Overview

overview

10

Static

static

10

dcc386bb76...86.apk

android-9-x86

8

dcc386bb76...86.apk

android-10-x64

8

dcc386bb76...86.apk

android-11-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    23-11-2024 03:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dcc386bb765ad45626e67a775c569a8a0d95b50436fe0708361a3abbad023986.apk

  • Size

    697KB

  • MD5

    aa94c4b0113158cd93257478f100ba5d

  • SHA1

    2c4a80a143c493b0f5ac2c4b71d80675c14d15cf

  • SHA256

    dcc386bb765ad45626e67a775c569a8a0d95b50436fe0708361a3abbad023986

  • SHA512

    4aa84c56830524a3df17a2831a5303d284e7fbd3b3ae8e5f7b144ab1103a2695483a89a77e5046b5ca82355b2992d8086b13b1d0751e3cd268caa00f849a68df

  • SSDEEP

    12288:OeypaI0RHLVY4bDpYSaca9F64ze8MBrR/YusT3cgtN0Fdm26Rq219gJIp5wa:O6I01hhbLH4K5F/YHT3SFdm2GNeza

Score
8/10
collectioncredential_accessdiscoveryevasionexecutionpersistencestealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.laboratories.participate
    1⤵
    • Removes its main activity from the application launcher
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries the mobile country code (MCC)
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Checks CPU information
    • Checks memory information
    PID:4265

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-23.txt
    Filesize

    283B

    MD5

    2c2be28f65ed7a593d13c2bec1060b85

    SHA1

    4efba37310a65ca9d41c4edcd771ed5c65110b2d

    SHA256

    272031a1a7de9d1fef889f1ac8ab982b0f193b82884217d3f87f5a8fcaf5dcca

    SHA512

    45b8d17b8104eeaa8914e7bb821ba068da09e136443774d05238d285c0ff0c316300e18ee00be9178e47f2132cdaf9b836cdb5ec677dd22365fc84defe6ac248

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-23.txt
    Filesize

    28B

    MD5

    d2b49bb9a8a1e20f18508e760b47811d

    SHA1

    e7c6a4de64f8a00ddc43c52edcb3a7d1bd5fe802

    SHA256

    5105c68bc744dce2b52b19d8b7ef6b9798d5dc786a2c65750b8eabcf0d508e49

    SHA512

    dd6cbce6e9dc9848c72181afbb7d0a6135c47bb1f1c4217cd29ec4603048622b2e30fb171a0be8ce09ae31db61503b5695abd6e5a1eaca34e4d0ae8a528996c2

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-23.txt
    Filesize

    48B

    MD5

    56d848726aae6e1fccf7e110ddda4eed

    SHA1

    14956f90a57f1a5a35b68de73cd26e9ad9331901

    SHA256

    091456d9bd9d31aa8e7905cd588e32ce1d09a895c5e076cf6538b6f9dd07202e

    SHA512

    23cfc74a71915859c3a602552c23c9238fe1af6f910c3c81a3bae7f77dafd2f3e2836a442db25a70d07438931ce320e9700a35c9d753b8945b1f67ac30945ac5

    Download Submit