Analysis
-
max time kernel
146s -
max time network
134s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
-
submitted
16-11-2024 22:40
General
-
Target
no_dropper.apk
-
Size
3.5MB
-
MD5
15f59da4589a0b9fc3b9d4c0f261fe50
-
SHA1
a819d8132a20e6f6b375d4c2c813776d7692ea48
-
SHA256
0b76e0e7ed26277903223f3b0868cf303f8a6b5c05c045eb94a6d6ca3e9a4f89
-
SHA512
b843e5153d38e210be5fe4cbd54d7d28b260cb4f655790090731f479b2a74c0c1bb80d32963b3c867730b40c6eeda9900cdc8649ff7091dd6e104ba7c97367a4
-
SSDEEP
49152:2gWAVs7LxUOmZt3svb3Y5tWWqbFg+BgKDhEVe14mMcCnJMzvvD9jz0o/Vz:l67Lxm+b38tWtbF9pBaPcrLxjQa
Malware Config
Signatures
-
TgToxic
TgToxic is an Android banking trojan first seen in July 2022.
-
Tgtoxic family
-
Checks known Qemu pipes. 1 TTPs 4 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
-
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Acquires the wake lock 1 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user 1 TTPs 7 IoCs
Application may abuse the accessibility service to prevent their removal.
-
Reads information about phone network operator. 1 TTPs
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 2 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.example.mysoul1⤵
- Checks known Qemu pipes.
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
-
com.example.mysoul1⤵
- Checks known Qemu pipes.
- Makes use of the framework's Accessibility service
- Queries information about running processes on the device
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Schedules tasks to execute at a specified time
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Foreground Persistence
1Hide Artifacts
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
3System Checks
3Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
Process Discovery
1System Information Discovery
2System Network Configuration Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD5545b105c014e36862f0b13293a814cb0
SHA10f6103ba0b3f788b9729fc60faf7c2f4aa3eeda8
SHA25622cf8c84fafb589b6fedbdb7ec2971088cfe786df9f6ed54af3ec8aa56c526f4
SHA5125996435e725d337f47c2f4e11266adad2d3366d0d09e8df107bad70562106e8f8986135f6dcad42b62d69a44eba685e6c3251a96a70dc2723282534134cec0c8
-
Filesize
4KB
MD528390d5366bb24f61c6005167cb4aef6
SHA1e31ecde6b3ca297244595df7ea44f94408cd821d
SHA25656c0791c25bea87720ed07c5173cfeef5e5efa98276fcf813847b8b068e93f41
SHA512c500391c0c2f811504a8c261794d2ba31ea81b046c351c2028a24ef8f8793d3a9e4f71299aaf4ae3e8a37603916bdd05a0715896175d1cd795e5298805065f4e
-
Filesize
4KB
MD581b236d995dbf2fd68b7a42b76298514
SHA196272793bf0e67295d08c9e126627cf9c435fa33
SHA2562e34f00db26b4b9e8660d094adaafd68c5d12d57742b21c115fb139b1e794e1a
SHA5127e46217a77db099a2e4ecdc636724d3aa714b9bb04db3a5b0515abd316fbc941dd433d87f83abe050edc3adc83b4d6b2791ccf8a97c5b15b2920bad820254ab7
-
Filesize
4KB
MD5d0c22f916bf3c2b38923d53f05fee6da
SHA12ab8d26f6688339ebca37451ff0163894f1c3962
SHA2564e9dcf9d42a90c217bb571a25876148bbc02f3fe19e190063bf6da19cca5bf75
SHA51233e126be9e826f420aecdaffe7841cd762fd434ed648e807da52c1f10f7a13d99ea1e86a01618095e83ebe26cd78bd9589daa2536a3735c1a9164c6f207ae86a
-
Filesize
5KB
MD52dc9e3bbf460beb70d69d2e2615c6b16
SHA125e41757b15741562bb6a83216fc8066e98d24ad
SHA256df260516b5d7ad84fade350c0f4e53a8c595930e13fa9e9223443057c5deba23
SHA512905bd92d7d9f688e08633df259787fdb6df9d72cba32f252d8d5dee36fb5427b29948da65a8da934287dda3f0c68150aeacec474b1a3e84879158fc7958d728a
-
Filesize
6KB
MD5bdba02794c150c5c25e1e56e73d21112
SHA1b799150823c06c8335bcb2e44628d2e28ab5f010
SHA25647090e9d3fba7292b2f63d42a77e11f0640437be77b866edc43d689af84ca9e0
SHA512447e6468e0a6e3e0f0d628a15ac61464e905edd9fc146851788cdc3d6e0a25c5db18ab038dcec1afcd74b6b12381efc10e4a7437dca7e19d15d63c83450b86e3
-
Filesize
5KB
MD58f33671e9e923298e6228b331b5a09cd
SHA15969ae425c1a44fd1b8524153220e39b80f8b7c2
SHA2568b6c89083f235e257e476d85e0948927cf6d199fa824a26f60e91b0fbdf6a68c
SHA5122b78c61e509f1626433f08dbc2c00cf64108747e739ff536ed27f050f41538cb1261120e43c549e88355eb7b9ad94569bba28d54e966c155de7d2d758f008378
-
Filesize
6KB
MD569975d95cbb0f5235367b3232f24f455
SHA1ff542dc04fd998ad3e53c654b79cf90349c23a6e
SHA2569107cda441ddd9eed7afb4d9d92cc06146058a2000daa9f889123a4e409a06b9
SHA51288602027b44c6d058bf474fa602b581c37bd01cc65384dd36838782936c8d5f6f3b2423fd6ecf2a841fe7fe6d2be3c503e2e9dec4039c0508957af6c4b0b5203
-
Filesize
4KB
MD514702880f034ee83ee8956476faafa84
SHA11ec3e97a9ee9e2e5d859d8729211671f908648b7
SHA25619b8d3677109b6a8c8c26e27e4f244e463892a5865c44fa9431dd9657dcccacf
SHA51203df28034a17982af4811a1fc09896ae3597f1e3d2a22d597ef3b51d7e0e291323b3a7881f931a535a51f933b3d352477210546e66bdbf18e1d108435bc0cb1b
-
Filesize
5KB
MD5a0cbf998014410919d3eac1c5f280571
SHA13cdbb0080a11071df58815e5b6237b8c767a991b
SHA25603761de916dd6a2d481edb43666f724df715689ae9f6e2d68ef8b41f37b4c290
SHA512916b67e712f9f4cebe17d3e2abdd12d11b5c2b49f414318f8aadb1b36ab14c56b7466476574f0fa8c77b4bd1329da073493bd9f06fec0d312d1a82c47690b7ed
-
Filesize
4KB
MD59219244a372f7c2c7d1c6891301b7e04
SHA161de0f335f50fdaabd32c197eac4d67f4ae092d8
SHA256892129c335188efbfcba6a2a9dd49102cb2c294ed5b7dc89f54d242e5f427422
SHA5124acda517dedeac6b5915f01b6fe3fbbb0b70091d052e9bfe60f92e2272601054a7834eb1e6716d0541b6132fb38d3e319bb94c4d008d490df349854fabc2943e
-
Filesize
4KB
MD5142677a73350927eed61fe56e5fadb93
SHA128defd49ad51c90ae9e9fcbe2b12e929ca19148c
SHA2569567b29f0095da28cf06b74e3c256f0f5e9204f541bfa217b6bfa2b1144d225a
SHA512e7ad61c5bec1f0290b6ea2c343292393cbfe5443552e5c0a3d25e34cf871dadc971c24588be5735e156ef390f5c2bf8062394298c6966098d2507d4a8fa6e264
-
Filesize
4KB
MD518ddb803c3f43dbbe98d5529153be923
SHA1dd790840b76a6e1cbbf9410bd5ae2ce33ecf2559
SHA256762169600f7146807fecfc0c4d19348ae115fc5c189c5abcc22e2018ca73af4a
SHA5129cae2f2008857cad89bea5108f545dbffa10e8445f853786d55cde5040d79bf85c9a92a76d035aeb25022273ea82f3425d1198eb81e93ebb9b5fe721232fbcd3
-
Filesize
5KB
MD54a17301071c69d7285c4409d0e6f21be
SHA1a0bd18689191ab3b4c0c1f9e3f7245cc3bbb5061
SHA2563efca51d0a94751eebde7629d9e535faa89d847ff35b1f7895e0b9637cb7ec0e
SHA512e265ea6cee34fe2c48c6b8fe7409cb1c1341eabc0eac8a48b1ffd13bd4243a438db066c1b0a81d2da60ffbbc069e80d2dcb728594897b46e67ed9526cfcacc88
-
Filesize
6KB
MD5d0c3dadbc6d4f0b9c63c09d2d0fb1b1e
SHA1a82ed8f7b46f3caf7c7be2b02cb17715bfd39c9d
SHA256faa634dd288c56e75e14ecbaf270910d7d4bbec9125fe9d24ca671a5115a56dd
SHA512d3e8c724a8b0f5b4a47c98213297d82a379f5164e83010a9f6acf7ce38ac3514155147932870f0333441e7a008e0ea02429754859ca1888c95c40bb7a83dc04a
-
Filesize
5KB
MD5e030cf7640659b7fc685716010c3c535
SHA1f44ceed2abddedd6329028e9301f3f30b9951d3f
SHA25621f80063bdf58bb12ad6d713f2d39e13b2a0714453905a1e1df6868dbb73fa20
SHA51236df90541f2d89c3a38d48a71bdfbb368aceca59f176ebf7b1ba08510e0d7bf32dfb2ab0e10ebaf83b88114b73372fa267adc5441ddab2270c4444a017e1f483
-
Filesize
6KB
MD5a17d0deb483a95bb1ca28e2499e9fef8
SHA1fd23ff1b2b9a7bd28b30f3041eae608e5b00a017
SHA25616f73a5869c41fe83718ff9c6a183209a51af9a4463defe7d01ba95680a8c2e9
SHA512698d10f2f8976ad5b314a2e2856a4d9d0c98693de9d827d404971e22ff80494344c29156deddc4cda70db3f46a5c5c816ee8d4cf663ac1ae1176bb6922995b9d
-
Filesize
4KB
MD5219cdc66e7715b7da80e9e6a4c52c54d
SHA122dd396b1229a3d9fe063de926470e5bb1b272f4
SHA256030acc91b1836cfb8ef848b4c641820660095da9fdbe7aa03472015a74ed4361
SHA512c1456ccf921dc7da0686dc24ea8f11772c8c24149719a4d7a7b01a0743eecfb69e8a2eeda7cfffac2b95f74a2c34dcb5133987ddaff738cef75ce40e4c7bd07d
-
Filesize
4KB
MD556a790d37ada3af95551ea7ed8c6c1f6
SHA19db6ae01a13b19011621d23fb46a7ffbe09ad462
SHA2569063136a0da9d755d7b5b3513593a17e1bfbe8296efc1821a38f849983cc6392
SHA5123679ac213c92608b961f1c87ce72dcf27be20580ce7a4d00f2128cb50eeff094cb910116d01f707c92701aadd72571920620be943d8df0ba262f1021d8a4e511
-
Filesize
17KB
MD51296e20dd5bdcadbad40c74aa9cc0181
SHA1d33517d23dd2c14559a3c886c0328fd51f5014ac
SHA25690239da560823f2da0bdae010f9032cdb062a5aeba89106ce6a876029bd18063
SHA51255fbf36f71c0233408ae2730d4a7f650224dcd4ee5cd00dea7bcad6448307bda25f76df661c76a23b8055f476ddd45dabbab2614b04a589cee84f03b7f424527
-
Filesize
4KB
MD5a739e5a45f28378f30c78302748c117d
SHA1b9175d43cc2400eb2583d5cb89c61d983da69bbc
SHA256b51c9c7bd2d46a589e1d062317fb750dbef8a7b31f11016c1b9154a003e75652
SHA512fc4ac800cca23eead14ba53435fb47d95676e4353e3022a2ffc8a737fcbbe1c1503ce83e4b9ccdbf6c095e0df6675bd3c07efd2a7e080af5581b2395aa753def
-
Filesize
49KB
MD5dd7c6bc95fdaa7187f3bd0ebfa2d5789
SHA1de0e5e5185e74318294a7182734d52eba043418b
SHA25616bfde3cb8d144ac021bd14ad319c4dbe7cf728b02ca831b5a1fb010a8fd8d0d
SHA51248657db991207addb311aaa713355ec12ac024a2a48c03cc3d7b0aa693210f2eaccca25609748419557c0fdb833fe643a9665b321d2d81a3ccfc6d7a2325f003
-
Filesize
4KB
MD57e858c4054eb00fcddc653a04e5cd1c6
SHA12e056bf31a8d78df136f02a62afeeca77f4faccf
SHA2569010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb
-
Filesize
512B
MD5615a67b77c98fde5b5cbf488adcf8b49
SHA10943153897123b1a2c789f41f010f2fae6e28fa9
SHA256bcacafc35edcb67d3873cf88b4cc569c289a24eb720c38bdba21504dc74d782f
SHA512abe6087f9cf2a8a3fb1210c5ad9a373696930f2a4f105de75f241e2ccf77da77d3bb5573af58bc0573bc0ded69a4268de453bdb594299b5bb0b457d63dfa694c
-
Filesize
49KB
MD5668b6f11f96b2be76f27d5895b2d0ac2
SHA102a5b38e7c57988876280b38329f84e6fbd4fa7a
SHA256de7ba27ad45e06a8671cd9f25101d469ad71701f3ca994bbe8bfb873b2793a39
SHA512dbfb4d55681969dfff15a319dde4a0fde3a8c826a188a2f465b09d49dcfeb8af62c2d8a845a383f1f141c597ca85b253178093c0112ee24842cc9537764fe508
-
Filesize
32KB
MD5f3f386e602a2e2e158a5212bb3845158
SHA1214f1b69bd1603e38d2d1dc4cb3625f584a0a958
SHA256f9d3575c36a2770df240b7182549913340dc736057adb9acc82549fb7399d7f5
SHA51203b07179eaf7fd9e1080acbb4c6edf47ce5fc72ba490902258da0f9c9a672bf24693ea0f8b3931c522982f9e386dbd22e09e27a92100ee7e3583f35457c9279b
-
Filesize
108KB
MD57c089240f868fa557b8ee0ba99014ac5
SHA1828eb38ba86a9589be6faf1333b25aff54bda2e6
SHA256c9a3ef82fdbe88ad9e2ea4c2044ddde73b24ba9c4dfce3ab6d9356f6ea27d49a
SHA51266083cb3a2a6a2ca46acce4f1e405c14d029696fdf3d38ae3a54ae935c27104e2baeea622c1b190f23f83a88b60dc91e97998953754a0264ef5c9e766ef343a9