Overview

overview

10

Static

static

10

8469ec91f9...58.apk

android-9-x86

7

8469ec91f9...58.apk

android-10-x64

7

8469ec91f9...58.apk

android-11-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    157s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    12-12-2024 02:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8469ec91f9058c03527dd55b2778864c5c11588ef2e1b7ba5938a4c3dacf7258.apk

  • Size

    3.7MB

  • MD5

    d15d3744e57d220dd297896f4b93eaa4

  • SHA1

    83ea1f9a07a0f923729d46d6e830831f6f41b3e2

  • SHA256

    8469ec91f9058c03527dd55b2778864c5c11588ef2e1b7ba5938a4c3dacf7258

  • SHA512

    18bcf0fe4dbd088b440d03f454b0a8bb10b10d23b3e3fb0581c6ceb028d8d369d4fec7aea9363dcf3f0160f36bc02b9f16f6a433f9728e35ff6a5cc08d5f39d7

  • SSDEEP

    98304:CieaIXa6MQc+3cP6JEtUV2zmy6mz/zBbTP0twsRP8:CcIBc+06Jhe1z5AY

Score
7/10
collectioncredential_accessdiscoveryevasionexecutionpersistence

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • rb.dig.basket
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries information about active data network
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Schedules tasks to execute at a specified time
    PID:4482

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/Config/sys/apps/log/log-2024-12-12.txt
    Filesize

    29B

    MD5

    9591164fdc2fbc31b76f223ceca4f825

    SHA1

    95177eaef594c084f6a9456788f3b8e566001fe4

    SHA256

    d1d43790935e4c13d559cc9dd152b0614aeb00222d43eed8d23978178a4c6255

    SHA512

    cc0a0f1168d139e243a16dafb6949451e57a13553ae50c951858f240de3f2d81e2865a50ebeb48647152571edae85f457934924ac677909232c7ec9798693cf4

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-12-12.txt
    Filesize

    25B

    MD5

    ba30336bf53d54ed3c0ea69dd545de8c

    SHA1

    ce99c6724c75b93b7448e2d9fac16ca702a5711f

    SHA256

    2d6988fb5afdaafc4e33fa1f71d6f10c95ab5a49a8ec820add5b13eef05439af

    SHA512

    eea34ca526e03349e746d3687ea660b4748f0174fe2ffdb65161e232e08630b345e03329614852ce881a71362ba68575e9dd08fa361a416e5b2fb231e21a0a3e

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-12-12.txt
    Filesize

    284B

    MD5

    7e59a042de978400539477ffdf18df0f

    SHA1

    380583e039933f20e73ca429f0ffc7297654e7a6

    SHA256

    c336e4705aea7a2f2b150de2ca5165b3b19577cbfc37b043378b443df408154e

    SHA512

    fbfc3855a77cd710d8861eb2ab116b7673ef0e6e9f5c01ffb37b3a2a77d225b010fe524a3389c92b5a8a2cb55a11a7405a391cb61d87ecd2fcba0ece9a39fe5d

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-12-12.txt
    Filesize

    57B

    MD5

    3af69119804d1d999d56d230338ffd36

    SHA1

    69350826205583c8acc385ee0a6e3fc2673ee2ca

    SHA256

    10994862cb263ab6b1e4428cc24cc9c585458fc67544fe0f5dfea81a5a7a115c

    SHA512

    4a41b19d28f637b397d9dff225621694c44c750a9bd65f3e6ad5d3b9acf0d118910ddf53d4618213f9e14c61e0fb154f33f2747dd3b8d50459990767f42fc8cb

    Download Submit