Analysis

  • max time kernel
    149s
  • max time network
    156s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    23-11-2024 03:05

General

  • Target

    dcc386bb765ad45626e67a775c569a8a0d95b50436fe0708361a3abbad023986.apk

  • Size

    697KB

  • MD5

    aa94c4b0113158cd93257478f100ba5d

  • SHA1

    2c4a80a143c493b0f5ac2c4b71d80675c14d15cf

  • SHA256

    dcc386bb765ad45626e67a775c569a8a0d95b50436fe0708361a3abbad023986

  • SHA512

    4aa84c56830524a3df17a2831a5303d284e7fbd3b3ae8e5f7b144ab1103a2695483a89a77e5046b5ca82355b2992d8086b13b1d0751e3cd268caa00f849a68df

  • SSDEEP

    12288:OeypaI0RHLVY4bDpYSaca9F64ze8MBrR/YusT3cgtN0Fdm26Rq219gJIp5wa:O6I01hhbLH4K5F/YHT3SFdm2GNeza

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.laboratories.participate
    1⤵
    • Removes its main activity from the application launcher
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Schedules tasks to execute at a specified time
    • Checks CPU information
    • Checks memory information
    PID:4491

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-23.txt

    Filesize

    48B

    MD5

    56d848726aae6e1fccf7e110ddda4eed

    SHA1

    14956f90a57f1a5a35b68de73cd26e9ad9331901

    SHA256

    091456d9bd9d31aa8e7905cd588e32ce1d09a895c5e076cf6538b6f9dd07202e

    SHA512

    23cfc74a71915859c3a602552c23c9238fe1af6f910c3c81a3bae7f77dafd2f3e2836a442db25a70d07438931ce320e9700a35c9d753b8945b1f67ac30945ac5

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-23.txt

    Filesize

    283B

    MD5

    336676d3981ee6a3edbb2cf2a5d658d0

    SHA1

    96f4949d3bfcd2243a048076a8bfb715c8c0c00e

    SHA256

    16a6827a7a4dc3beb2ea80b6012b0cfe11b0c53e400a0d1c6c230e466004de0f

    SHA512

    3ba0d2eb78748c42125178640edf0e9b31e0676771120f05a6ace7054d28a97e5fbbac32639a0995a02ea856a25e88e13f0ec0fa2c5b4b68981072b6d3202b44

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-23.txt

    Filesize

    28B

    MD5

    b526759c1c5f32d1e480f73d98684568

    SHA1

    205b4553d10be5cabdfca65e5461d427b656546d

    SHA256

    891362c5fb40d06ac17d0df709f7ddd1984669e7a4a0528b5ad2fdab483a30d4

    SHA512

    63187d02028571c51ade3468a429a987b5d3d5b811b4b5a8bc82a82af8fa8160eadc973398cf4a5e27dec925e288f8528a4e795119a49b532cd60f265b777c07