dbb8dd0c28595c9a8f61f48f9c032bbff65d9e9002d5e67dfeadd0e9d9e169cf

Analysis

max time kernel
149s
max time network
140s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
23-11-2024 17:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ready.apk
Size

9.3MB
MD5

cce17d47d3b390211557eb867e2a351c
SHA1

a7809faaf47b033e804c0946351aeddf9c3881a7
SHA256

dbb8dd0c28595c9a8f61f48f9c032bbff65d9e9002d5e67dfeadd0e9d9e169cf
SHA512

8819c8a6f6e035051d359b9a779d16dbc107ce95d6020a24c1312e195032e1bb168f0670087be88618a6b5e760cb4eef09987b1afb881881faa625e5a49caaf2
SSDEEP

98304:75OiDrwAFsFcacKqs2YlpoSsPfy3+mzXzB1TJ0tANfHD:75OiDrwtcKLnpoSsn0ZzDmwD

Score

7^/10

collection credential_access evasion execution persistence

Malware Config

Signatures

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	prizes.medications.clients

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	prizes.medications.clients

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	prizes.medications.clients

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	prizes.medications.clients

prizes.medications.clients
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Schedules tasks to execute at a specified time
PID:4377

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Foreground Persistence

T1541

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/Config/sys/apps/log/log-2024-11-23.txt

Filesize
29B

MD5
15181fca365cae8cc7fdb2416ebac04e

SHA1
e0d022f66f79ca342328d014cb804d45aa3172a7

SHA256
ba3e7d6426f9c9e88674c83094247cf623cccb271d1356de7a42fe0d8badbf5f

SHA512
f52e8d33889ecb11f25c39d7d85fc85cf1e95a281c13b17bd8a2005be0a1792bec3469105f1604b4b15ab8ea7900e40198f43033a56cde4a088e63d2e8f220f8

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-11-23.txt

Filesize
13B

MD5
de2c41a51ee9246eb1708f65b511add0

SHA1
2f442d634c8a18760a232c8829d4b5d74a52f074

SHA256
ad2d914ca347cd1930e32f21c6d5448c34104bea181b93abc85ec518985653ab

SHA512
7cdfbd001594503644e9ed80ae852f90ef9e841a8382e2eec6979e149a2c400a3b83055d205b4d1d66e1600e5127482932d5127eb5800d35a4ee5673fe34d84a

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-11-23.txt

Filesize
21B

MD5
656aa6c2bf935e573a2e5c628a244c19

SHA1
9756fb37d312a02ba4721e8a22c9be2c8c1c307c

SHA256
6b888d5c2c21688f4510bc0b8cb25b464129123efa92808b9936fa5550d6541d

SHA512
8e098e7d24b91499506cab82e2ea9da024b58d0795203e3a4e3b72f9ea7c2104971d48758b31e0d6cdaedf9f4d3f6ef8081ff873b93bfd4e8f164ba6f2051797

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-11-23.txt

Filesize
25B

MD5
09564c957523dbe8de4bd1e8527bfacc

SHA1
910a51aaec64ef9ad4f009335b49b9959770a39a

SHA256
c1e0f89fdeafc1b2ff9fe0edb4ca85bdc742d9a17b571f1e4acbce29c4ed488d

SHA512
a4808a315144da741c34d411be57c50eed03f871b1d074e764d766cf102e88ef1a0c79a424e68319d49f421062d9d32740d2625680602f1576c275dda48b5727

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-11-23.txt

Filesize
25B

MD5
6cb4a5f4aa853c1c7cc73c6971f5452f

SHA1
07a1a3886b7dd31b8366246c43c898f4c56cb48b

SHA256
c3d1451dd50950ee3ea2a511efe604efeaff0544f02b406b534f6ab4b85ebc3d

SHA512
d8ab53f279032949c0bb95228b071df1b08b490ddbcdc42254d43376f68c16b6b728869fc9ec94d0b323244081775a04d039e21b15fe5fde375074bfc14e08ac

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads