Analysis
-
max time kernel
149s -
max time network
156s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
23-11-2024 03:05
Behavioral task
behavioral1
Sample
dcc386bb765ad45626e67a775c569a8a0d95b50436fe0708361a3abbad023986.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
dcc386bb765ad45626e67a775c569a8a0d95b50436fe0708361a3abbad023986.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
dcc386bb765ad45626e67a775c569a8a0d95b50436fe0708361a3abbad023986.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
dcc386bb765ad45626e67a775c569a8a0d95b50436fe0708361a3abbad023986.apk
-
Size
697KB
-
MD5
aa94c4b0113158cd93257478f100ba5d
-
SHA1
2c4a80a143c493b0f5ac2c4b71d80675c14d15cf
-
SHA256
dcc386bb765ad45626e67a775c569a8a0d95b50436fe0708361a3abbad023986
-
SHA512
4aa84c56830524a3df17a2831a5303d284e7fbd3b3ae8e5f7b144ab1103a2695483a89a77e5046b5ca82355b2992d8086b13b1d0751e3cd268caa00f849a68df
-
SSDEEP
12288:OeypaI0RHLVY4bDpYSaca9F64ze8MBrR/YusT3cgtN0Fdm26Rq219gJIp5wa:O6I01hhbLH4K5F/YHT3SFdm2GNeza
Malware Config
Signatures
-
Processes:
com.laboratories.participatepid process 4491 com.laboratories.participate -
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
Processes:
com.laboratories.participatedescription ioc process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.laboratories.participate Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.laboratories.participate -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
com.laboratories.participatedescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.laboratories.participate -
Acquires the wake lock 1 IoCs
Processes:
com.laboratories.participatedescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.laboratories.participate -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
com.laboratories.participatedescription ioc process Framework service call android.app.IActivityManager.setServiceForeground com.laboratories.participate -
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
Processes:
com.laboratories.participatedescription ioc process Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS com.laboratories.participate -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
com.laboratories.participatedescription ioc process Framework service call android.app.job.IJobScheduler.schedule com.laboratories.participate -
Checks CPU information 2 TTPs 1 IoCs
Processes:
com.laboratories.participatedescription ioc process File opened for read /proc/cpuinfo com.laboratories.participate -
Checks memory information 2 TTPs 1 IoCs
Processes:
com.laboratories.participatedescription ioc process File opened for read /proc/meminfo com.laboratories.participate
Processes
-
com.laboratories.participate1⤵
- Removes its main activity from the application launcher
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4491
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Foreground Persistence
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
48B
MD556d848726aae6e1fccf7e110ddda4eed
SHA114956f90a57f1a5a35b68de73cd26e9ad9331901
SHA256091456d9bd9d31aa8e7905cd588e32ce1d09a895c5e076cf6538b6f9dd07202e
SHA51223cfc74a71915859c3a602552c23c9238fe1af6f910c3c81a3bae7f77dafd2f3e2836a442db25a70d07438931ce320e9700a35c9d753b8945b1f67ac30945ac5
-
Filesize
283B
MD5336676d3981ee6a3edbb2cf2a5d658d0
SHA196f4949d3bfcd2243a048076a8bfb715c8c0c00e
SHA25616a6827a7a4dc3beb2ea80b6012b0cfe11b0c53e400a0d1c6c230e466004de0f
SHA5123ba0d2eb78748c42125178640edf0e9b31e0676771120f05a6ace7054d28a97e5fbbac32639a0995a02ea856a25e88e13f0ec0fa2c5b4b68981072b6d3202b44
-
Filesize
28B
MD5b526759c1c5f32d1e480f73d98684568
SHA1205b4553d10be5cabdfca65e5461d427b656546d
SHA256891362c5fb40d06ac17d0df709f7ddd1984669e7a4a0528b5ad2fdab483a30d4
SHA51263187d02028571c51ade3468a429a987b5d3d5b811b4b5a8bc82a82af8fa8160eadc973398cf4a5e27dec925e288f8528a4e795119a49b532cd60f265b777c07