Analysis
-
max time kernel
128s -
max time network
151s -
platform
android-11_x64 -
resource
android-x64-arm64-20240910-en -
resource tags
-
submitted
14-11-2024 22:10
General
-
Target
aa82bb177092332453a1a774c60f9c61d1e0bf8b3809f6d15cf0c7d028efa0f6.apk
-
Size
1.9MB
-
MD5
4519ee2b39b8ecbd76679a79a18a0147
-
SHA1
238d9d5911524bd2e3c3c44c4c675c52b67377f6
-
SHA256
aa82bb177092332453a1a774c60f9c61d1e0bf8b3809f6d15cf0c7d028efa0f6
-
SHA512
50bd2e04fe84061b16b75f395fb8a93c8768a7747c0870f725cf1126a590b07f5dd98cd06c6a13ffc1ebed339f5783f3832855e4445dca68a6c51c3d3e7bd8d6
-
SSDEEP
49152:+gmi4seJhBtNLqt91cCkUuHrXPpZ89KGO:cbB/Lq+Ck3HRGO
Malware Config
Signatures
-
Removes its main activity from the application launcher 1 TTPs 3 IoCs
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
-
Reads the contacts stored on the device. 1 TTPs 1 IoCs
-
Reads the content of the calendar entry data. 1 TTPs 1 IoCs
-
Reads the content of the call log. 1 TTPs 1 IoCs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Acquires the wake lock 1 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Reads information about phone network operator. 1 TTPs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.tencent.mm1⤵
- Removes its main activity from the application launcher
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Queries account information for other applications stored on the device
- Reads the contacts stored on the device.
- Reads the content of the calendar entry data.
- Reads the content of the call log.
- Requests cell location
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Foreground Persistence
1Hide Artifacts
1Suppress Application Icon
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
Location Tracking
1Software Discovery
1Security Software Discovery
1System Information Discovery
2System Network Configuration Discovery
1System Network Connections Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
32KB
MD51854505a3f6d683ed7eb81612934370c
SHA14f710add9a652d2fb92b7ce45589e27bf03f0b2a
SHA2568100330a266f3027b929ea1bde99440ce4a544c9d9a0abb2ef0d1a73aa4cd9a4
SHA512104a6e9c840b1fddd22ae579624a549c911abfbb48dc4454d3d231619c41a9abbf22f0dc5362a80c8c8245cc18566661f3645ac48c61259132886d4bf4678962
-
Filesize
8KB
MD5dd71452788e42fec81e8ae02da4ef94a
SHA1bf86733d7a1a456bee13f7c6e45d511f95a4e4f0
SHA2569e3c34a685fe95a380b62e7300a3001956bd682a6cb10408eaa8917ef0bb9ea7
SHA51284c1b4f55b389116e55a03b08a75ce6b5a21dd023d7b9ba5a2fa8a2c8a30b47ca3e4d8927acd6a34d43ae649907bbc043cfaec8380846064d98e0d1178278fdb
-
Filesize
8KB
MD537c039c90a3d92db1295d8506b08e640
SHA1bbf94bc1e678ba68cbac48f2c67b5a5605b01716
SHA25625d68ed3bb24fbf2de69106f510a6014df9e738eba146f8ee3c79813bc755cc2
SHA512806cdd673d983662a1f1e129f189bb4f8996eefe87074a48b3a00fe4b9c100323a5c2dcdf2970740232ca2e5694b88d8d31245e77f50005e0ab8ca23b3519f91
-
Filesize
512B
MD5a27410d0cecbf8ca642d8685e259166b
SHA133a51c90a8e5b0469623a6d09b46851831295a06
SHA256c8d40fe6f7721b892a58a3c7ae5fdcb44c69c0144a55be2cfb24e71cb89bbd62
SHA5129b9c82b9b9d736ccd064be60440a8dabfd472cbfb96a6ec1466ae08b8711d594b204d74aed97c6d26ed6b4ea1c502b9294819927605741c0d52436cb01e161a3
-
Filesize
8KB
MD52b7e14d713e729094484219669c32079
SHA176de7542a5dbc19cf433facc9cb56749ae383234
SHA256c60a6bbbe17e0d401ad3a02899841a99096b783994a3fbcdddd3bb5d3fe8aa7c
SHA512a0115c9b04d5aaa2fbebb8ea4fe88529201236817f2a76f02d5631b38101f408a2fab457c6168ba5916c84d9755317e33dcd2553112bac6889b5167d84adaab9
-
Filesize
8KB
MD58076640fde104e9c1cffcc8ee066d208
SHA1796f3cf286586774815ef5840457cc4b59ab558f
SHA256deabeb37d4c5be253f0c7298d8ab31640e38d9a70aa949ec4fd10f9b8765f68a
SHA512b95f74823c9b5990702e57ba54b987949e10cd4a6903cb196e43d69174a90177c5e3b53bdda47c5a8352c51afa91890211ceae1717ac330d1290ae4833f0dd7b
-
Filesize
16KB
MD5b06cd725100b14894717c5d6fef2e3fe
SHA15292a7935eac1767e7414007ebbc5081b351c0bf
SHA2568e54eb2d020456a594ad4747535c215559289aaade9b550f20732e3cd466210a
SHA512e6b133ecfac1d93a8f6abf2a98390df91e2f241daaee5ab1ee0816a80e453c4fff590b560611e5b942ce1eebdc89f9b5882781b8f28e1ed875e9bf90bdaa1597
-
Filesize
512B
MD58d15801077618bd8c8dff2f23d491b08
SHA1065ad070b921206391b90d5f98239bd87d5feef0
SHA25664b6a631f9e096d8c71d3f2bf2836af55f90d79d57535e8f9d9b9a4297695c7c
SHA5125c53f0630be4e95c692db0f1abc4cbe12ff0a5a4dd6ebcbaaadf0dd01ac3919ebbe4c759561749d455213e0aec6d60728e26f3f5ce2cdf7bad8faf051fa3cfdd
-
Filesize
8KB
MD5a598915f162b94fdd139fd51a6d24bea
SHA1eac9b22074250d9fb37d24f2e16577392c26d9e1
SHA256ca1e7f126e3f426127df11d41cabdb989b6fd2f50fd22fe45a6723e6ad46de13
SHA51207809fc1be3fb6f1d2c608af48b3b6ad079c6e00182816302ea59e8c55dd0f9645a8e6205db094a03b49ee54731e709e8265f024f810eed7dd94b26f15f55f6b
-
Filesize
8KB
MD57594589703e4a32dbdb2611385f95808
SHA172ca2261a6b38554ffeb04d473d4964d9f786e6b
SHA256473ae1b6b772ccb807ac4ac4961dcd0ed36adc066b8633c2f1b170ffa5a89cce
SHA51246ac8256057ce4c5485db5ca2270f890f58de6a3a3398cd254ef045b54a150b019c4999834b1051bfe9687ffa15e6988c91ab43664b53f13d4d1d1b89feeef0d
-
Filesize
8KB
MD5e8fd9abd1e7cb791f4f471b1360c1395
SHA1cd585989341b04b2c997049f8dcaf5b1083e8c24
SHA2565ec621e48ba1be1ed5f0c4bb27db51f720496413af0e478dcfdbc929b713b5e8
SHA5122a57c11a17ee3433cc97ce4eccc9b42886237f81eaf01eccd2da1fc5d835081c4c94f8a45a3efab1ae4e492b9193543bd0c2cedd7d75a458fdb5a102efaa9d06
-
Filesize
8KB
MD5644488ee6fdde269dc9beb46a39c7797
SHA111a7cefd74c6f7dd5c69cf7ea0705201d467fb5d
SHA2560e792a515e0dfdc74247525308ad75a91723aae9af8d3ae356f661b42b35df19
SHA512ec8370847269a12a81d54e921ffa9f879a9790d26a354553fd9a572e67e9494e36abe7e7e4a112a3f986d816d56eb4d2da30082fccb856f1a237b01172d72bba
-
Filesize
8KB
MD5c302442af55b6026602c9b7ba06578c3
SHA16efd9c628982b8f7208b8a82547740892a86cd26
SHA2562b56698cfe84e3b206c2d5f2f262a3d0a066f277e3abce6789d419e427e2890b
SHA512e859392484462f48a5bdf09f43721ca42ecc1ea64c9aafbb9ec53483fd081f99c1fe098a262ea51ae434c62efe5187dbba5d3f4fb5d6e693a57bd71b4947e5ad
-
Filesize
3B
MD558e0494c51d30eb3494f7c9198986bb9
SHA1cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d
SHA25637517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570
SHA512b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4
-
Filesize
108B
MD543563ed6c2da492a1c06bbb9306deb37
SHA166486ff2c1e3ee260924b8f6ff26edd6821c3831
SHA2568df8b4851c09dcecc67fbccb533eadfff0665cf3b3b7152428bebe4bfad9795b
SHA512a154e9281206bf98778c34eaf762aacb716a2494e3da0354c2ccd93ac1873274a7ec0b55a1abc9ee5820ad5f94514eb08e2db17f10faf821a489ea31b9dca524
-
Filesize
108B
MD52b8230e3ce82242510eef2fe410bb7c4
SHA11086959a5fbdc0f32d64fba2cd7e859d9d333040
SHA2567e68353dca179e2c11e847f9f4c58ace3a6a9adf2bba84678d3567e2da1358e6
SHA5120ed5b7cb74733c0e6d1a8b86777075c5323e3465d05eba6e3333c0a282cb55d8066f486d8a2c0d6abc82f5e2b2171c6440ee0dbef62cd08ecbc9289320baf5f9
-
Filesize
114B
MD5b572d0c8862cc376b3aaea39a2e560ac
SHA1b457c3899cf82b76332db836ce35ae167cab8621
SHA256f5c7d8a1b83c8d6062a39b1761de3a5397e0ccf1c751d6eced544f5758940b6a
SHA5122190eb9018615ed1479494752d752eb001f7b040bbee98c61071f0f41ffb163c07e376fe92ea90a006ee2f81014c84163ce71858c95282e324b2490228d69f10
-
Filesize
108B
MD5d8dc2c48fee0eaff10599a64b5c4ae76
SHA13e1dd9479baaac1635cd9ac61253c55408c3be06
SHA25608eb5323992a0f26d65ddbf4365043d25b31c99ebb99ce3d872d11833eccfb4d
SHA51231b1dab0982b690f8ef61f88de3d31c04a4049b5bc7d74d0b66ac56477856ba26617bb4d22a62f739557f5ae94769e20b27b02f1fa15a00ed350e2bc3b9b3237
-
Filesize
114B
MD59f768c5500088ffc7db271636407c0db
SHA1c91941a1a14b354cb475b7e2ec678d66fb12790d
SHA2565152b58c61c7c6494d837672ff38f8aa564179ae83bcd9e9b8a92d272079449a
SHA51226333ecadf3a4492245231c8e11168e4a519c74f7de6e7838ea385c6cf58c3eedbdefeed8624fe64359b75396d3e2edda82bb56dbbd55c95ab4920793da5fd25
-
Filesize
114B
MD5aea1d25a58b8cd2beb7a60376fd5f489
SHA1ffeeac5b1ad89a63a712df0219059491cd5169e0
SHA25655ffcdd16ac0f783b6a2d8caef30c2684e2f12f873d889f183c0355a1356ad94
SHA51250a74228338eb60613166528bd2730e52f2236dccba8cf4e497a000c35d2819c7a970bba72554c468d73fe8a334c5a06b399c4311d2ca2c3db794228c6b08468
-
Filesize
477B
MD5f70e8e37a070c6a80c1aed531efb0e29
SHA157723027648cd1ffc062a7b7c226967b74e869bf
SHA256638ebce314d19012e64db1af00127c93d0e02fe36e81f2806d5d49f6978062ab
SHA512dd9a85b915f258e2d7b49c3ecdab43ef4de53c4b50047e5564c46e4b89fe8b4aaad90f5beab4b8fee1b9b3b017ce12200eb745d05a4ae3ccefef443d6d7b0cdb
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
854B
MD53bfde66c22ff54eba0cb3fe95a82c529
SHA1fffdf29170d052e20ea3ab6ab74cd903b9899b4f
SHA256407321a0d98979b7811efa4597970fabb88e33681afd342eeca02bc3023aaf95
SHA512c7d308e9a1b9058c5ee639558db8af33a9f439b7c546633307673f850d58bc6b3934881a1015e59845ba3ecbc4d23d5071608936d798e0415327d1687756e20c
-
Filesize
10KB
MD5b593d0594fc2e98f60b0288475ba950b
SHA11c10ef393a2666d7640ca45e663321019a5675fb
SHA25649e287b4855336cc22b24d4f912538f43d226ddca9b322d769fb3ef0306d9411
SHA5127ba2ceeddfbc8efee39b6a5d9f81001cca3e07d6d6311ae16e0eff38fd395567fa3236aa7f7b59def32a5a7ed27d24cd852b3936d32bd05b467dbd1ed8dcd40b
-
Filesize
12B
MD5e48057c3603c907cacbe1568a7dbfc41
SHA16e100086b53e20e499a9be069aa1b452faf82ba3
SHA2564b36685dbf772b2de007f4c98f824966f4f3a132075692d3d3d8f11e84e5468e
SHA512787e1140832e8c308039f0287ee801c00040544d5241425b0c0c8e8dc19ecf3feefa50706723f7a21be209c13b24ab3dbe0691ec42118fdfe18611b13155fb9a
-
Filesize
12B
MD5a9256f55737b655c8cff95418411997c
SHA1d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24
SHA256bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412
SHA51210d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574