Overview

overview

10

Static

static

10

e57565bd3f...e1.apk

android-9-x86

7

e57565bd3f...e1.apk

android-10-x64

7

e57565bd3f...e1.apk

android-11-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    156s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    02/12/2024, 21:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e57565bd3f398508321470f857dfb07c195ed9b7b494ba00dc7c407ac8b8f3e1.apk

  • Size

    3.9MB

  • MD5

    ba1c2891d626401c5e1eb5b677ef2804

  • SHA1

    4a541fdc55f63fbd24474587920d161af0adcf8f

  • SHA256

    e57565bd3f398508321470f857dfb07c195ed9b7b494ba00dc7c407ac8b8f3e1

  • SHA512

    1cd3b9e99d6008e3a88da594cb1899ad0462b8fb77c490fbdd26cd96f5abe43365c0b841e4aa9b3057f91378595e82d5402ffd8446e3e89ec8aaf4419899063c

  • SSDEEP

    98304:Ehindhin69hinmhinyhin0hin1Ob4JiQZUR0szTZBUUk2ai52SzZzE5:aC7C6bCICECqC1Oaviq+TZBUUk5i52aW

Score
7/10
collectioncredential_accessdiscoveryevasionpersistence

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 16 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
    collectioncredential_access
  • Requests allowing to install additional applications from unknown sources. 1 TTPs 1 IoCs
    evasion
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Requests modifying system settings. 1 IoCs
    evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.iptvpro
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests allowing to install additional applications from unknown sources.
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Requests modifying system settings.
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:4255

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

1
T1541

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Subvert Trust Controls

1
T1632

Code Signing Policy Modification

1
T1632.001

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Access Notifications

1
T1517

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

System Information Discovery

2
T1426

System Network Configuration Discovery

1
T1422

Lateral Movement

Collection

Access Notifications

1
T1517

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.iptvpro/cache/~test.test
    Filesize

    4B

    MD5

    098f6bcd4621d373cade4e832627b4f6

    SHA1

    a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

    SHA256

    9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

    SHA512

    ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

    Download Submit

  • /data/data/com.iptvpro/files/db.db
    Filesize

    40KB

    MD5

    c9ba8af2c46cfab6a421f96b0c7a4aba

    SHA1

    7cf335d13973adb71de16c9683c65326e04d0107

    SHA256

    c4ddb071f51d8ccf2ae17406c75498de55d820371a8b28c77197a127d131863c

    SHA512

    0fb0dc739a67f5dca3872f616adbbf361a82075411e17a3d6be06d7d52126b284f2119524d9ea47c251d77752b4802727d1499f015977616dc8ddcdd40309afd

    Download Submit

  • /data/data/com.iptvpro/files/db.db
    Filesize

    4KB

    MD5

    23a900124cc1be12cb153919436e517e

    SHA1

    c3090005da02b93ca8a6a3261ab2f57e0c4252c8

    SHA256

    4ac83031e1631aba670f1a1b79050e28f8b5769cbd9b2fe3d0ed64f999938856

    SHA512

    5846481036919c99f172ac88632af94d6f0c9b548baa92623136c9c80e7dd64c3c8f5835cf33fef0638f7bcd72146e696019a11243297df165c82e8f5985b259

    Download Submit

  • /data/data/com.iptvpro/files/db.db-journal
    Filesize

    4KB

    MD5

    5d0f9a3bc9e11bd04bec644987196698

    SHA1

    fb3898e575f4f130b4cc9f56fe4fc3a7d0d9b6cc

    SHA256

    c61011b66204a8a20acb3be7ee3b04acbc9eeeb0c602bed9c44dffe6f2eaf7fd

    SHA512

    c63734416cd6fd1cae78aab8ef15ee98f0a23b3eca42534d936821fd2cba0f49dd07919014121e8b924f1ddfd9f2a517d9415a8a165a88f69755986fbb6ac2ff

    Download Submit

  • /data/data/com.iptvpro/files/db.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.iptvpro/files/loading.gif
    Filesize

    32KB

    MD5

    fdd25b949d73bd4382094f4a43c3b9bb

    SHA1

    f7b4e3938b71825596003f36d057fceb8cc5e0e4

    SHA256

    7b21a776bc72f9f2ff45d9d35b3b06b5bc37ab43f12cf377d215ec44912adfe1

    SHA512

    c9d4daabb28457033a44dba65365acc98be1d8b331665c3b614337c13719333aba1dec177d8a4aee3ae326fdbeb7d925c4bb9ef3215230a48b2b7b2b9cc12afb

    Download Submit

  • /data/data/com.iptvpro/files/txtscreensize.txt
    Filesize

    11B

    MD5

    1b65c10c6215685f9d621d797f911373

    SHA1

    cc50aaed5cd521a62ec8cf9fe0413153ec90f265

    SHA256

    2230c2b2787663a054c47450ecd1718f0296853ad768b8e5d306ecb912685e89

    SHA512

    5a9139f295dbe384b1584eff5c11f3f86759232f7b661b75f27fe92b996b4cdc0552e315f79b26f5f2c1f91756d9ae04cf0c3675b6172e91a3d373b9b314496f

    Download Submit