Overview

overview

10

Static

static

10

792c5229dc...6c.apk

android-9-x86

8

792c5229dc...6c.apk

android-10-x64

8

792c5229dc...6c.apk

android-11-x64

8

Analysis

  • max time kernel
    136s
  • max time network
    150s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    16/12/2024, 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    792c5229dc5de630a542a2dacb13e470a9fe810819a94de7836f15d612c4f56c.apk

  • Size

    1.4MB

  • MD5

    520c1eb7583328ee55fbad2f63ed732d

  • SHA1

    3978f8e6aff6d79bef675d5eb2930291fd149a26

  • SHA256

    792c5229dc5de630a542a2dacb13e470a9fe810819a94de7836f15d612c4f56c

  • SHA512

    3e3590db6831c6e44d34c80066cd1493cd06fa144ff3435e3d8fbb97c617c454ce331b069a59ae15aefba2af10b33a6c101ffea926a2c4091db6c353b6c8c435

  • SSDEEP

    24576:aAcXBxI3xiR2qpNJCmWYuyjmzOW2Tr/fQ5j+0PQ8Eh9E7A2Fk:abxI3kR2I+YLmyzr/KPQ8EsXFk

Score
8/10
collectioncredential_accessevasionpersistencestealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Acquires the wake lock 1 IoCs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Requests enabling of the accessibility settings. 1 IoCs
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence

Processes

  • jeg.cwnnp.kuuxh
    1⤵
    • Removes its main activity from the application launcher
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Requests enabling of the accessibility settings.
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4345

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/jeg.cwnnp.kuuxh/cache/volley/-121059992-1636342093
    Filesize

    5KB

    MD5

    e98dccdba67ad88a0746d93b5e36d247

    SHA1

    f17609529d67d1cd57a8ca690c420bac27384081

    SHA256

    c7408a3408f0887b1b22ff67ee41e31fc8e6271cfef52b86b7330629b2762c52

    SHA512

    64287d481bbf833a73a2eb87994c2b670f9e95203df23cf844d5e644a77386fc5cd03b2b43fb6e2fd0a924c3fc45b4274a3725a5ad81f0b1f287d6722f05beaa

    Download Submit

  • /data/data/jeg.cwnnp.kuuxh/cache/volley/-121059992-1636342093
    Filesize

    5KB

    MD5

    166bd79a125dc73d2a7c463c403bdecc

    SHA1

    2d33a06a4f02510cb401e90224ea4a6557599a49

    SHA256

    792dbffaaaf70493b556772f5453568b93d9da60c4bba092d63aca81e8f330e3

    SHA512

    39956bb45f82c32be940d8cfa9acb31ff530f9fe9cb2a940d8ceb68d5c275b5cad6753894dfca8f5d33f89971ca2832bef4cec973cf6dcf2baa1cd6f3c818dc6

    Download Submit