Overview

overview

10

Static

static

10

app.apk

android-10-x64

8

app.apk

android-11-x64

8

app.apk

android-9-x86

8

Analysis

  • max time kernel
    298s
  • max time network
    310s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-es
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-eslocale:es-esos:android-11-x64system
  • submitted
    03-12-2024 13:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    app.apk

  • Size

    5.5MB

  • MD5

    a0d8a46bf254f3ab5475df954e051c4a

  • SHA1

    e462168dad636e41a672c8796b1bc2dae7ed3ef0

  • SHA256

    a4e6b5da2e3ff0aeba40b078e64e3062915cbbd243830078b1af5c419f9df3b9

  • SHA512

    eff19dd00daaeb28cc94c023fcba6edf5691be6a6485efc9b113bf89918eb4d117bea9277eaaa5f61dadb3bf25bd58fe13be121e30967ac3b9c93300feed1d69

  • SSDEEP

    98304:XgNNhKyNM+asG10Ob4aKRHOAvI/jJJr3mzPzB3T0W0tIJ2+h:XgNNfasy0ObRKRHFI/jJJ6zpmuV

Score
8/10
bankercollectioncredential_accessdiscoveryevasionexecutionpersistencestealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Acquires the wake lock 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • utc.interests.sq
    1⤵
    • Removes its main activity from the application launcher
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Schedules tasks to execute at a specified time
    PID:4433

Network

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/Config/sys/apps/log/log-2024-12-03.txt
    Filesize

    29B

    MD5

    e11050189ab9db6ae3a690401168fd98

    SHA1

    6cfee6a75711649c698dccfd9b5030cdf64f1440

    SHA256

    f9927654b197dff766b2eea93a9617de5868b6b45674a27b910e5625ae585406

    SHA512

    45aee686f9ff0521d6d0ae00839eee4bce91350b9d784ba44f2eb8283e9304651e5924bddb9770a6204c8c17db2ebda9d0342439760543542490a9f5bfdab37a

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-12-03.txt
    Filesize

    25B

    MD5

    240ea862bee5b7a7d31a5121d117f271

    SHA1

    da9bc7316d3e1411a4517ed88ac4e87b17f285ce

    SHA256

    1a8161cebb9edc4d74afdecd3dae1cae4e6a1ca57c9f39402f376d4c23edf7d7

    SHA512

    e5ea0c0501a7ae6a6774e51915e0a2c8cca7b641bea37011d6d2a73a4a528fc586cc6884f1d2dd5f31a4d3bc5877e45d031790ad8ffcab60516f785468dc51c2

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-12-03.txt
    Filesize

    37B

    MD5

    ff7fb314d8ffebd5ae62696829b7c5ef

    SHA1

    b660b0a9510ab4ecba0f3400eccb91abe14598ff

    SHA256

    35683f309572da253ec385977bdc98cd7e788410525f8783a7a044ac0f4389b7

    SHA512

    b5369ad572ce5a5ffc4a9e16a90488b0a950627133c09cee68dba62b920326a567bb031e67d1d71ef8905a00116c1cc2945e4a669256c991abb092be9715e159

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-12-03.txt
    Filesize

    25B

    MD5

    ba30336bf53d54ed3c0ea69dd545de8c

    SHA1

    ce99c6724c75b93b7448e2d9fac16ca702a5711f

    SHA256

    2d6988fb5afdaafc4e33fa1f71d6f10c95ab5a49a8ec820add5b13eef05439af

    SHA512

    eea34ca526e03349e746d3687ea660b4748f0174fe2ffdb65161e232e08630b345e03329614852ce881a71362ba68575e9dd08fa361a416e5b2fb231e21a0a3e

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-12-03.txt
    Filesize

    280B

    MD5

    7a5e8ba8f9fbb461170fe2f65c88cebe

    SHA1

    98852d3848c5150a16c52dc166297b5573fa6aa9

    SHA256

    ea57ec2b4d03cb57b01ac469d4b4d1e16576687ba0de4fb847d6ca4c37c9d3b4

    SHA512

    48bd937925e4e19b9f266059812a3252bc7f23e3384246ec355cfcdae2e94f28436f4a432c398805af99a17c5ea94a7d1d1f88f6257412bd3aaaa9bcbfa33ae2

    Download Submit