Analysis

  • max time kernel
    124s
  • max time network
    132s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    01-12-2024 22:03

General

  • Target

    fb034abe26c258845c226a4d2c65d0266e0d74b6f6ef37c25a86a3acbbfdc353.apk

  • Size

    3.9MB

  • MD5

    a8867673095f5e4be8e5a76ddbdec4c3

  • SHA1

    a443f19c03e49927884899da8fd69745e7672d0d

  • SHA256

    fb034abe26c258845c226a4d2c65d0266e0d74b6f6ef37c25a86a3acbbfdc353

  • SHA512

    2807b0c2d1ff9674399ceb0315b87da1e40b30d9b1ab4123fa2d41e03c4f1b8a675f9f99675d7dfcbbf35750a2c1eff4fc86f0d22810b4b066ef74b44000fc11

  • SSDEEP

    98304:fYX3sLQmf2g5hP75IPe2P4OH3BmNhqM9U2s1xorcIuOb8LYZ:fYsVhtIPeO4OHR20MworcIUYZ

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs

    Application may abuse the accessibility service to prevent their removal.

  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • com.overtrample.unlatched
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4438

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads