Analysis
-
max time kernel
148s -
max time network
159s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
22-11-2024 08:04
Behavioral task
behavioral1
Sample
apk005.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
apk005.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral3
Sample
apk005.apk
Resource
android-x64-arm64-20240910-en
General
-
Target
apk005.apk
-
Size
684KB
-
MD5
874a2d006e3df683e3d84a0b6ffa7427
-
SHA1
28f90d85bea9dcec6c246d2e1e0d81d20d84bdfd
-
SHA256
758cbf74036ee718530f699f327b9c9eb833f6f2ca495749ed7614644d98ac7e
-
SHA512
1f59fd316c5405dd18e8ac07319440fb14e02396759339b411cf01b0b7f6d35fca1c326a4f4a2bae322fd3ef3003bdebdd11b89de2537af6bae3e3a70a4a20d0
-
SSDEEP
12288:DphYy/p6FOjENqxpXPcRZY90ipEKbM/qd6IusT3cgtN0Fvm16Rq212gXH:NhYKkYdpEomqd6IHT3SFvm1GNjXH
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
Processes:
splash.app.maindescription ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId splash.app.main Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId splash.app.main -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
splash.app.maindescription ioc Process Framework service call android.app.IActivityManager.setServiceForeground splash.app.main -
Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs
Application may abuse the accessibility service to prevent their removal.
Processes:
splash.app.mainioc Process android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction splash.app.main android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction splash.app.main android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction splash.app.main android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction splash.app.main -
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
Processes:
splash.app.maindescription ioc Process Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS splash.app.main -
Requests enabling of the accessibility settings. 1 IoCs
Processes:
splash.app.maindescription ioc Process Intent action android.settings.ACCESSIBILITY_SETTINGS splash.app.main -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
splash.app.maindescription ioc Process Framework service call android.app.IActivityManager.registerReceiver splash.app.main
Processes
-
splash.app.main1⤵
- Removes its main activity from the application launcher
- Makes use of the framework's Accessibility service
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Requests enabling of the accessibility settings.
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4317
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Foreground Persistence
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
24B
MD52cb7ee8f096cb9fbcd14bc28733cb604
SHA1469bc56f4cd04633640b477b49691d4b95a1351e
SHA256ab4a9ecd49e5e00fcff0a8be1281e85bbc5648fb3a1d89c72a504d7d676ebe74
SHA512868e7a711a7ec24f178abdc3d410467b172440543a0e7b40e58af174260043329e5d526f0c421e02a01aee61eadfdfdbdff4e232cd49035aa9e3dcb4bfafee61
-
Filesize
279B
MD5b2c2599c9ff468f9da98d19176a673ba
SHA12a3e95221111cca402fec201231d870b61c5fbdc
SHA256a0e0d39ea6e529fa6ff6fff0e123f23277fa77d6d78a9c0daa14de59462b101e
SHA512e3ad04ebd5ea0411ae7821913de1f1a19c785758eddff1d34c87c80589a627be80c65bb428361704b46e63473ac250eb6b2ee609a98d646f0d4fcbfae65a1bad
-
Filesize
28B
MD5529f20f9a03b2ee8fd4948fdc21060e3
SHA1a571080178a4635e26a736b9804b9a0fcae3c3cb
SHA256b4d20026e15a5c97a721597b7f04e88448935808e68ffe83ddeda6e2527fc8eb
SHA512155a39986340ed0a7dd1e1e3d79f78c51184153071b9f49f2909272cafb6d1f8d570a53f04e5bbf04c456eb79b57baf7a1624a287f2472255e13d5da4753b8be
-
Filesize
255B
MD5b3d95da0037c6ff860680d2bad70b9a1
SHA1ce4539dbabcabd638d2400b58f153c2a57d4799e
SHA256ea6df059a1ed4405df7f1d9c00eca2961bb282d1369f6b3e8e27fea5c40d6181
SHA512c6df2affd9202c95bf50969765a73160ce8efc9d132980a018f51c443df30c10c5ec102d19ad95115011d73a647884d5989b9b3d6a20eb82766e72a8731f21ce
-
Filesize
56B
MD5f5068dc275df0076d1e59a1a46621b2c
SHA1a848ccd29e97dee9e8c38b81268cf7a5217d04bd
SHA256c749950cb8922b8a5c45366a5fb67d4de610029711fa4dd14f3268a3e394bd50
SHA51206704ff765af1c0e14233ca75174962eb79f1ecca59f87bba25820614e6bc8526fed598856788cbcdb1cfd6d02a77f58c9ac5c2217d10a1c8fbbe31aef341abc