Overview

overview

10

Static

static

10

tg.apk

android-10-x64

7

tg.apk

android-11-x64

10

tg.apk

android-13-x64

10

tg.apk

android-9-x86

7

Analysis

  • max time kernel
    97s
  • max time network
    132s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    01-12-2024 21:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tg.apk

  • Size

    3.4MB

  • MD5

    00ea37c8d4d22cc8e0d5438121368140

  • SHA1

    f36242b33a26bdc3b0f9e43581e9d52bfc76c353

  • SHA256

    3b8ff929d8a1b47164901c932af1b77f56f0ddeb83db3064fd6fd49a2bf50c59

  • SHA512

    bf894f36848699afbbbdb1d2245b1523112c7cfcc380714d2ee52fed9e392f8a682a3f05900db56a1acddf4ec9185421eb7b2041fe1ee901339a7a177f467149

  • SSDEEP

    98304:A67LxA+PscPoX0eItCneBvAj3NeDP1QhA5PrLYjQV:/7LxA+CFItCneBIjd8dQhaPXY0V

Score
7/10
collectioncredential_accessdiscoveryevasionpersistence

Malware Config

Signatures

  • Checks known Qemu pipes. 1 TTPs 16 IoCs

    Checks for known pipes used by the Android emulator to communicate with the host.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 4 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries information about running processes on the device 1 TTPs 8 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Acquires the wake lock 3 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 3 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Reads information about phone network operator. 1 TTPs
    discovery

Processes

  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Queries information about running processes on the device
    PID:5059
  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Makes use of the framework's Accessibility service
    • Queries information about running processes on the device
    PID:5207
  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Makes use of the framework's Accessibility service
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    PID:5292
  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Queries information about running processes on the device
    PID:5348
  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Makes use of the framework's Accessibility service
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    PID:5400
  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Queries information about running processes on the device
    PID:5545
  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Makes use of the framework's Accessibility service
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    PID:5600
  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Queries information about running processes on the device
    PID:5657

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.example.mysoul/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.example.mysoul/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    d9b4a08b0b0b79c1cfbd4df06e7881c7

    SHA1

    93324b815d34c5c7b018146a7403d31c3875e276

    SHA256

    c19e4ce5f09bb5bc2c75bb942df467d02e38aa4c7f137f533e40a6f9fe2ab55b

    SHA512

    6693a932dc0a397d199cc19bb510601e3b653c2e70befe9737d370d6ecb751321ffaddbbab5ee3a13cdb55d5ea7b217c113ebd34fc9d0ce26db4658d2b3a4060

    Download Submit

  • /data/data/com.example.mysoul/no_backup/androidx.work.workdb-shm
    Filesize

    108KB

    MD5

    7b3e0a81d46e9db66230a8506279fd5b

    SHA1

    d32ba238b0ce273513cae9ddcc87fe1484027fa1

    SHA256

    562c93e4a64d140e3685fd7ae86361480e410fb414d8f6cdd64a1a8e4201734a

    SHA512

    5462bbcaf558120d49d09d45bd0aae82c03b17922da2bd057bb56c0a1bb927adea57bc313f5df8488c44122ff466f73d105d1abd6e3ec2c9dd822d13e4518378

    Download Submit

  • /data/data/com.example.mysoul/no_backup/androidx.work.workdb-wal
    Filesize

    32KB

    MD5

    26a6748c63faccaf93411353ab4f7a75

    SHA1

    d8c4a1d2c999c97a5c97e2e97c632c2cfe8a7ec8

    SHA256

    bdbee3e628697c847a06a5ef5d75167c29ea2c0aefe3cbf637900c6e9dce77ec

    SHA512

    e152c0b82b5aabae7524669280a82df4b4ddbe919f07af44e9e3b31e057cd0a1b5a47bb8d9bcde6e1ee018e8a39336de56c28b21d1e5824347d47fdbfc1f844a

    Download Submit