrb 10

12-11-2024 22:07

241112-113bvs1nhs 10

Analysis

  • max time kernel
    99s
  • max time network
    150s
  • platform
    android-10_x64
  • resource
    android-x64-20240910-en
  • resource tags

    arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
  • submitted
    12-11-2024 22:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e9515238f096e249a73b7cce538cc54dd890f71dfb972e9b830fafa4b52051a9.apk

  • Size

    3.4MB

  • MD5

    36794af87e599f3598490a24fb772b91

  • SHA1

    8eb5e5e5092b5abb8d1f3c04c3baf5ab0321a890

  • SHA256

    e9515238f096e249a73b7cce538cc54dd890f71dfb972e9b830fafa4b52051a9

  • SHA512

    a2fc5e2cf2990f1d416129b356c37db7dc60e07ce5c74c2d54dd17b9fd66d34bcca8d7ad86c11082501c54b1702cd980106b7ce112c83c0348333a669424ef8e

  • SSDEEP

    98304:PPPWl9BImOCp+CoR9b+0sGC9Pc89Sk5rY03Ldraaj:HPWl9BnO0+59iFx9Pf9Sk577deaj

Score
7/10
collectioncredential_accessdiscoveryevasionpersistence

Malware Config

Signatures

  • Checks known Qemu pipes. 1 TTPs 12 IoCs

    Checks for known pipes used by the Android emulator to communicate with the host.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 4 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries information about running processes on the device 1 TTPs 6 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Acquires the wake lock 4 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 4 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Reads information about phone network operator. 1 TTPs
    discovery

Processes

  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Queries information about running processes on the device
    PID:5072
  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Makes use of the framework's Accessibility service
    • Queries information about running processes on the device
    PID:5143
  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    PID:5214
  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Makes use of the framework's Accessibility service
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    PID:5322
  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Makes use of the framework's Accessibility service
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    PID:5385
  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Makes use of the framework's Accessibility service
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    PID:5466

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.example.mysoul/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.example.mysoul/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    1ebc5a8729fa3c8090c2198c4e816dac

    SHA1

    e16fb1770a08349d0a044f426c151bb9e246184e

    SHA256

    643b9f7ec87594ba4f6ae9f110981ad59e6182679c63973dec7a9bb27fa54698

    SHA512

    2a16dab883990f835050a91464872638be245cd04f1f08c4cb6ce371b36939c1034abca62328088be18c4de2c054785e331c9fde2b77cbd8b9af2bcad7509191

    Download Submit

  • /data/data/com.example.mysoul/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    7bb70f6df0ce84b813d41ac229a054f7

    SHA1

    07b214b32e2ee778dd995b34c3d73b3fb97c849e

    SHA256

    e9a17f41b5c8ee7672a1a0a3d9863bcd52e657c7251e3af2a5327dc85f424b06

    SHA512

    307846157c68f7aa994c47af8fea8043bb36a586933e2f916d62d47b33fe531ae99138d935b2eeb945404c93293dc315f5ac931b4fbfa6a0b6154d0f60c6a686

    Download Submit

  • /data/data/com.example.mysoul/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    add191da45b940a27c5c10c00750e459

    SHA1

    6aa81e7cbbf656cb9e7d0c3baf1ce1fc78118008

    SHA256

    de00eb5f031dfb0d9c98164dfa4cca51b1d65d8dedc91c785660844fc2a95e6e

    SHA512

    55944f2da5ce5025eb84e55b5b790753b22d6d5608ca640c597176baf7f1c9a1c6ea5de7673bfd5e6334afaae3a392bb3f1c2898325e5f756d9200171b71e922

    Download Submit