1b092e036c2166e901393b46c088d10c3e7620bbc57fe86fa1fef04385fbf9b1

Analysis

max time kernel
59s
max time network
48s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
16-11-2024 18:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DarKnetJoKer.apk
Size

8.5MB
MD5

1d4fbe75708e3b9f917771ee51c6b579
SHA1

62f30155ab29bab3b838b9381ac9cd97e8a86d9b
SHA256

1b092e036c2166e901393b46c088d10c3e7620bbc57fe86fa1fef04385fbf9b1
SHA512

b068b9be44e13eae565e12afccffc85a6c369aea23767d213727e61997be96949225d506ccf07aecc99e3841877f2009ce27aa73d1f439c315a2c35ad294298e
SSDEEP

49152:VBe2E8SKj+Ahu8NAgIaCpTro18nqWE+s8E2mz5zdGGIQTOjfUtYqi0cgFES4:j+8S0+AtAgRCpTs1Z8Bmz5zBPTU0tFC

Score

7^/10

banker collection credential_access discovery evasion execution persistence

Malware Config

Signatures

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	millions.players.demographic

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	millions.players.demographic

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	millions.players.demographic

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	millions.players.demographic

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	millions.players.demographic

millions.players.demographic
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:4938

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/Config/sys/apps/log/log-2024-11-16.txt

Filesize
33B

MD5
bdff85c4670956ee501a3e6718f9be42

SHA1
eba0b47d772bf69becb055b7e8aeb7cc225b996a

SHA256
f8e4b86551cfc060784a03ff4f6b8191ce09a635746f78f65d9f536e9ddae829

SHA512
464da98da2d9183a0f801b48db8108ed3c7ab83faa5d642e648bdcf6ba2c0d65a80303a8b63593f7061aba1a92aa876a83621fc36f98e706edb1302d1149efbd

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-11-16.txt

Filesize
45B

MD5
11e464064dcae11be7956bbd5e854dc1

SHA1
33f37d3846cab06a54e791fbd683e5c6359add58

SHA256
c47b1353029508b39f7b6c7660a73a6434fc47c67acbcc5fc0a4d536484594d5

SHA512
02bc0a1469cd93bb63027291c7e9ccf21a0cdebff5a56996b7e03f92020b40dbada10bcd09ab41e29415bda65d9cafe948415a9542af897fd9561560adfb3ba4

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-11-16.txt

Filesize
41B

MD5
8f2f902b1ea3ccc87bf20449eb2441eb

SHA1
37c099845934701b25562a47971e1d6e32ba5180

SHA256
eb6b14415dfd0fb6203749fe27e69c2e92eace24a69a7659ada2dafd5f111971

SHA512
593a302813b99dc4e3316d15f7290165bbcc18e2ab90b21d7ecd354bc2c0345ec7caf4ad6b5c8f06be7dff304179b147585decd7c7223e290c2adf5f37cd544e

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-11-16.txt

Filesize
57B

MD5
78d43831eb5e88bf19890651781d4eaf

SHA1
f03b15b7c5781cdcae688d107a42147a8367d74d

SHA256
2755540d416a2524a85a97d273447bac2716222f2a076afcd20379a709941a87

SHA512
f30b93b252b00d33bcb05a4faec5810317b86770cd43e2a618fa025e4cdfd1795a9d1444225369d4e678a34e11f1afea91368faebd49b5e31c264dafb38d71c6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads