Analysis
-
max time kernel
91s -
max time network
86s -
platform
android-13_x64 -
resource
android-33-x64-arm64-20240910-en -
resource tags
arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system -
submitted
14-11-2024 14:44
Behavioral task
behavioral1
Sample
CLARO-5G.apk
Resource
android-33-x64-arm64-20240624-en
Behavioral task
behavioral2
Sample
childapp.apk
Resource
android-33-x64-arm64-20240910-en
General
-
Target
childapp.apk
-
Size
9.3MB
-
MD5
b20e273e5bc99b5d115a4108f5e4b550
-
SHA1
befd7ec041fa7075c8b49b5368ea7742d4bd5317
-
SHA256
b5f42e08be6a3c66ca238054fad40ace33884d070f732c9a652acce38badd381
-
SHA512
f3c980d97c046753256eebc8c70e401ee3d19d5d1570ebcc78e99804ef232ec5166ffdd002c325e4b2f00107a50182e7419a13bdd9a4bc3e96d0b269197136da
-
SSDEEP
98304:umzBGTPmzkny0t7DPJ7Ko4RUthgO5O6P6T55NZY7:Kezkx77J7Ko4RNO5+55NZY7
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
Processes:
carmen.likely.hardcoverdescription ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId carmen.likely.hardcover -
Acquires the wake lock 1 IoCs
Processes:
carmen.likely.hardcoverdescription ioc Process Framework service call android.os.IPowerManager.acquireWakeLock carmen.likely.hardcover -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
carmen.likely.hardcoverdescription ioc Process Framework service call android.app.job.IJobScheduler.schedule carmen.likely.hardcover
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
13B
MD5de2c41a51ee9246eb1708f65b511add0
SHA12f442d634c8a18760a232c8829d4b5d74a52f074
SHA256ad2d914ca347cd1930e32f21c6d5448c34104bea181b93abc85ec518985653ab
SHA5127cdfbd001594503644e9ed80ae852f90ef9e841a8382e2eec6979e149a2c400a3b83055d205b4d1d66e1600e5127482932d5127eb5800d35a4ee5673fe34d84a
-
Filesize
29B
MD5ee5302dcff9dde012597d24c1f95e61e
SHA14fba812826e9e45e55edba5a23a9f023f0041093
SHA256bdfedc0934c826d8e7ec79c2b6d03dbf9e58e3a6bcb6eccd27daf1a08e1c0261
SHA5124591fe8f74faa5b145c9f62989573ebe94e67e9f2a451b96c2f2f771dad2c42ed7df3f9524c7736c524691594ea668da73d118295b4fa4f5d54fda4cace7d2b8
-
Filesize
37B
MD59749192580b2ea878f269ff1664b2d65
SHA11672bf5830064ec049195bc4493d8e77be2cad9d
SHA256db5760c25427f8ca5dd0f92b51c4d5d248621393ea5e33558d44adf8b2066d3b
SHA512353be6a6b7e13b0a7a91161539a0541e0c9a0868c06e5c40f53182deee46363ddcf60a3f0e07191c5f7c83f128c8fcc39c91f3e7ecc32480970b163f892d18bc
-
Filesize
25B
MD5bdb821a955117250611e94cd23842584
SHA181edcea1b44f94cfc140710c8410d0696b760c67
SHA256076eb89055ff3d929eb732e1002a0105652e628682a741151388ce1df3b6ec9d
SHA512e52ffed4ee84acc414c530c239c8876d9e99c1f2b2c7626c0ed7fbe0c59b9cb8f8a5e9e983541bea3dfdb849dd3b9593df054c2482ed8bcda7c70ebd960ca268