eb94a5d3e88728af8ac28f39da4e38568f700ba293140509e26468ac41965b17

Analysis

max time kernel
299s
max time network
302s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
06-12-2024 19:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ready.apk
Size

9.3MB
MD5

42ab457eb1233fd161f2a0b1cec5ce9b
SHA1

8182b8e41d738f140d3b2d118d5357bb91da88eb
SHA256

eb94a5d3e88728af8ac28f39da4e38568f700ba293140509e26468ac41965b17
SHA512

2f922490baf5535fd0950f2acad6cc9d7a2763f248a66982b9678547b87dc6a32e761f86ae40a6c47bfdf5627f80b7afb2c4cc69ef4521132eeebea9636a6b22
SSDEEP

98304:YcgIs3Tm3zOcSiRSM6oeWmz3zBITU0tIW9ik:YcgIG4aMhehzqHp

Score

7^/10

collection credential_access evasion execution persistence

Malware Config

Signatures

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	give.financial.crack

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	give.financial.crack

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	give.financial.crack

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	give.financial.crack

give.financial.crack
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Schedules tasks to execute at a specified time
PID:4362

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Foreground Persistence

T1541

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/Config/sys/apps/log/log-2024-12-06.txt

Filesize
13B

MD5
de2c41a51ee9246eb1708f65b511add0

SHA1
2f442d634c8a18760a232c8829d4b5d74a52f074

SHA256
ad2d914ca347cd1930e32f21c6d5448c34104bea181b93abc85ec518985653ab

SHA512
7cdfbd001594503644e9ed80ae852f90ef9e841a8382e2eec6979e149a2c400a3b83055d205b4d1d66e1600e5127482932d5127eb5800d35a4ee5673fe34d84a

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-12-06.txt

Filesize
29B

MD5
c46744d203fdd95cdf02ef318c3fe0c1

SHA1
ee5a9efc8cd37f332ea3cf5151c0cf833071fee7

SHA256
959a63c140da13694fcaae969ddb907c8e4c0bb70244496b739f071195a7fe89

SHA512
6ae2d80890e380564ff8538926f5465ce223868e3624f1bce9542af09e527c2487fb87e5ed64be9e8b6e9119922a263b05ed7fc95edb78353443a1f59c731e82

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-12-06.txt

Filesize
21B

MD5
bf1e71fcab1e0507d2d340f0772c4154

SHA1
0b1925561d928ccf313d394fe0dab949ea458c5f

SHA256
682b874fa8cc5ddc0347fe255723835811609b1c0b03e020c563850ac53e1286

SHA512
f3e8cd392dc394389ada67fd5c5ac5d73b1540f064708420e7032dda3b7e2ae0d2c56642809b699d740ee40113cec399afcda6cbf77f9bbdbf6a11e752ac7518

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-12-06.txt

Filesize
45B

MD5
11e464064dcae11be7956bbd5e854dc1

SHA1
33f37d3846cab06a54e791fbd683e5c6359add58

SHA256
c47b1353029508b39f7b6c7660a73a6434fc47c67acbcc5fc0a4d536484594d5

SHA512
02bc0a1469cd93bb63027291c7e9ccf21a0cdebff5a56996b7e03f92020b40dbada10bcd09ab41e29415bda65d9cafe948415a9542af897fd9561560adfb3ba4

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-12-06.txt

Filesize
57B

MD5
785526464d29c254ba766d3f5f8cbeaa

SHA1
0088564925a1e806ac26a8356365b74b6d1bd56c

SHA256
3bf774d2537bfb18cd211630449c4103cd03bacee2f95478a1c1cf6dff1b12d7

SHA512
6b04e61d4c2b5e34cca4c29f9b09a6b49445e812a09fee210b34835adbccfd63a547faa4023da60ecdc98e3ade635af23eed667bc9680e8debf834b1e38bda85

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads