e2efb6041ee34d0f5c2b1c9b6b82fb7e5fe0b48390d40b4d56116aacf5e2dbe5

Analysis

max time kernel
149s
max time network
151s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
21-11-2024 09:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

readysigned.apk
Size

4.6MB
MD5

fa15edeeda23137934b3f814263713dd
SHA1

524ed99b855fbdbc847caa272f3f8b2fd717255e
SHA256

e2efb6041ee34d0f5c2b1c9b6b82fb7e5fe0b48390d40b4d56116aacf5e2dbe5
SHA512

1ef0d0fcf01c27f4209dd62987cdb68322e8fc4e9ef647d4c3edf1ba2730509fd7d7bf2d1e821c2c9e4c663908aaaa5cf128131bc512f5eba4acfc05f0b9db8c
SSDEEP

98304:nZj85OMEKd1GbK0ZWWNWTL5pCIGtgdXmzYdzBZT10ts1Xik:h85OMEKCblZ3NWnQ+d2zYRKOSk

Score

7^/10

collection credential_access discovery evasion execution persistence

Malware Config

Signatures

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	minimum.resulted.sage

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	minimum.resulted.sage

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	minimum.resulted.sage

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	minimum.resulted.sage

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	minimum.resulted.sage

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	minimum.resulted.sage

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	minimum.resulted.sage

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	minimum.resulted.sage

minimum.resulted.sage
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4256

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Input Injection

T1516

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/Config/sys/apps/log/log-2024-11-21.txt

Filesize
13B

MD5
de2c41a51ee9246eb1708f65b511add0

SHA1
2f442d634c8a18760a232c8829d4b5d74a52f074

SHA256
ad2d914ca347cd1930e32f21c6d5448c34104bea181b93abc85ec518985653ab

SHA512
7cdfbd001594503644e9ed80ae852f90ef9e841a8382e2eec6979e149a2c400a3b83055d205b4d1d66e1600e5127482932d5127eb5800d35a4ee5673fe34d84a

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-11-21.txt

Filesize
25B

MD5
d03c94c89c9dee43c7422d4efa7937cf

SHA1
c752cde3ac59c2cf986bf488ed7078a9ae27fa3f

SHA256
9c65480d93292ef16a3ad639c5ff36321a700ae05aa02a7ba40a24d92935434c

SHA512
bee9f0abcb20c784491eec95bf4626beb56e054f8939c1ab4385f694d4cc0a542267af4b662ef3a83f35e10de2b0a4b7038e34fd4a79f58db53bd726eebd4b2b

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-11-21.txt

Filesize
25B

MD5
9f0067bb1919a2427ad4443ef2195e96

SHA1
6b3461d350618ef414014b3d8972959a285d4fa3

SHA256
b2c05eef658fa1324a9458fa6e894e74ae8a6a882a58c946a98f42eda5da3541

SHA512
a54e8db613ad27921bec74792a0c6faf114c94094ebc979279c50a252f77467bf541b5d0e246fb2f85b8ccac96b9c793cf37de3be0f56bf28da8400048bdbb42

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads