Overview

overview

10

Static

static

10

latamAirLines2.apk

android-9-x86

7

Analysis

  • max time kernel
    88s
  • max time network
    89s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-es
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-eslocale:es-esos:android-9-x86system
  • submitted
    09/12/2024, 07:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    latamAirLines2.apk

  • Size

    14.0MB

  • MD5

    cd5939950d495ac26b4252e0214d0574

  • SHA1

    1fcfaff96a0099d338ad11f5f1d0dd45825ff684

  • SHA256

    1ff6cb1101b94809c6138bf221235469c9690fe45bd844f5c918e61b71db13ef

  • SHA512

    d939312999aefd5c71d3b7226c7c5eaafb94c237c28bdd2c660ed2d015b4956361d70cfc340fb792741ee5e2a3922096c3334b3c446d9c7c3628b84247d8a3a1

  • SSDEEP

    393216:9C9cpMJqxX+4j9TUXJ3hL9cw7h9c8oDVgKww:9COMgpTU2kh9pAVHww

Score
7/10
collectioncredential_accessdiscoveryevasionexecutionimpactpersistence

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries account information for other applications stored on the device 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Queries information about running processes on the device 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 3 IoCs
    impact

Processes

  • com.fdsaf.fafafafd
    1⤵
    • Makes use of the framework's Accessibility service
    • Queries account information for other applications stored on the device
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4332
    • getprop ro.build.display.id
      2⤵
        PID:4790
      • getprop ro.build.display.id
        2⤵
          PID:4881
        • getprop ro.build.display.id
          2⤵
            PID:4908
          • getprop ro.build.display.id
            2⤵
              PID:4942
          • com.fdsaf.fafafafd:s1
            1⤵
            • Queries account information for other applications stored on the device
            • Queries information about running processes on the device
            • Uses Crypto APIs (Might try to encrypt user data)
            PID:4607
          • com.fdsaf.fafafafd:main
            1⤵
            • Queries account information for other applications stored on the device
            • Queries information about running processes on the device
            • Schedules tasks to execute at a specified time
            • Uses Crypto APIs (Might try to encrypt user data)
            PID:4590

          Network

          MITRE ATT&CK Mobile v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /data/data/com.fdsaf.fafafafd/no_backup/androidx.work.workdb
            Filesize

            100KB

            MD5

            34348eaf50ab0600260212f97ca639c4

            SHA1

            d4e82e5d387e8a7fcb0a908dbbb04a2d2aaed61a

            SHA256

            f136a40a921bdc59452b1adecce37d513ad2094e2eaa58c1b32f24c08dedf616

            SHA512

            2c128e205c9fa592de1fd6e1c1168e88107835f7b7eead08423b00d7d1a3b6ffb0d314c255e3e45bd5cf7490de25ab2978b88218fce9d5c6c59c4e988bc67a16

            Download Submit

          • /data/data/com.fdsaf.fafafafd/no_backup/androidx.work.workdb-shm
            Filesize

            32KB

            MD5

            bb7df04e1b0a2570657527a7e108ae23

            SHA1

            5188431849b4613152fd7bdba6a3ff0a4fd6424b

            SHA256

            c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

            SHA512

            768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

            Download Submit

          • /data/data/com.fdsaf.fafafafd/no_backup/androidx.work.workdb-wal
            Filesize

            402KB

            MD5

            af3eba77b24248d97d6768045ac101f1

            SHA1

            52202cdc7f5f48793cb38dfa6a86fa12f94c3cb7

            SHA256

            8bbbb81bcf7e36348697c7a2a733426d1f01fb97f667a7c554c95cf8b0225987

            SHA512

            7ea211fbb76f21ee51e7970bddfd5002592fe77c45d02faeeffc31b296f89a16b8664ccd82cb28973327cc8fb7d18f99cf609b269a6868c6b4087ceacf81bf1e

            Download Submit