Analysis
-
max time kernel
124s -
max time network
132s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
01-12-2024 22:03
Behavioral task
behavioral1
Sample
fb034abe26c258845c226a4d2c65d0266e0d74b6f6ef37c25a86a3acbbfdc353.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
fb034abe26c258845c226a4d2c65d0266e0d74b6f6ef37c25a86a3acbbfdc353.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
fb034abe26c258845c226a4d2c65d0266e0d74b6f6ef37c25a86a3acbbfdc353.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
fb034abe26c258845c226a4d2c65d0266e0d74b6f6ef37c25a86a3acbbfdc353.apk
-
Size
3.9MB
-
MD5
a8867673095f5e4be8e5a76ddbdec4c3
-
SHA1
a443f19c03e49927884899da8fd69745e7672d0d
-
SHA256
fb034abe26c258845c226a4d2c65d0266e0d74b6f6ef37c25a86a3acbbfdc353
-
SHA512
2807b0c2d1ff9674399ceb0315b87da1e40b30d9b1ab4123fa2d41e03c4f1b8a675f9f99675d7dfcbbf35750a2c1eff4fc86f0d22810b4b066ef74b44000fc11
-
SSDEEP
98304:fYX3sLQmf2g5hP75IPe2P4OH3BmNhqM9U2s1xorcIuOb8LYZ:fYsVhtIPeO4OHR20MworcIUYZ
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.overtrample.unlatched Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.overtrample.unlatched -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.overtrample.unlatched -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.overtrample.unlatched -
Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs
Application may abuse the accessibility service to prevent their removal.
ioc Process android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.overtrample.unlatched -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.overtrample.unlatched