Analysis
-
max time kernel
70s -
max time network
155s -
platform
android-9_x86 -
resource
android-x86-arm-20240910-en -
resource tags
-
submitted
14-11-2024 22:10
General
-
Target
aa82bb177092332453a1a774c60f9c61d1e0bf8b3809f6d15cf0c7d028efa0f6.apk
-
Size
1.9MB
-
MD5
4519ee2b39b8ecbd76679a79a18a0147
-
SHA1
238d9d5911524bd2e3c3c44c4c675c52b67377f6
-
SHA256
aa82bb177092332453a1a774c60f9c61d1e0bf8b3809f6d15cf0c7d028efa0f6
-
SHA512
50bd2e04fe84061b16b75f395fb8a93c8768a7747c0870f725cf1126a590b07f5dd98cd06c6a13ffc1ebed339f5783f3832855e4445dca68a6c51c3d3e7bd8d6
-
SSDEEP
49152:+gmi4seJhBtNLqt91cCkUuHrXPpZ89KGO:cbB/Lq+Ck3HRGO
Malware Config
Signatures
-
Removes its main activity from the application launcher 1 TTPs 3 IoCs
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
-
Reads the contacts stored on the device. 1 TTPs 1 IoCs
-
Reads the content of the calendar entry data. 1 TTPs 1 IoCs
-
Reads the content of the call log. 1 TTPs 1 IoCs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Acquires the wake lock 1 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.tencent.mm1⤵
- Removes its main activity from the application launcher
- Makes use of the framework's Accessibility service
- Queries account information for other applications stored on the device
- Reads the contacts stored on the device.
- Reads the content of the calendar entry data.
- Reads the content of the call log.
- Requests cell location
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Execution Guardrails
1Geofencing
1Foreground Persistence
1Hide Artifacts
1Suppress Application Icon
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Discovery
Location Tracking
1Software Discovery
1Security Software Discovery
1System Information Discovery
2System Network Configuration Discovery
2System Network Connections Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
512B
MD5b7491e4691752bf97f1360d85b09c1c2
SHA1a72643f941f124bce7a1272ef886af630f632b04
SHA2562e607eda83081a201d5a8efd8058942350a19ffb2cb3c6af0fe85cb8ec4eec53
SHA5127ed7c4c77f057f94b3d2659e27a62045eb21075ba17ae7e1568a15db9570b6a1568d6f9e5022775832e83a5ce4a8ed3de28c76ef26d22e6b371556020492f727
-
Filesize
60KB
MD5d14cf9ae032b1ec00fadc27d042507d1
SHA1218530b70016e234b2d497b8b62d1a741af2d5b8
SHA256d90198b439a12919a3c271d81cebe6597e839e531a1e2b6eaee43ff2b19405c3
SHA512e0383cc88ad37f916b6c3ca0f7fe1de77b93a35668056b8efdadac129875fc431d643ff9fef6e61af6050a11373b771dbefb718e6df458592c0a97cd63ae2cdb
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD501eecb21826d6192899987a072566ac0
SHA12c978b85f352753a5950d23f0bbcfdd37eb0a7c6
SHA256fb3eeffc0f9553efc04555055a73dff1465e54870ebb254630e176bcb75bb620
SHA512cdd3dc9a33460aa9015f440dd4fa9373e11754c51824529b73e470a078f6f53911c6bba61c53274fb011e873d9396fe21e89eaa91c9e8dbe93abc61145a3fda6
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
68KB
MD5492a12eb47919712246adf63d611c496
SHA148b26b0431acdd507a5b070dd79f62c62f07b770
SHA2569051ccb5ba5352e7d05d8cdac14d2f64958263d63a1267a79ca69b15989c371e
SHA5120eb5029a08a0322a7d43f126e631ff9e7e64d021de51ecb2bf17ec4832305233f4ba176fafeb0aedfeff1f7325ec62c939b5d1346b45325a8174339eabaf17e9
-
Filesize
3B
MD558e0494c51d30eb3494f7c9198986bb9
SHA1cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d
SHA25637517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570
SHA512b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4
-
Filesize
116B
MD51ba1b969547dee0d49ddf2d47e8f0f1b
SHA14ce0dd65ebe3e899946d95474cfed980f93e3a83
SHA2560451839f68570e4f4716ed5fb81be2ec37328e919f5098a6354d0713ba152a74
SHA5127017af827496715a6ca428c01915a979236fe252fbb02e3c8d1da1de8f8bd91a531be0a05ca18c25407d32be371843b443afa6e27e36a9b617a52762398d0afe
-
Filesize
126B
MD5480a174139c9e9e0f862a24e5ab18c89
SHA1ab3bd7b791721dd77bcbca884a2cf88cda692545
SHA256a4b2d08f427ac3678ee574e513e2f913c048fc47c23963e52c8db767ad6ffe39
SHA51272d4f6afffad28c2e71ab798b883b4618f383535badca971c5739d216e22d9bc0270f2982ec88d3efe3f56f9e7660e019f67568791f295f3fbf04b8e1e6d39ef
-
Filesize
116B
MD51145e2972422434c1d692883b14b51fb
SHA1663758f87b8710f02576773ee0dc9f80a96de14b
SHA25639b86f90910ebfc06264cbc8d77dcd4d6ab4d01071768e6a9cb1f9907291c5d5
SHA5120833e5e5860eb6828ea496b6d96968dee04c3a58243d87ce33901e4528c93055b51d546e2bc928df66a0d2bbb66fb8f48e2493ca675b3b203e1a214c20309ca3
-
Filesize
126B
MD5c01db972feb937dbf29128b92a364cdb
SHA15426bf8af4e036633e952b469e9ab813307ae24a
SHA2564b80a4dcf220efdf0b66716c65356b67964082894587cf3de2e2da38528045fa
SHA5120e6666624bb057058ffd4c1823a439ff4c6a5758b71b97ec6dd60c46620f54c6c7bc96c258c9d5fc1415ca5c338ffa413c7ec74e5a31b58223c01d0a94bccdb6
-
Filesize
116B
MD5538b6d8ef96aaa85e7f9c1dcdf4257dd
SHA16388623876f4401a22377e7518eeb9bcede508fc
SHA25695cbdf559f685c2468ae0bdb76983815fb0736176ea026c887309b8387abeb3c
SHA51218005a6d5b212d5f1862a2af6a7fd39a2522ea8f50a9590834600409a614411ccdc9157669cf08d6f136b38dc9431c33ba49b3984fa5514fd8c654e00e7def94
-
Filesize
126B
MD50af8baf97726a1f5e31e0bb324e4f19b
SHA1b93e8966e15b6baef6d679cf503f207376b45198
SHA256f1615061c8c701ef2d4e45900da1efb7681ea9444759081fb1f9e27e4b59cdb3
SHA512565ad4ce78ff56e3065a6917ee47a1cd97565817dbd46e643e3194496689eddfe6f12a245bafa618be82bc762174aaa67b9826d9f0b0bf4770305145e0be6702
-
Filesize
193B
MD534d8a8b040009f4a61332beb968220df
SHA1b3d5a6f6980cc0c5430312eccaae17faf894da2b
SHA25647214e7cd286f26cefea8e24d005c2ac3794f0a9df85fc4d25f0689eaee393fa
SHA5128d59d55158dd1b3b297c01bbabfcef8f96fcf379c31657d1d6460690a8ad40cb3ea117b223b4add7ac892e8d1ef65a1802a6dde27cdc17fd42d2007574fcc0c0
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
609B
MD5b2f609ef28847df8da88849a7e1116f8
SHA11babd0abb23af41e92eef5d00ecdc4062624c3fc
SHA256d377400f40efcbbac19d695147f0b0c7fab0668fdc990397367789a2965c89f5
SHA5124de03327196f33f64a3c07916ea8e978fe64716ad3d2c77bf4389007fce5a700b6c9234cf60321144bf5b57b0d72764efd22610fce62939513371a0321c9351f
-
Filesize
5KB
MD59857c0caa99fde5d0bf47c0ee0fd821b
SHA1ef4629899e6ebbdbaf45ca4885f5b960da25538f
SHA256d68311a5561ada62ee327cda3a9b29c41ed0d7bc16586f9af6d5595a96d497a8
SHA512312c11c7b41384fd5a7ef466f06813c09f6c661ade0ed4ffe6e8e88969f2ba31257a90333b13ce8d4b2ab0692318b638f06aecfea11aeb2df3739580e635a148
-
Filesize
24B
MD5392d481bcabdd9f606810c4a1b47166b
SHA1cfb70e1b57c3d898756d802dd67779e145f10061
SHA256717d9248b3941e954f037c2daa43311aafbeef22d5451b10c6252b7bc3323185
SHA51237f7668321f8d876433d20684735a1ceb4a25457b8af9b1223da7a70aabfd1741f92cc060fc46862f470beb188df3816a86b2bec763a2b22fc958df2a00a6b6d
-
Filesize
16B
MD53dfdf110f7f4c430f4fa542e45904636
SHA1dce0cc47cff5934790defb3b3466bf467715db6d
SHA256d0be6a20981050c89eb1336c5d856daf96419a07badc5e7f365089c2299d9ac8
SHA51260596670f78b2a40165d7cae6dca3b7ce1a51dfbb6cc01e2733d3d2a4c682af747368c4956ae8c17a2e24a13386b8629d7bdc63db41d7e20d9d4a86b3ef8c228
-
Filesize
16B
MD55443b6d1eb72fe1087cf82491c072cfb
SHA105e51904241f26a6f165651b8cdb5bfb8900af57
SHA2568c19f1a744e8cf7332b7df1da59375ed8767c773f501a2becf2416513fb170a0
SHA512fb0c1c7142b79fe335efe1ca0e8fad3c43925199c7d571ff0686cc08c5865236f7b7706546bff3104fbc9f6cdfb85049d097532537854d3b4b898b06cd3cd18b
-
Filesize
56B
MD5cca47c710af857a30e79f9fb6048f7cf
SHA14746f913a7c67fa0b4fe6a16e9dfb4a35a6f97e6
SHA256bca0af7fcb3877d6e1ade70993bf872868b47bda67dd7f480e0dc5eaa6c548f4
SHA512f82bb2062bd8dd2067e0e0775fd5ee18a9127900d6c6435b0ce56e3b217037fcebbcc3be180a0e4290c8a547b873f66aaf87c106986176b1dbf27f3061fa9786