Overview

overview

10

Static

static

10

rdp app.apk

android-9-x86

7

rdp app.apk

android-10-x64

7

rdp app.apk

android-11-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    154s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    27-11-2024 13:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    rdp app.apk

  • Size

    668KB

  • MD5

    42b08a0f6553f50044ba10b989252efc

  • SHA1

    5fd0999749439898b4bfcc88b6af52cf885e7090

  • SHA256

    1638d48b05daffdb02c6d15fa0e2325d9f00734ff5859ca2c606bb89a9edf621

  • SHA512

    7161cfbc772db28581710e7e5466fc7dfae5cf761c70445fb0459d0813627ba41e6ab0045117c355c1985853d6a2914da6363054fb2c2d320174928b191c55e8

  • SSDEEP

    12288:P9ky4l5eixfRFqJ4E3h3Xp9fGuzIw2IgXgUvk7vQusT3cgtN0FHmv6Rq21xg7r:2l5rxZFqn3hJ9fGOIPIgBvcvQHT3SFHk

Score
7/10
collectioncredential_accessevasionpersistence

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Requests enabling of the accessibility settings. 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence

Processes

  • splash.alfnet.viewappsnew
    1⤵
    • Makes use of the framework's Accessibility service
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Requests enabling of the accessibility settings.
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4258

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/Config/sys/apps/log/log-MjAyNC0xMS0yNw== .txt
    Filesize

    24B

    MD5

    8b7b3f50eed2777d6c50bdb3e883519c

    SHA1

    f3f04b5679105f5bd0efc3dda76aa29258ac006f

    SHA256

    3c5f2c9318209bfb1e85b0bc7d92b4c038881913854a4ea1fd7c4fa46cbd0dde

    SHA512

    037435b68e40006b82c78989d7ed7b4751b7026859f62c0c2ba58957638d75be284509b6fd108557fcf452d5696f8e03e32b520d56b37d8f3416a519b6c0dbc4

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-MjAyNC0xMS0yNw== .txt
    Filesize

    40B

    MD5

    3a71cc46a72de9883a7b8fa8cbe34ca1

    SHA1

    ef1bbdb281e546b3628a1a845b4941db1ca9e4a3

    SHA256

    c06d9e99f6ee253432eadfdfac6008e211182c3770fd883fd0ff6e4e08a5e201

    SHA512

    f65df913a1f4ecb920de54fb6c30ec52368e3b61043f9e37656f364d420f97d3a816ef2b0c6d9e770521e3cf1818cf9c5d689482418278b3c967a4d57c9bdf07

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-MjAyNC0xMS0yNw== .txt
    Filesize

    255B

    MD5

    111df1af0fa7dbfa25791175b4272362

    SHA1

    9013e05e4fa27e9c843f0ac82d166ace58626c64

    SHA256

    4c4aba413e281a3a94ab89c761482443de21ed01d69d619fd89543cdd3f21ea0

    SHA512

    dfed70f020ac1200853c021bad701472fb9bf1551c7f21d0ad6389c8419bbb783d961b190340288d6fc3f1b877b29bd5daa931da970300a351ab4f9c690b7311

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-MjAyNC0xMS0yNw== .txt
    Filesize

    20B

    MD5

    6517749f1bbb71259067623498b5b282

    SHA1

    a6d9677172333f7ec67d2ea8173b7b9b4959a3d4

    SHA256

    c20b6a646d477001d042d80b3bf8fb66674dd2bbdd9ccbcbb6681502bfcf1bc2

    SHA512

    37e556e90d4671eb629ab7c20a88a6c830da485d4087ec97cdf09fa827718550cdb0b8ca11bdac4585442a44586a82b338ecd6ee0f1178ce70a06a2cd2415cf2

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-MjAyNC0xMS0yNw== .txt
    Filesize

    279B

    MD5

    2eac6e4de35d912a325534adce4e1af8

    SHA1

    98d6e213548445f03d4d0fa80770feaeefba6bda

    SHA256

    65119b5ba27730637e3529c2219472703aa5e067b3ec3d2c812d95158b2653b7

    SHA512

    b80bd9ffe6ed5d6f46a219e7d7248d229e7dbcb7a9a2562129908125c9ab9a48a52fc429eae50a09b751b446cf5c2e1c577f39502dc60c435a0913a825f04dff

    Download Submit