Overview

overview

10

Static

static

10

db1dfa8621...98.apk

android-9-x86

8

db1dfa8621...98.apk

android-10-x64

8

db1dfa8621...98.apk

android-11-x64

8

Analysis

  • max time kernel
    28s
  • max time network
    153s
  • platform
    android-10_x64
  • resource
    android-x64-20240910-en
  • resource tags

    arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
  • submitted
    05-12-2024 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    db1dfa862113ee10429d0712b83095c22290c045aeb2454e22c61056f5f61198.apk

  • Size

    4.6MB

  • MD5

    74aae2d2f140e81c4847f7f2e45cc779

  • SHA1

    7788208c082b41f6bcd091892fa34b6533e93eda

  • SHA256

    db1dfa862113ee10429d0712b83095c22290c045aeb2454e22c61056f5f61198

  • SHA512

    d99aa28715f59c070bf0d1533b346a3ffd0a11dd3c8d43529b165afdfc9691b5f0b6a841ee8f6bc472b9d72fc07904168fc2e37788958e98fd6a5690d910e269

  • SSDEEP

    98304:E5in9HfrbmhT+3rYrk/bnI5INKi+8niAptxJi+4yH181OYCmIM0:0o2S2Mgi+8ictxR4yH18AY9o

Score
8/10
bankercollectioncredential_accessdiscoveryevasionexecutionpersistencestealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 2 IoCs
    stealthtrojanevasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
    collection
  • Reads the content of the calendar entry data. 1 TTPs 1 IoCs
    collection
  • Reads the content of the call log. 1 TTPs 1 IoCs
    collection
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • com.tencent.mm
    1⤵
    • Removes its main activity from the application launcher
    • Makes use of the framework's Accessibility service
    • Queries account information for other applications stored on the device
    • Reads the contacts stored on the device.
    • Reads the content of the calendar entry data.
    • Reads the content of the call log.
    • Requests cell location
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:5064

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Execution Guardrails

1
T1627

Geofencing

1
T1627.001

Foreground Persistence

1
T1541

Hide Artifacts

2
T1628

Suppress Application Icon

1
T1628.001

User Evasion

1
T1628.002

Input Injection

1
T1516

Credential Access

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Location Tracking

1
T1430

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Network Configuration Discovery

1
T1422

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Location Tracking

1
T1430

Protected User Data

3
T1636

Calendar Entries

1
T1636.001

Call Log

1
T1636.002

Contact List

1
T1636.003

Screen Capture

1
T1513

Stored Application Data

1
T1409

Command and Control

Exfiltration

Impact

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tencent.mm/databases/Dname
    Filesize

    32KB

    MD5

    0ec8d5e24581e56eb01c45155efe2049

    SHA1

    4de2aebc5e22d0420e54cb553c2739e50481e50a

    SHA256

    5bb1fd7e82a28019975971aae5f49b0eb2ddef4a943663b654ede402d2f7f616

    SHA512

    23f87b81f1b49b80a88b1eab7d5e08e7001486b135bedc434601eed4ab74b72804ae4f907ede18213454dfa9da7058692b012861170306adbe6b12650dd51fd4

    Download Submit

  • /data/data/com.tencent.mm/databases/Dname-journal
    Filesize

    512B

    MD5

    176574600e33d2f6a351cf12f02cc590

    SHA1

    5294269d2f5811cb4f35bc3c9d2be298dad0f747

    SHA256

    168e13c56890fad7ba37a4266b90e6729275783f81173f004a2b62a86240ad50

    SHA512

    8d09aa80c0298b7cd71e3a6e4810a5b98901b3b874e31ef63d1efceb47025903999b2b0978b71c49cc2df3087681772b215508c685287d78b9116a7644c63fac

    Download Submit

  • /data/data/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    cd73f2ad57ad7fb42d38ceb62706efa3

    SHA1

    082834f017dc5669cb697f3c3230d189b1bd588c

    SHA256

    63dfa559fa71fd2af4f93e0fc5d09c26ea1a72cd806b05221abc8552e0614328

    SHA512

    aa281fc0961db16ca0dd7ed1116e2d23492af03b457714b2ccb089a8cf06493f58a9b97cedde37225472f3b3bf2e2415b59422e4f3092a7547053e14735e6e84

    Download Submit

  • /data/data/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    0d4e7a8c211f7e514dee1b3da7bb4312

    SHA1

    4d2ab5874f6d53d2ca4c98ae20949c25890c531d

    SHA256

    4edaf1ac48e70400d1caa7500f7f35d05e10e91061a98fc00c471495379edcf0

    SHA512

    d0b1b3cc00c1897fdc13d3ac12201a80c2c8a289c97fbe89f7bd5118396fd09fcdbf57a1eb837c55d5574cf2be2d79c6e225b076c40fce6f3a691f16702c1f0d

    Download Submit

  • /data/data/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    a30b9fed2e25894a1dffdc32264b5b6a

    SHA1

    d68a2a8ca8f56239d722f9aa40e5e90571ee1915

    SHA256

    151254efc08c921fe3c4dcfd5378113d0f97661ccd8ea07b30d2447d908a22fd

    SHA512

    1fe7c94757113a6e86132bc1f0e1f3736e3643290005dd0dba13a6ac84408a965410f0377bbcc81844a95a035290a3457a3e136257a9e9bc42704d98498f12a6

    Download Submit

  • /data/data/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    5f0a7334823b90ed9fbc0a17a82b12a7

    SHA1

    a4b09f4d212f4f42b1614c0985997049d34cfcb2

    SHA256

    de09d68ef777697fa5e3da30eb9ec11476b7c1a4686b3ced091ea2379fe9ff68

    SHA512

    c8fe55d97a1c1f0e0115263bc415dd4fd1d76b37562d9be99e10808cafc085d6d4378f9afeda2e02a4c89cbfc4f4ddbc46677ff1d177c87244f53d4fc00b78ec

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db
    Filesize

    16KB

    MD5

    cf8a1273234f469b83cdc155f99b9f2a

    SHA1

    5408fecf16641c1c07a9e924018d055fab933b93

    SHA256

    5297a21d90e781a64d068104168a9f2ac535ffb37f53dd222378633cb03908b4

    SHA512

    98b5368f370dafb9765cae81a13246977d85042adc6d4133cf21d76b93cfa8a466dc13628daa3559fea4ee656034ad50def0d235e346c2bfb88dbd4bb9a64d5d

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    512B

    MD5

    be15c7763985ee2ae1ae300fc955c6f0

    SHA1

    f5f4c1503127ed65322ef8757b8c9d62fed6cb32

    SHA256

    33079f6f0158967680be63224755a0ac2cb9329e206e1363828a520bbefb2a20

    SHA512

    02b901130877cdb7e39faf7d71b4bf3e8da24918654b86855847c619ce5623291ec70eea1494299be2fcffcda2fad68a61fcab33afc8ecbbdc491caf8be76d8b

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    f103914006a3e4146a6d99d3cb57011a

    SHA1

    775a3abb25ad646520362544d51987d4cac0e92e

    SHA256

    027147dd2cb8247c77c546c98e435d6991c2668e0f84f2b1d316bc0285f63e74

    SHA512

    7d2e4ed6dcaba94a5f14c13aa7129efa5fcaac6e7d884dfa8029f4154c8ea0cd4478506cddac5b798398f3ce4009a664c5819549461979bc6e4b5a8435af97ed

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    78eb5a62a9a6bb97c4aacb31bff90011

    SHA1

    f8c005a765afe06110e0bdbfd0a59a4da56943ad

    SHA256

    965893bb26f198676bda18025a26d9e111057b5e943c97ca26fd5fb8b51c88bb

    SHA512

    131cd512732ca35a640ca6787db20d5fdd1e330127e441e3848de38d1f6588f271646e8498eee48c2caba99e959ebf5bd2fd55c0e4ab3c778010f4dd8af0d7c1

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    a17dd0f4d638f2f6b33dfa4eb50084fa

    SHA1

    e53873570308884b7e57c62a67c9021b7aa0255b

    SHA256

    e843db98d7336e7938f5563001b07cfa843678f368966ebcb1957be18d525ca8

    SHA512

    49bd2016dd240a7a20eb0bed34aab8fafe7a8fb18aa4c86596dfcb29dd8564d71a8c92b9ed684b2b2ba9b5ca1ca5f77bff062600f716ea89dfe405553263cc8a

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    80ecb7cc179b77e4612372cefc27c460

    SHA1

    fd7976e421e360d450a37eb364bcd8d61e27d0fa

    SHA256

    2cb7c4b4548cad648ba19ea80851a51b1e24c465cd2beffcfd97cb9ec00a5782

    SHA512

    8759d71bde56f818886a189424c5d0b09570d0a9503c04573611364b99940f414d4ca04bab3b66168b75213e35b543dc7e3df33317c0242df3c93867f70bfde4

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    75d4b4c7fd92f910895722f39ef09b52

    SHA1

    65ac0fd227b63b9715ec27b7a9ef747ac2536eff

    SHA256

    662e2ba9eda286f04a16c2bd2492aa70d8ef1097a6259052b84a53e2969f2fb4

    SHA512

    f75f6c44854260723245a17be1f5299d738a9c0a39205488b5a2df5bdf15a45e783a52ec427bc7b6e60692a419e11cc39ffebebfb752e86d4ba1bfd484b11772

    Download Submit

  • /data/data/com.tencent.mm/files/CallLogs.txt
    Filesize

    3B

    MD5

    58e0494c51d30eb3494f7c9198986bb9

    SHA1

    cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d

    SHA256

    37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570

    SHA512

    b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

    Download Submit

  • /data/data/com.tencent.mm/files/GP.txt
    Filesize

    108B

    MD5

    ce796f01453ec63fe43cb601ae3ee57b

    SHA1

    a8ffb013048bfd1046ad0d7423240efaf448cabd

    SHA256

    17f721f29af85ede0460dd94b24f2f6d040bb73a7bada565e4e1e266b4eb31d9

    SHA512

    0e1c8b1064e4b84b41b9ee9d324b594a785fb75aef722504e615bdaa8c6e15dfb8d5d8767af2483af2ebf09f2db5800830c56b38d11b2c5e3a6221878b7e0d73

    Download Submit

  • /data/data/com.tencent.mm/files/GP.txt
    Filesize

    126B

    MD5

    15cb8dc0cc173805a7c5ef9f60f1ed1b

    SHA1

    79baab9c0b3246bd4dd8c078141b65358ea35934

    SHA256

    007435ad346951daed9c14c7f0bfd091c17164ae14710869d75241b5681c7257

    SHA512

    dc600382f2cf04e092c2963a13568e57b9c257a9395a00f06409a7e3baa72c2b2c4abbc1a5135181f90d5231c527fc3513843c9442887b4b898c9bf0105b117d

    Download Submit

  • /data/data/com.tencent.mm/files/Tree.txt
    Filesize

    515B

    MD5

    d3d628e2fa10bfee07b8887388fe5a5c

    SHA1

    10759f7fb194718ac1707fdd29dd63525453eb84

    SHA256

    e1080701316087c41f56c031de89c88ccf6be7e25cab94fb422c28acde3fa371

    SHA512

    0aac76e9107dc670e54ac7984beecd35eee50937e152da07762f0820a7547041b9d2b8ef277fe11c47548b75dc1416cc71f85b359f2a7cae710c341497c05f42

    Download Submit

  • /data/data/com.tencent.mm/files/accounts.txt
    Filesize

    2B

    MD5

    d751713988987e9331980363e24189ce

    SHA1

    97d170e1550eee4afc0af065b78cda302a97674c

    SHA256

    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

    SHA512

    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

    Download Submit

  • /data/data/com.tencent.mm/files/netinfo.txt
    Filesize

    827B

    MD5

    375db91eb0ef4abc60750ac55c4aee4a

    SHA1

    180a5872a726855efbb67ddd429dfb4f58941e49

    SHA256

    c5bea58ef37289714bf4a9900b5513b3528f48cb48e5a8a67f3a11599672e095

    SHA512

    aebb31d7b5c9d912410c2273f37e32d95d2081e234647539a46ab2b6458e23c7b1b20131cf5b03f24d2f7060d5eca015f3445b48a8fa82126a3d6bbd0c2d79f9

    Download Submit

  • /data/data/com.tencent.mm/files/netinfo.txt
    Filesize

    827B

    MD5

    f4ec0d8235b172e056f50ee8a96ddcfa

    SHA1

    0e782fde0f9dc67d437397ae06fdc98c1d775327

    SHA256

    6a8f80e4f1b741a93cd7183f88f7e1cf175465f149f8200c6f34a9f7bd59aa0f

    SHA512

    3dcd86e7444157ae104f9665cfdc07227d28db5a48879e875381cf1d436f5a68a0b31ab083aad078784365ac1b279b21c85b2487c0a1d7f83fd0c8ffd6b318e1

    Download Submit

  • /data/data/com.tencent.mm/files/pkinfo.txt
    Filesize

    9KB

    MD5

    de42df6381f44c0dc45891054c656259

    SHA1

    5a76c1ad2ff42094034a18774912bfaa79489c29

    SHA256

    51c06cbd2eee387145a0eac5b55b387f2da3797cfb737cbb151aacc1b145e747

    SHA512

    700f8a3e85a7ea4f1d15aa3046d6c96ef898ac628b797616f94737570b802ee22db555e4d81c3fe91a90c3c92e9bc45aa940d55dc2c876a6488387743eabc037

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-12-05.txt
    Filesize

    12B

    MD5

    e48057c3603c907cacbe1568a7dbfc41

    SHA1

    6e100086b53e20e499a9be069aa1b452faf82ba3

    SHA256

    4b36685dbf772b2de007f4c98f824966f4f3a132075692d3d3d8f11e84e5468e

    SHA512

    787e1140832e8c308039f0287ee801c00040544d5241425b0c0c8e8dc19ecf3feefa50706723f7a21be209c13b24ab3dbe0691ec42118fdfe18611b13155fb9a

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-12-05.txt
    Filesize

    267B

    MD5

    ca83936d0c0ffdb4a991046e32ccc956

    SHA1

    6d34827e6fd5b8f716cc5f7d7843b581713aeab3

    SHA256

    b50da55ec1fcb8d0589b49d5b3dfef915d77f3dbb24416bb1305441f81c507d2

    SHA512

    61bb1d4d033b0ddfa7ae802d5732c00af6db3aa5bcfbda0c60a0f12bd9fbbbd03123990c55d5abbd3d6e967471101b82e409f1620a73a3cf8c627452f61440d4

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-12-05.txt
    Filesize

    12B

    MD5

    a9256f55737b655c8cff95418411997c

    SHA1

    d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24

    SHA256

    bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412

    SHA512

    10d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574

    Download Submit