Analysis
-
max time kernel
149s -
max time network
134s -
platform
android_x64 -
resource
android-33-x64-arm64-20240624-en -
resource tags
-
submitted
16-11-2024 22:24
General
-
Target
base.apk
-
Size
3.5MB
-
MD5
20cec677a95b399dcf803a27ef676665
-
SHA1
581dd0f7826caddd2da2fb60d5a0016735a6c254
-
SHA256
6dd3b5e01f18ef927d2a15dd0adef150be7eca8860f727e63faf7a292418a760
-
SHA512
706f7f8a92591b31b9f1273e784a1609bc8e38fb1da503d17757eafc7df9df3e63585c687d7960d9c9acc7b8b0ee9fbbc1eec6b354059d8273fa058e164e0b48
-
SSDEEP
49152:+gW6Vs7LxUOmZtTsvb3Y5tWWqbFg+BgKDhEVe14mMcCnJMzvvD9jz0o/Gn:n67Lxmub38tWtbF9pBaPcrLxjQz
Malware Config
Signatures
-
Checks known Qemu pipes. 1 TTPs 4 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
-
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Acquires the wake lock 1 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user 1 TTPs 7 IoCs
Application may abuse the accessibility service to prevent their removal.
-
Reads information about phone network operator. 1 TTPs
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes
-
com.example.mysoul1⤵
- Checks known Qemu pipes.
- Queries information about running processes on the device
-
com.example.mysoul1⤵
- Checks known Qemu pipes.
- Makes use of the framework's Accessibility service
- Queries information about running processes on the device
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Schedules tasks to execute at a specified time
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Foreground Persistence
1Hide Artifacts
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD5d6dbf42fe4a5b55eaf81fc74c45eb429
SHA185475a4178949b98f2faf492ec91c09b1b9d8017
SHA256af81dfa22b05d9cdcc78c635e30c96cb7778faab8d223097adb3067579db67ac
SHA512e30dc9adb85a32f952a78afc37f0e1a44540b672c12ee600518518e994095d9394906a5ce56624ad7abe2a27cb83258f4913c3ec7f347d27080cf9fbb35286a5
-
Filesize
4KB
MD5f526f9086b47baa1b3da9447b5460286
SHA19b7488adfe016305c34398b5e5fa577601e9469f
SHA2567ada08ee8daf69fcc49aec2ce869d28ad493dc2e596b60e7fc31f4d4adbf8455
SHA512569759f5db6f89879897c9d224dc5466f037fd38050324a4581ca4f84ffb894653e0d6b3e50e20875c81b0ea90a1ebc99906e50d03a7ec838ece954846a1631e
-
Filesize
3KB
MD59c33d8f6761ca0dbc65bc2223053b764
SHA197f98ef5ec46ea4c565459774f7d4b35581eb9b2
SHA25650aa9811e1a67d2284879d89257a0e77899ac1497a549b0924665c3fb13f342d
SHA512b2804a7263413fa4722c70caf15ed9a5b611c0b8a2d6e4f924cfc2ea807feae817c5e8c5fa176606b1243e0bbb8048b375518e3491979d9de546dac299cecc8e
-
Filesize
4KB
MD57ceec890d140374521623141852408e9
SHA13a0ac5b9c44c217865581215e576c92850e92a52
SHA256b3fc8ee9c788f1f2ea1d6f8f175dbe3c341f001bfafdedb484dc41b302ac8c58
SHA5121a8d9d8533fbb1085f2ed3ef36fc49af878a204f3eefe5c57353827f6b62efd25f284f486a8d243340dc8600e8dc359dd90b5bb19bcabb7fb4e60fb3bd71ac7b
-
Filesize
4KB
MD581b236d995dbf2fd68b7a42b76298514
SHA196272793bf0e67295d08c9e126627cf9c435fa33
SHA2562e34f00db26b4b9e8660d094adaafd68c5d12d57742b21c115fb139b1e794e1a
SHA5127e46217a77db099a2e4ecdc636724d3aa714b9bb04db3a5b0515abd316fbc941dd433d87f83abe050edc3adc83b4d6b2791ccf8a97c5b15b2920bad820254ab7
-
Filesize
4KB
MD51e25d1d2ad28e34bc6add93949947a8f
SHA11fc364a59f2d26f7146205270679617db6c0916e
SHA2560c9557019cdd8aa63042bfa145bc9053ed5ad326a338a661d902b93fac521a12
SHA512302d4f0806827b593006db36f54bfbabbc415c07d59078ae0fb29d79e447433db82af77b724e3b893063ea5cef54cf02d7394055c8732d56af9ff4277f9ca857
-
Filesize
5KB
MD52dc9e3bbf460beb70d69d2e2615c6b16
SHA125e41757b15741562bb6a83216fc8066e98d24ad
SHA256df260516b5d7ad84fade350c0f4e53a8c595930e13fa9e9223443057c5deba23
SHA512905bd92d7d9f688e08633df259787fdb6df9d72cba32f252d8d5dee36fb5427b29948da65a8da934287dda3f0c68150aeacec474b1a3e84879158fc7958d728a
-
Filesize
6KB
MD5bdba02794c150c5c25e1e56e73d21112
SHA1b799150823c06c8335bcb2e44628d2e28ab5f010
SHA25647090e9d3fba7292b2f63d42a77e11f0640437be77b866edc43d689af84ca9e0
SHA512447e6468e0a6e3e0f0d628a15ac61464e905edd9fc146851788cdc3d6e0a25c5db18ab038dcec1afcd74b6b12381efc10e4a7437dca7e19d15d63c83450b86e3
-
Filesize
3KB
MD556717f6fabbb43f06f592a292dbf649b
SHA12ccf228d56aeb7f0996bbc318abc7bc61fc1764b
SHA25624b81c8a0715986bcd4f4facf2f5b036ea729978d5b50ad1a2baea937ec4deb4
SHA512dd9053fb5bf27454f9bdcbad696e810e9c5920c501931d850f0cc0110409b8238e7cab302748b50890bc2834340f5f212536e1d9c721caf25769937e5ebc0d83
-
Filesize
5KB
MD5d4c932b9689e424c9dc34acb76c1647d
SHA1b6d6ca10d31f00b112f8fd1b17c603cb53098e9a
SHA2566ee1adc01e599e28ca8ffc2a258a6efcc6da421135c448389df4a37a51f8e917
SHA5124c798372ebc5858e9d8383f0523ffdc83120e6bd33e1d89eb5fc3c81a11ed5e62224f0068b334e8839491d11099f985bb917cd31bef0fd7ffc74d4e0d37f4192
-
Filesize
4KB
MD514702880f034ee83ee8956476faafa84
SHA11ec3e97a9ee9e2e5d859d8729211671f908648b7
SHA25619b8d3677109b6a8c8c26e27e4f244e463892a5865c44fa9431dd9657dcccacf
SHA51203df28034a17982af4811a1fc09896ae3597f1e3d2a22d597ef3b51d7e0e291323b3a7881f931a535a51f933b3d352477210546e66bdbf18e1d108435bc0cb1b
-
Filesize
4KB
MD52e9fb0d7ae08f46878227cf65bc73a60
SHA1516b464c88bc6d350c41a5ab3ae391bb8e99b61d
SHA25647103041ba1e4d5f13994776d3ecdc65b57e857ecd3f1b035bfa5978130ef0c5
SHA5124c99a0ec5efc6d224dd4fc60745f7050f2e3de513768f43de68b4736fc7e2dd5f6badf0060d85a36d91ec0f13ad63a60c971c8af505fec1168178f5148e2b40c
-
Filesize
3KB
MD563ad79f9367e9c541c4947b03b95c617
SHA1c860304734999c8986c9eb075f8b9daf6174e5b0
SHA256547cf7e263826c798ef6d11e26eafb9f31e736766e5814026a611766a968110d
SHA512bd94b65e59e6d54b0aba39139d49c6d9e9136e66169c392df785aab42efdc9d4002d6525e2dbf0120178e8f36698fe2e75e3cb7520fb9365c8f19d256f546856
-
Filesize
3KB
MD5becdeb38ad1a00bdbc72d91fdfa1ec65
SHA1c6a6e16bd6c4de088bba930f02cba507eab7f7b7
SHA2569162fd2a9053631bfd8c3bbceabbbae0a95d41a6b48b8eda1632e173fa690e20
SHA5121b39a43de83116698ab77f00bc477ec7cec03bda98da748b25b799c7d7af15890fd4a1469ecc0e65b90c618c2c1484c96aadc8cbab51da91b74d6cec50ca0b77
-
Filesize
4KB
MD518ddb803c3f43dbbe98d5529153be923
SHA1dd790840b76a6e1cbbf9410bd5ae2ce33ecf2559
SHA256762169600f7146807fecfc0c4d19348ae115fc5c189c5abcc22e2018ca73af4a
SHA5129cae2f2008857cad89bea5108f545dbffa10e8445f853786d55cde5040d79bf85c9a92a76d035aeb25022273ea82f3425d1198eb81e93ebb9b5fe721232fbcd3
-
Filesize
5KB
MD54a17301071c69d7285c4409d0e6f21be
SHA1a0bd18689191ab3b4c0c1f9e3f7245cc3bbb5061
SHA2563efca51d0a94751eebde7629d9e535faa89d847ff35b1f7895e0b9637cb7ec0e
SHA512e265ea6cee34fe2c48c6b8fe7409cb1c1341eabc0eac8a48b1ffd13bd4243a438db066c1b0a81d2da60ffbbc069e80d2dcb728594897b46e67ed9526cfcacc88
-
Filesize
6KB
MD5d0c3dadbc6d4f0b9c63c09d2d0fb1b1e
SHA1a82ed8f7b46f3caf7c7be2b02cb17715bfd39c9d
SHA256faa634dd288c56e75e14ecbaf270910d7d4bbec9125fe9d24ca671a5115a56dd
SHA512d3e8c724a8b0f5b4a47c98213297d82a379f5164e83010a9f6acf7ce38ac3514155147932870f0333441e7a008e0ea02429754859ca1888c95c40bb7a83dc04a
-
Filesize
4KB
MD56c3d835d9199abd6b9709fc72104404c
SHA1a231abca3fc3ce8b0b10aacbdceb921483dd71f3
SHA256289fa0fd0a4ad65755a9bdfcc015848e3b3f3b5fb913941db95607d0088b57f3
SHA5125e40c4ad9048faa3bcf1ac531fb370dd76f98a769f3911e1b91297fa3ce7c8ef1a0b0b5f879154cfb003cd2f78d3ac9f4c615a07b82a4e818702881d19a709fc
-
Filesize
4KB
MD5d8b14eeb87e6703cc2b349dc73f05857
SHA13aefd8b2316e4e7529ed6c8226fe435074b52dae
SHA256b98de7d6663015da97cafdf00b4fa5ec97d9d6f69650996fe5d235f10042290f
SHA512c6d29d77e994f6790d3133e0753656e01de17c434f2c7876bbe56b8e1709f2c13a7528870971ba97c0083cc64d1828370562ba1b69811ec951a8135a4fada7c6
-
Filesize
4KB
MD5219cdc66e7715b7da80e9e6a4c52c54d
SHA122dd396b1229a3d9fe063de926470e5bb1b272f4
SHA256030acc91b1836cfb8ef848b4c641820660095da9fdbe7aa03472015a74ed4361
SHA512c1456ccf921dc7da0686dc24ea8f11772c8c24149719a4d7a7b01a0743eecfb69e8a2eeda7cfffac2b95f74a2c34dcb5133987ddaff738cef75ce40e4c7bd07d
-
Filesize
4KB
MD5a739e5a45f28378f30c78302748c117d
SHA1b9175d43cc2400eb2583d5cb89c61d983da69bbc
SHA256b51c9c7bd2d46a589e1d062317fb750dbef8a7b31f11016c1b9154a003e75652
SHA512fc4ac800cca23eead14ba53435fb47d95676e4353e3022a2ffc8a737fcbbe1c1503ce83e4b9ccdbf6c095e0df6675bd3c07efd2a7e080af5581b2395aa753def
-
Filesize
17KB
MD51296e20dd5bdcadbad40c74aa9cc0181
SHA1d33517d23dd2c14559a3c886c0328fd51f5014ac
SHA25690239da560823f2da0bdae010f9032cdb062a5aeba89106ce6a876029bd18063
SHA51255fbf36f71c0233408ae2730d4a7f650224dcd4ee5cd00dea7bcad6448307bda25f76df661c76a23b8055f476ddd45dabbab2614b04a589cee84f03b7f424527
-
Filesize
49KB
MD5668b6f11f96b2be76f27d5895b2d0ac2
SHA102a5b38e7c57988876280b38329f84e6fbd4fa7a
SHA256de7ba27ad45e06a8671cd9f25101d469ad71701f3ca994bbe8bfb873b2793a39
SHA512dbfb4d55681969dfff15a319dde4a0fde3a8c826a188a2f465b09d49dcfeb8af62c2d8a845a383f1f141c597ca85b253178093c0112ee24842cc9537764fe508
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012