Overview

overview

10

Static

static

10

15f59da458...50.apk

android-9-x86

7

15f59da458...50.apk

android-10-x64

7

15f59da458...50.apk

android-11-x64

7

Analysis

  • max time kernel
    96s
  • max time network
    108s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    22-11-2024 13:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    15f59da4589a0b9fc3b9d4c0f261fe50.apk

  • Size

    3.5MB

  • MD5

    15f59da4589a0b9fc3b9d4c0f261fe50

  • SHA1

    a819d8132a20e6f6b375d4c2c813776d7692ea48

  • SHA256

    0b76e0e7ed26277903223f3b0868cf303f8a6b5c05c045eb94a6d6ca3e9a4f89

  • SHA512

    b843e5153d38e210be5fe4cbd54d7d28b260cb4f655790090731f479b2a74c0c1bb80d32963b3c867730b40c6eeda9900cdc8649ff7091dd6e104ba7c97367a4

  • SSDEEP

    49152:2gWAVs7LxUOmZt3svb3Y5tWWqbFg+BgKDhEVe14mMcCnJMzvvD9jz0o/Vz:l67Lxm+b38tWtbF9pBaPcrLxjQa

Score
7/10
collectioncredential_accessdiscoveryevasionpersistence

Malware Config

Signatures

  • Checks known Qemu pipes. 1 TTPs 24 IoCs

    Checks for known pipes used by the Android emulator to communicate with the host.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 4 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries information about running processes on the device 1 TTPs 12 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Acquires the wake lock 7 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 7 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 8 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 2 IoCs
    evasion
  • Checks CPU information 2 TTPs 12 IoCs

Processes

  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Queries information about running processes on the device
    PID:4252
    • /system/bin/cat /proc/cpuinfo
      2⤵
      • Checks CPU information
      PID:4282
  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Makes use of the framework's Accessibility service
    • Queries information about running processes on the device
    • Performs UI accessibility actions on behalf of the user
    PID:4444
    • /system/bin/cat /proc/cpuinfo
      2⤵
      • Checks CPU information
      PID:4540
  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Queries information about running processes on the device
    PID:4567
    • /system/bin/cat /proc/cpuinfo
      2⤵
      • Checks CPU information
      PID:4595
  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    PID:4637
    • /system/bin/cat /proc/cpuinfo
      2⤵
      • Checks CPU information
      PID:4672
  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Queries information about running processes on the device
    PID:4717
    • /system/bin/cat /proc/cpuinfo
      2⤵
      • Checks CPU information
      PID:4745
  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Makes use of the framework's Accessibility service
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    PID:4770
    • /system/bin/cat /proc/cpuinfo
      2⤵
      • Checks CPU information
      PID:4804
  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4830
    • /system/bin/cat /proc/cpuinfo
      2⤵
      • Checks CPU information
      PID:4890
  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    PID:4941
    • /system/bin/cat /proc/cpuinfo
      2⤵
      • Checks CPU information
      PID:4971
  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Queries information about running processes on the device
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4997
    • /system/bin/cat /proc/cpuinfo
      2⤵
      • Checks CPU information
      PID:5029
  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Makes use of the framework's Accessibility service
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    PID:5056
    • /system/bin/cat /proc/cpuinfo
      2⤵
      • Checks CPU information
      PID:5087
  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    PID:5112
    • /system/bin/cat /proc/cpuinfo
      2⤵
      • Checks CPU information
      PID:5143
  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Makes use of the framework's Accessibility service
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    PID:5189
    • /system/bin/cat /proc/cpuinfo
      2⤵
      • Checks CPU information
      PID:5222

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.example.mysoul/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.example.mysoul/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    6116af889e7f9e73042c96c8c37393e4

    SHA1

    4eb54dde470eeea81985a664fcabb38e5dbaf0c2

    SHA256

    def2b3fbf03fc843821190afb781df878ca734c22dd9a27f37c4dacc6e463d8f

    SHA512

    b10c964fd0dc040831d2ffaf3cc9170b46890e97cb1fab968efac3b41a2195c138656fff8b4aa8eb03c66bf606e57c376cfbd372240f96cd61d939b49d771953

    Download Submit

  • /data/data/com.example.mysoul/no_backup/androidx.work.workdb-shm
    Filesize

    108KB

    MD5

    c6ac118312d15f3b58c837678af7bfd1

    SHA1

    11aaea677cac9d1239040835a3be12a5fa840596

    SHA256

    f7ef37dbcafbcf3954502b209dab16a4d838fb5023946d9fc619a20e641128e2

    SHA512

    cc922c3666a0d8707d6d6030b9fde38706b8bb75207d671bd478fd9032d719443add390b380ae2ee6376d45e78696fa9cd0d118ae32e468b2b1c29fecc4b5051

    Download Submit

  • /data/data/com.example.mysoul/no_backup/androidx.work.workdb-wal
    Filesize

    28KB

    MD5

    0a19838a6d686f52d7e05ba1cd703a9f

    SHA1

    583ed5af79eabebc2b2d3a8fa48c5397c5c6b140

    SHA256

    b62b5564c5e6b2f249424644354af66da19dbbd0c0a2fd246acd8c17952097e1

    SHA512

    bbb0df0cb1ee2bf12f6501b386d51ac80d7d567e6d84b63de80628aa726004443f45f9bc3ab98366464cba32d5c6bde6c1a0f69b16ed46343bc06fc68aa10798

    Download Submit