Overview

overview

10

Static

static

10

3d52b5728a...29.apk

android-9-x86

1

3d52b5728a...29.apk

android-10-x64

1

3d52b5728a...29.apk

android-11-x64

1

base.apk

android-9-x86

7

Resubmissions

13-01-2025 18:31

250113-w6fb3aspex 10

14-12-2024 03:13

241214-dqtweatjhv 10

Analysis

  • max time kernel
    87s
  • max time network
    152s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    14-12-2024 03:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    base.apk

  • Size

    3.6MB

  • MD5

    aca88829c5a7c2f7ab8ae928f3df9fda

  • SHA1

    2ef0057ce7fa7d3c27d894b5ee0532a4b9f62f10

  • SHA256

    9d00052eb9a97a53a49c8e1a26138de835e2d354adef44a51ce8fb599d769fc1

  • SHA512

    44982081663f363769d16f667a229a36d2069678cb3177ce4e45e299f424566f9eeb71779afed2e93f67ae3cbcf04cd8b3c8b736f4981f5a937ce08392770fbc

  • SSDEEP

    49152:+bgW8wiy8Vp7mZtgAWDGo2ZO5eAgBNx6yyhfYPdIxAH0fRnJfzvvR93Ueg6b/4o:+W1y8Vpug3t0AUyhQ2fbLP3hg6R

Score
7/10
collectioncredential_accessdiscoveryevasionpersistence

Malware Config

Signatures

  • Checks known Qemu pipes. 1 TTPs 14 IoCs

    Checks for known pipes used by the Android emulator to communicate with the host.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries information about running processes on the device 1 TTPs 7 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Acquires the wake lock 3 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 3 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Checks CPU information 2 TTPs 6 IoCs

Processes

  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Queries information about running processes on the device
    PID:4215
    • /system/bin/cat /proc/cpuinfo
      2⤵
      • Checks CPU information
      PID:4246
  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Makes use of the framework's Accessibility service
    • Queries information about running processes on the device
    PID:4318
    • /system/bin/cat /proc/cpuinfo
      2⤵
      • Checks CPU information
      PID:4378
  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Makes use of the framework's Accessibility service
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    PID:4403
    • /system/bin/cat /proc/cpuinfo
      2⤵
      • Checks CPU information
      PID:4437
  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Queries information about running processes on the device
    PID:4464
    • /system/bin/cat /proc/cpuinfo
      2⤵
      • Checks CPU information
      PID:4493
  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    PID:4518
  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Queries information about running processes on the device
    PID:4634
    • /system/bin/cat /proc/cpuinfo
      2⤵
      • Checks CPU information
      PID:4663
  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Makes use of the framework's Accessibility service
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    PID:4688
    • /system/bin/cat /proc/cpuinfo
      2⤵
      • Checks CPU information
      PID:4727

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.example.mysoul/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.example.mysoul/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    4bb7b7ed1da508fa4cbe8d92d9df83e4

    SHA1

    35002ce39a1e16d40535c1bb4907659f8f70e038

    SHA256

    a869a7dac209256b1ea14afc2fb7f3e419b73122886c5388df49098c94601745

    SHA512

    e9b6343c2a081f2b71e02ac8e2e3311a029a2f7ef2ceb64c80f0d9ff99abc3e9bdd2042d6d4001498513bdc94d8d45445106bc53a3213950cc647c156e5866e7

    Download Submit

  • /data/data/com.example.mysoul/no_backup/androidx.work.workdb-wal
    Filesize

    28KB

    MD5

    f9b1ec11b7007c40f70011072516f5b8

    SHA1

    1f16ae84a1a521b7fae3b2374e8ef5762946b125

    SHA256

    fdf244762275f0560784755792376e59de6f0a6bb67ca926ee29af5085718ec5

    SHA512

    8e7b1b7c80ea5adbd5453b04b281760bd63255c094ee96e813702d13b1dc9affe64eb7a54b2d9f60bd770fa514e9154dc03820b8ad309a1ead2b6046f3714fe8

    Download Submit

  • /data/data/com.example.mysoul/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    b86c7b29fc505e6d32b2e612fe3915dc

    SHA1

    9c283b77e3304e233146bf8f625844dd7dad7044

    SHA256

    98ced297e8c62c54a387b28ca97d4021c4b4634fa3fbceaa91cac8c6bb5d3968

    SHA512

    a4f653c1ac171a8fdf0aa22f77e6c5fd258ba75bbb32cda32fcf4702d2f2d55fc24970dd268326d18125af63218f43dd1e0c040f653ca601b20c45333b954afd

    Download Submit