Overview

overview

10

Static

static

10

9630c3eda3...89.apk

android-9-x86

8

9630c3eda3...89.apk

android-10-x64

8

9630c3eda3...89.apk

android-11-x64

8

Analysis

  • max time kernel
    122s
  • max time network
    152s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    16-11-2024 22:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9630c3eda3aa8eb12b69e8cce058a2fba7cc484de200991401fd9eb6e4020289.apk

  • Size

    4.3MB

  • MD5

    b0145afb782a0c49e2f9ddbf1fc9b379

  • SHA1

    a505ab0925a99abd40d32c7056e06a40c91637de

  • SHA256

    9630c3eda3aa8eb12b69e8cce058a2fba7cc484de200991401fd9eb6e4020289

  • SHA512

    0e20f79f7bd8cef40a1da5765a17666e56a4af2ef0b1fc11ba63e6076bbe11a16710aaecfcdab79ce100778ecfe5b14821532052d45dd8e4f4155e254069bbed

  • SSDEEP

    98304:7HfrbwbjyHIsQLS9vh3EPfzJVjREINzs/1e83YkJW5AV7lI1:EeHFKSxh+zJVlLFa33Yr542

Score
8/10
bankercollectioncredential_accessdiscoveryevasionexecutionpersistencestealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 7 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
    collection
  • Reads the content of the calendar entry data. 1 TTPs 1 IoCs
    collection
  • Reads the content of the call log. 1 TTPs 1 IoCs
    collection
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • com.tencent.mm
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Queries account information for other applications stored on the device
    • Reads the contacts stored on the device.
    • Reads the content of the calendar entry data.
    • Reads the content of the call log.
    • Requests cell location
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:4321

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Execution Guardrails

1
T1627

Geofencing

1
T1627.001

Foreground Persistence

1
T1541

Hide Artifacts

3
T1628

Suppress Application Icon

1
T1628.001

User Evasion

2
T1628.002

Input Injection

1
T1516

Credential Access

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Location Tracking

1
T1430

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Location Tracking

1
T1430

Protected User Data

3
T1636

Calendar Entries

1
T1636.001

Call Log

1
T1636.002

Contact List

1
T1636.003

Screen Capture

1
T1513

Stored Application Data

1
T1409

Command and Control

Exfiltration

Impact

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tencent.mm/databases/Dname-journal
    Filesize

    512B

    MD5

    80450ad7d180e55c36fad7b3fb7ce5b1

    SHA1

    a9dd9c55657d076e6bedce8622ddfc5032063518

    SHA256

    fc87ffc6a8c3340d6c17e4c234893f74e29b630a6d1294bb4072e5be661b1ab7

    SHA512

    dd107cf19c3ea168023637724404ec535db7e6e3ba88bd3025c447d883b0c2cba3cf21277c1f02f2d796e8f82098803a6c0dc1f296e49cca808484be6cd3baaa

    Download Submit

  • /data/data/com.tencent.mm/databases/Dname-wal
    Filesize

    60KB

    MD5

    d9b333973b266c22d0b54b410b7c17c6

    SHA1

    5d2a6b2c17ca1e6bdf5c8b850aab8855ce4284ac

    SHA256

    50fca8e44ec38301489cec8ee9a7c497620bd13e7b040bb87f37cd380dd001c1

    SHA512

    0ed967b113247e8562c91e1f925983a5e079d40d2dc7e1b4151910841bb3dec6722ba4c1b359195a8573f081c7023386237099753b36890f5b264a9e261244d8

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    512B

    MD5

    1a4f7da280e6c09686f318152186f444

    SHA1

    41583b76814daab0fd854bc1e3fb158c1420bdfa

    SHA256

    faa0e4c42eb072cd3acd5652789bc8507494b717c3487665eac42a196e10551a

    SHA512

    c9575c4b55ace37acadee94016edebf1dc33e4277e007f935e825646c4bc8768c2bc7003710669a58fbd02200d6ed27b26182ac3bbcb17a6582de45e08e29c98

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-wal
    Filesize

    44KB

    MD5

    7ab423980349cc2fceb349464f64581f

    SHA1

    001725949dbe9a40a8758ab64d0463a53da8444d

    SHA256

    7ed44c482d49e018e6fda3254417fb13073eac31a294c2a861ff74d48e5e888f

    SHA512

    3616bd0b0d060c41f6e5b731cda0e88340c326ca99fc3078708ce3d2157be6d111a334be8e34e97b13e61cdc0b75f16b8929438ba44dee8e3cc1e8ff31e9e594

    Download Submit

  • /data/data/com.tencent.mm/files/CallLogs.txt
    Filesize

    3B

    MD5

    58e0494c51d30eb3494f7c9198986bb9

    SHA1

    cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d

    SHA256

    37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570

    SHA512

    b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

    Download Submit

  • /data/data/com.tencent.mm/files/GP.txt
    Filesize

    116B

    MD5

    0da244035448ca026869cd1e03a4a4cf

    SHA1

    c8e4237a609ddbb2e6caac5fe40d240ef820238e

    SHA256

    7a55048320729446f4c8b002234d62809edd9ec9d20fa963e91eb77f5e0d960b

    SHA512

    61d09fee137563e6d3ee2d2c1e41a49f2390ff9f192f954c73eec8206f24e6f157882f639f91e4c2c92e1fc7e545f7e03f6f8787e607333ab9aae8323f42e68a

    Download Submit

  • /data/data/com.tencent.mm/files/GP.txt
    Filesize

    126B

    MD5

    3d3b51b75417f13088e094a2045bbd65

    SHA1

    eaff176471ba2e7fce69a44ef3008c9f2af1a147

    SHA256

    fce328cf5dd6c35090c1ccb825e4a81800f527be50dc41248a72cef64a3d2b25

    SHA512

    3240080ed5f591134922e3cdf426872e76aedafda293e3f73f884ba068381189401125ad12d449119a5b73fdd45d5739893e4c5a543341cbb3105b8ef9bd54f3

    Download Submit

  • /data/data/com.tencent.mm/files/Tree.txt
    Filesize

    430B

    MD5

    c33ef5d3c51807f05f07f6142e729bfe

    SHA1

    a37cbcd8667b50745a6ddf17b40e454cfb1315c9

    SHA256

    2458cde38631d33b0fdb2a71877a15cccabbab8817d5c8e82da853c61adf13a8

    SHA512

    4a24dfd0153823ee6c364bab8b5029c0da62a728e29b97a0a7ab6cbd5cf3ad7d77c2c36f6a533ddcd4c05ab159565c9a7e5ce1e8fe39f1e3a9bd232507322390

    Download Submit

  • /data/data/com.tencent.mm/files/accounts.txt
    Filesize

    2B

    MD5

    d751713988987e9331980363e24189ce

    SHA1

    97d170e1550eee4afc0af065b78cda302a97674c

    SHA256

    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

    SHA512

    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

    Download Submit

  • /data/data/com.tencent.mm/files/netinfo.txt
    Filesize

    609B

    MD5

    95a7a740f68bbdb565e0e73d20472c12

    SHA1

    ebc3b64767cdf3fda49024d5d3de81af0e3950b2

    SHA256

    228e15a16f8fc116868caa80d0f0251d977224ad698a1419aa6890730b0a85b7

    SHA512

    7af6149cab63f92df444dc3a4bc8ca55192276a14376644a3771dc172a001aad5ebde2879c134612be3c05505d8356d421e092cdb905c4b298ff743a03ed394c

    Download Submit

  • /data/data/com.tencent.mm/files/pkinfo.txt
    Filesize

    5KB

    MD5

    9857c0caa99fde5d0bf47c0ee0fd821b

    SHA1

    ef4629899e6ebbdbaf45ca4885f5b960da25538f

    SHA256

    d68311a5561ada62ee327cda3a9b29c41ed0d7bc16586f9af6d5595a96d497a8

    SHA512

    312c11c7b41384fd5a7ef466f06813c09f6c661ade0ed4ffe6e8e88969f2ba31257a90333b13ce8d4b2ab0692318b638f06aecfea11aeb2df3739580e635a148

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-16.txt
    Filesize

    267B

    MD5

    2fea6fcd7b73787ea80ce21066f22bb5

    SHA1

    c31ad28bebaa4436e3f66b518e708fd60f145164

    SHA256

    917032a07f9e4b0e36b58f89001e310b87d6a3b8ba3b9249014026a0ff8d2113

    SHA512

    9cf2f442ea6a7b6057a7cf51c1546671e873c6c3bcdb5796e35aa66fed2c791de375ceb594abb83620c0c8a98ae5c6cf6d399e0647191aa7ab8a897d0e737af6

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-16.txt
    Filesize

    12B

    MD5

    a9256f55737b655c8cff95418411997c

    SHA1

    d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24

    SHA256

    bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412

    SHA512

    10d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-16.txt
    Filesize

    12B

    MD5

    e48057c3603c907cacbe1568a7dbfc41

    SHA1

    6e100086b53e20e499a9be069aa1b452faf82ba3

    SHA256

    4b36685dbf772b2de007f4c98f824966f4f3a132075692d3d3d8f11e84e5468e

    SHA512

    787e1140832e8c308039f0287ee801c00040544d5241425b0c0c8e8dc19ecf3feefa50706723f7a21be209c13b24ab3dbe0691ec42118fdfe18611b13155fb9a

    Download Submit

  • /storage/emulated/0/sysdata/sysinfo0
    Filesize

    22KB

    MD5

    60c5153ac9209d93ec6f5dad798b520e

    SHA1

    9405c5f69f3038fc22724d611a0cedafbd0865b4

    SHA256

    30770d032694d585243cf2c108ddb515a11cce020953b3a8d1304d7704101c0a

    SHA512

    dbbd90a413c223f96be511409e82cfb3436df588ff58e4f21e5ae0610541bce191b8468179be6dee57b25438d7f1266b93b5639a7249c63050030c9ead36a093

    Download Submit

  • /storage/emulated/0/sysdata/sysinfo1
    Filesize

    28KB

    MD5

    9506c5cbfc8e3e59fe9b9d52bea1ddd9

    SHA1

    b7ff5d775666cd07120ea14569dc00527cc53d1f

    SHA256

    725cce101997a2608c3a1b51de805caa6cfd7f9c8c84420d4b68135227b49edc

    SHA512

    44445051d25ab0188ec7233c97680a279c2d717a436966d8cd90153747a7dfafb7d39c5bda72acfafdef9f674e2de500723134c08cde76d885cbeab69bca89e0

    Download Submit

  • /storage/emulated/0/sysdata/sysinfo2
    Filesize

    5KB

    MD5

    a6fcd52b6b66cecf6862b4f36341bc04

    SHA1

    8b21ceb4d264f40cf7da42ce630c991a0eea4090

    SHA256

    47bb8e56ea3c98e4a3a8b1e557e8b8d7683683e6657df223907b7c1ef085018f

    SHA512

    90ed714810ad62ef12e861506814f595db1c407aa5d2ee659e0bf5fb67cc1d8bcfc5bd776c82ea7fc0e6cdb21e25e4fc0399e90bfdf666a2296769bdfb0efce9

    Download Submit

  • /storage/emulated/0/sysdata/sysinfo2
    Filesize

    4KB

    MD5

    6b2bac966edac0048bac4336dd7ffdab

    SHA1

    4fa290b1ae3d09a70f29e05ac33701a937307a29

    SHA256

    9a0285c31c82617f5d5823210791ab57fa29c92ca8107b0fa0e7a7a35be96af8

    SHA512

    758a90200d4f08c263d52c931a2cdc9ce066d87c89f786e04b56cc90bdfce7918001db0349e7a037c5e79a7eeb9d3f6e43c661d37c0cdda43f7bf2853d63f4e2

    Download Submit

  • /storage/emulated/0/sysdata/sysinfo3
    Filesize

    7KB

    MD5

    effbc10b41f027e5c2130835d524c99d

    SHA1

    affb65361d7a36d00e402ad869696578b5ac3259

    SHA256

    566fb91b6bf186c05c4ec051aa2e2802961cbb158df24a8fecaa0678febece84

    SHA512

    b2ddd0142a80663097e9b71d8d654d88382ef8f765c92f0c8fbf600f1174cb1b1e9e61088f954e609e6d2402fd4750b88945af7c1080018b991f2e6e6d9ad52a

    Download Submit