Overview

overview

10

Static

static

10

app.apk

android-10-x64

8

app.apk

android-11-x64

8

app.apk

android-9-x86

8

Analysis

  • max time kernel
    299s
  • max time network
    299s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-es
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-eslocale:es-esos:android-9-x86system
  • submitted
    03-12-2024 13:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    app.apk

  • Size

    5.5MB

  • MD5

    a0d8a46bf254f3ab5475df954e051c4a

  • SHA1

    e462168dad636e41a672c8796b1bc2dae7ed3ef0

  • SHA256

    a4e6b5da2e3ff0aeba40b078e64e3062915cbbd243830078b1af5c419f9df3b9

  • SHA512

    eff19dd00daaeb28cc94c023fcba6edf5691be6a6485efc9b113bf89918eb4d117bea9277eaaa5f61dadb3bf25bd58fe13be121e30967ac3b9c93300feed1d69

  • SSDEEP

    98304:XgNNhKyNM+asG10Ob4aKRHOAvI/jJJr3mzPzB3T0W0tIJ2+h:XgNNfasy0ObRKRHFI/jJJ6zpmuV

Score
8/10
bankercollectioncredential_accessdiscoveryevasionexecutionpersistencestealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Acquires the wake lock 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 16 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Requests enabling of the accessibility settings. 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • utc.interests.sq
    1⤵
    • Removes its main activity from the application launcher
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Requests enabling of the accessibility settings.
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:4238

Network

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/Config/sys/apps/log/log-2024-12-03.txt
    Filesize

    25B

    MD5

    240ea862bee5b7a7d31a5121d117f271

    SHA1

    da9bc7316d3e1411a4517ed88ac4e87b17f285ce

    SHA256

    1a8161cebb9edc4d74afdecd3dae1cae4e6a1ca57c9f39402f376d4c23edf7d7

    SHA512

    e5ea0c0501a7ae6a6774e51915e0a2c8cca7b641bea37011d6d2a73a4a528fc586cc6884f1d2dd5f31a4d3bc5877e45d031790ad8ffcab60516f785468dc51c2

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-12-03.txt
    Filesize

    37B

    MD5

    ff7fb314d8ffebd5ae62696829b7c5ef

    SHA1

    b660b0a9510ab4ecba0f3400eccb91abe14598ff

    SHA256

    35683f309572da253ec385977bdc98cd7e788410525f8783a7a044ac0f4389b7

    SHA512

    b5369ad572ce5a5ffc4a9e16a90488b0a950627133c09cee68dba62b920326a567bb031e67d1d71ef8905a00116c1cc2945e4a669256c991abb092be9715e159

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-12-03.txt
    Filesize

    25B

    MD5

    ba30336bf53d54ed3c0ea69dd545de8c

    SHA1

    ce99c6724c75b93b7448e2d9fac16ca702a5711f

    SHA256

    2d6988fb5afdaafc4e33fa1f71d6f10c95ab5a49a8ec820add5b13eef05439af

    SHA512

    eea34ca526e03349e746d3687ea660b4748f0174fe2ffdb65161e232e08630b345e03329614852ce881a71362ba68575e9dd08fa361a416e5b2fb231e21a0a3e

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-12-03.txt
    Filesize

    754B

    MD5

    d539b51f49e7256e8b2f2bd5d96ee15c

    SHA1

    f0ac3839e002aff4899b9180740e11fe28caf463

    SHA256

    a01d77f51d6875e0945e409c927920e9e7511ac77ac88b93040026f58b01bc41

    SHA512

    b10d8427c80521072bf26dd83b2b330339a5b585bb34132b4688af2b75f0c99ebc93f8223f3aba48844796fae270ab6a38b9fbe9d48c3ad36e32d6904f02bf70

    Download Submit