Overview

overview

10

Static

static

10

db1dfa8621...98.apk

android-9-x86

8

db1dfa8621...98.apk

android-10-x64

8

db1dfa8621...98.apk

android-11-x64

8

Analysis

  • max time kernel
    23s
  • max time network
    153s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    05-12-2024 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    db1dfa862113ee10429d0712b83095c22290c045aeb2454e22c61056f5f61198.apk

  • Size

    4.6MB

  • MD5

    74aae2d2f140e81c4847f7f2e45cc779

  • SHA1

    7788208c082b41f6bcd091892fa34b6533e93eda

  • SHA256

    db1dfa862113ee10429d0712b83095c22290c045aeb2454e22c61056f5f61198

  • SHA512

    d99aa28715f59c070bf0d1533b346a3ffd0a11dd3c8d43529b165afdfc9691b5f0b6a841ee8f6bc472b9d72fc07904168fc2e37788958e98fd6a5690d910e269

  • SSDEEP

    98304:E5in9HfrbmhT+3rYrk/bnI5INKi+8niAptxJi+4yH181OYCmIM0:0o2S2Mgi+8ictxR4yH18AY9o

Score
8/10
bankercollectioncredential_accessdiscoveryevasionexecutionpersistencestealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 2 IoCs
    stealthtrojanevasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
    collection
  • Reads the content of the calendar entry data. 1 TTPs 1 IoCs
    collection
  • Reads the content of the call log. 1 TTPs 1 IoCs
    collection
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • com.tencent.mm
    1⤵
    • Removes its main activity from the application launcher
    • Makes use of the framework's Accessibility service
    • Queries account information for other applications stored on the device
    • Reads the contacts stored on the device.
    • Reads the content of the calendar entry data.
    • Reads the content of the call log.
    • Requests cell location
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Schedules tasks to execute at a specified time
    PID:4727

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Foreground Persistence

1
T1541

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Execution Guardrails

1
T1627

Geofencing

1
T1627.001

Foreground Persistence

1
T1541

Hide Artifacts

3
T1628

Suppress Application Icon

1
T1628.001

User Evasion

2
T1628.002

Input Injection

1
T1516

Credential Access

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Location Tracking

1
T1430

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Location Tracking

1
T1430

Protected User Data

3
T1636

Calendar Entries

1
T1636.001

Call Log

1
T1636.002

Contact List

1
T1636.003

Screen Capture

1
T1513

Stored Application Data

1
T1409

Command and Control

Exfiltration

Impact

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.tencent.mm/databases/Dname
    Filesize

    32KB

    MD5

    1854505a3f6d683ed7eb81612934370c

    SHA1

    4f710add9a652d2fb92b7ce45589e27bf03f0b2a

    SHA256

    8100330a266f3027b929ea1bde99440ce4a544c9d9a0abb2ef0d1a73aa4cd9a4

    SHA512

    104a6e9c840b1fddd22ae579624a549c911abfbb48dc4454d3d231619c41a9abbf22f0dc5362a80c8c8245cc18566661f3645ac48c61259132886d4bf4678962

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    512B

    MD5

    7be091659ce2272ab2e21d4bae5809d6

    SHA1

    e5cf637ba91ff541033a87a23083c45308366fd2

    SHA256

    4535db29bb5e85abc2464d42ba07941d2248395d2029fd187293307ad04bab7a

    SHA512

    bdf10047a0d617472ed863f0bf6923fb103acf1d7592e392f09d7a8ac0e18034fa181e9476f5626da49c06258fcc30c483b04d55365a8d32f6bc3b8edd0548a9

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    b6af4fed2184ef6410f3a80df5ea1097

    SHA1

    954e96f3688db8a65ba16e55adafd1bd7c841d57

    SHA256

    e79dd06f8d7d0e8ddfdeeb81f77b0f06ac8ea2bcf1f0a2f676f6b50241b208f6

    SHA512

    f6775abc7ba1b1a91228f916e31ce8a6f5433addd99913282fbcf0325860914aee766b0c145cb101cbc0116f8e7e3af183aae53f999bd6329b7641520222fd21

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    a79f78807ec9a9c84dcfa50529f503d7

    SHA1

    975341663f995022011321b45db797b531ec81d2

    SHA256

    48042b5422a21778f24dda39815a72ac93e8dab21371dc83579fc3f1adaf6ac2

    SHA512

    fce4328d4e4f1765bf7e394bb828f4cd2e8823268fdda034e8396cbf64a529efe1be95f72bb97095e59a39eb7d8f960a158399f54a692faedad1c01b87cfad45

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    6a50ee02944f7bb3f371a0cb7431ec97

    SHA1

    2a18637f5ebe62e08518bcbf6fc7fe9c96eb0a0d

    SHA256

    6ad2e9db88f51c204324cc9882e01762be694c1f04e1bf38139042bdd7b20cb0

    SHA512

    a7723536b44ac9313741cdd03c2c99e9a81a20455616a7440d1f786b3c7ff3088dc0b12d1abef004a291c5a8e3f91b5ccfcab3e2fe5fc16906431cfd0db8a240

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    4899acc55ff8027c098da4419a161ae1

    SHA1

    ac67332958d27fa51daba819bec4a3032c707111

    SHA256

    3e82922ce45c24f3fc4d26c76d1bcc4d267c7bdf2895c925bef98f3b6301e880

    SHA512

    7b0a187085b407366aaebefd46b64c92b3b76e356f9e2a4721729ef315b582fc12b80951ec163afb76a7fd2334abc46edff74a9eff78d3455f33cf44dad5cf67

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db
    Filesize

    16KB

    MD5

    7539688f3c4b2aa5df3821036d74160c

    SHA1

    fba241093b5e24512d40afd1dd4a5801b5afac0d

    SHA256

    76bc3db077e55ecc1d5eb957d73c9be09942ee246b565aacd2887a68bbd8d4c1

    SHA512

    6f93a523d05844c4599af7599d484791e4c647271fa0219070ff8b30c8231d7371cc00a6dab8f7af9e903db42a9a86d3ccebe5645355122d10c06db2a9b45752

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    512B

    MD5

    8c9169e933769145c48231be38bcf5e5

    SHA1

    308b4413a4b41ce28dbde2d33a6efee48156018b

    SHA256

    7037586b1ab02f6b971c94c743420bcc6f2d4cf9cec806ec993220f81cb3ce9d

    SHA512

    81e68340ded966483f7acd393f6a118b3286fbcf35e248b4dc504983e67cd99db97fe1aaafd4978529ddea1163897ea17cd5664d573335da39dbd8df15378551

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    d791cd89507e75f4d685a1fa7dca6449

    SHA1

    c9bf4e3bd3977fc995be739553c9a11b5a7088d7

    SHA256

    cec1f31f39762a8204b2c564b8585595c7813178d6882bb3fd0bb4dee0ad3571

    SHA512

    8718b3399cd2e90c5ca70698c7db6a426d71b62292133f06f113d7e8c8bdb78b8aae092a9484c2907f28d12205bd70bfd26dff76a6e163c4bd64344706d8dc3a

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    cd44f3e97482a68b2089f0d14507ad29

    SHA1

    37089b27697307da4ff7bd0d8f8147b40c81b275

    SHA256

    d4acc9e1ded60a6bcedf1b03d2278c93b66b8dd5479e72e69c99af4f74877bcd

    SHA512

    0d6f4ba05bf7e8d273afa32f979679eaa4b8aad7ae0cad8331059d450731963e9ddf7c27dc5a1cf36ec818e6754b43dbace2420aaabfa9e0c4afd8f20dabd915

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    ccb7613cf0b3f075c1f86893967e6b8b

    SHA1

    e995a6104fe7e931bc3351f1a76780f2ac3d75ae

    SHA256

    9c128b86f2d17c1af68ba3ac660749a0fdaf48bef5424c5b6f5fff5932b63c1e

    SHA512

    1d49ddfbe5d33c18fd351026248a92642d5d29ec6a0cfd6680c3aa146f57445f404ebdf36f0d728963dd935ee6453e82dd229170c53e05aa2cffd6abdeba1702

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    a04bf07a3d6bf5fd937702cdc13df17a

    SHA1

    44067a7d56990b2f684a2d021fa65ff318edc110

    SHA256

    c2c959bc227f08171a7e1eb56812fb681dadcb0068fc91416d9059db44e7bed5

    SHA512

    9d9ca74ac758d64ebc647d2d0485b0ecf2c2d89018c08ae5ccb33fc3542a49ede19f4cd132b0bb13b932a528dea2b57e9fe8aec5334a9987cb4c203cf059f2e6

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    0ad7fb7a3cfffe75f0217f94ae3ae517

    SHA1

    6d4d23c6eac46d7f6ef88b1c764bd7ed34ba9781

    SHA256

    0a66986b92351b185be1132634bd6c863e7778ab4913f7e822bfc38f464d9902

    SHA512

    8cb592fe7407607e0d7c16b3952ac54290e9c023de1d7adf92ad8e38c3b9f08bb957f21149af7e85ffbbd93d04bcec5ba11d8971c45f44c9cdccd4bff5d76a88

    Download Submit

  • /data/user/0/com.tencent.mm/files/CallLogs.txt
    Filesize

    3B

    MD5

    58e0494c51d30eb3494f7c9198986bb9

    SHA1

    cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d

    SHA256

    37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570

    SHA512

    b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

    Download Submit

  • /data/user/0/com.tencent.mm/files/GP.txt
    Filesize

    108B

    MD5

    59ca2d7d6ad7bc4a1b874bf63f974265

    SHA1

    5a322d05f99118aac46fdac7774e8528d81b9d6a

    SHA256

    7bb2c2f1993dac8571358d0897685b3e84bad4587119c446f72e014137cfe855

    SHA512

    8aa933a31b5cd0f93ea5c1573638e31ca24d6848ce4c9d937034ae36ebcea3d9d8ce7ce8464eb0feb0b29202323fd73a00dc6c0c621ab5c91b13244ce9970e0a

    Download Submit

  • /data/user/0/com.tencent.mm/files/Tree.txt
    Filesize

    566B

    MD5

    901f66f6d26a1a133b6d2711221022ed

    SHA1

    3fbd56e4fda07be719b0085da17a55368a8bd267

    SHA256

    661f64e87e5f3700ba6d87e7e01d7b710f61109937ab45db2d9d8eb611c8f656

    SHA512

    cc276ff0e05044332bc3090cdbf0ae11cc49e7c40c5a5eeb7623450f13c5671033e6b927eabc96877517ecbc0b66f6b96625214feab9e2c74de8f1de9414eafc

    Download Submit

  • /data/user/0/com.tencent.mm/files/accounts.txt
    Filesize

    2B

    MD5

    d751713988987e9331980363e24189ce

    SHA1

    97d170e1550eee4afc0af065b78cda302a97674c

    SHA256

    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

    SHA512

    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

    Download Submit

  • /data/user/0/com.tencent.mm/files/netinfo.txt
    Filesize

    854B

    MD5

    5eb0038aa118b7446ae9734cb645b6e3

    SHA1

    4f377db756b52fa55f50395d8a3e009f68921be6

    SHA256

    a0625e7b73601fbf6a30a4477e6a69f396607bc54da84f620f12bec21bd4cca9

    SHA512

    929d4dfafa35f2973159d1c2954bada2919aa504b86d177061885f1d749063bde44b46b471c870bd732ef3cb8551b49f065a2d33ed8ec16cc7691eeb538f315e

    Download Submit

  • /data/user/0/com.tencent.mm/files/netinfo.txt
    Filesize

    854B

    MD5

    7ac10b47440e9bf1b6e0583920f30a1a

    SHA1

    26d263e675f5d596ea1a9c073a0100b83a2c1648

    SHA256

    9325377cd84e53c5cf7ea91056e2ca25f46f0ba573944ed1f72580b800726afc

    SHA512

    4a7ea27e6aad8df85aef13246e9e3685a142510ef686f119a5804512b72959aa482e29dd11b921a6758581ec6dad582a6df50f2e4367fc81b79e32e668447d0e

    Download Submit

  • /data/user/0/com.tencent.mm/files/pkinfo.txt
    Filesize

    10KB

    MD5

    b593d0594fc2e98f60b0288475ba950b

    SHA1

    1c10ef393a2666d7640ca45e663321019a5675fb

    SHA256

    49e287b4855336cc22b24d4f912538f43d226ddca9b322d769fb3ef0306d9411

    SHA512

    7ba2ceeddfbc8efee39b6a5d9f81001cca3e07d6d6311ae16e0eff38fd395567fa3236aa7f7b59def32a5a7ed27d24cd852b3936d32bd05b467dbd1ed8dcd40b

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-12-05.txt
    Filesize

    12B

    MD5

    e48057c3603c907cacbe1568a7dbfc41

    SHA1

    6e100086b53e20e499a9be069aa1b452faf82ba3

    SHA256

    4b36685dbf772b2de007f4c98f824966f4f3a132075692d3d3d8f11e84e5468e

    SHA512

    787e1140832e8c308039f0287ee801c00040544d5241425b0c0c8e8dc19ecf3feefa50706723f7a21be209c13b24ab3dbe0691ec42118fdfe18611b13155fb9a

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-12-05.txt
    Filesize

    267B

    MD5

    8dd2d88d2e878742f2265fbd96beb74e

    SHA1

    28fa0207e799473ae9d3727ad3f2bd64ccaac225

    SHA256

    3e213568449f8eb9888efc4a14d637eb38791bc5344e414020c1aa75ba5f8340

    SHA512

    5d9062b45bc973f4a4b3523ace17b6ae3314d4881bfea4050c6477a75f930a89020db4942c6bc207baaad9d9625f7340f0db87694e639bb1f39a021086af511e

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-12-05.txt
    Filesize

    12B

    MD5

    a9256f55737b655c8cff95418411997c

    SHA1

    d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24

    SHA256

    bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412

    SHA512

    10d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574

    Download Submit