Analysis
-
max time kernel
146s -
max time network
152s -
platform
android-9_x86 -
resource
android-x86-arm-20240910-en -
resource tags
arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system -
submitted
18-12-2024 22:05
Behavioral task
behavioral1
Sample
8bb4085f30e800880dda6ba6f9749e3e9da9075a9defb665dca87324cc378c45.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
8bb4085f30e800880dda6ba6f9749e3e9da9075a9defb665dca87324cc378c45.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral3
Sample
8bb4085f30e800880dda6ba6f9749e3e9da9075a9defb665dca87324cc378c45.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
8bb4085f30e800880dda6ba6f9749e3e9da9075a9defb665dca87324cc378c45.apk
-
Size
996KB
-
MD5
ac0b1f475d00c7d72780d1512bd435da
-
SHA1
63e0952fd9fad4b877ceace56e53143f00530488
-
SHA256
8bb4085f30e800880dda6ba6f9749e3e9da9075a9defb665dca87324cc378c45
-
SHA512
579fc3127a114a4ea42d32cf488909e5cceb35fcb15ae4c7c2cc09892525d7680061cfa1f9de3eaa640bda9b16956def385374f589940f98fbc887c4856ad22f
-
SSDEEP
24576:Lks8FwpIYA3xHx9K0sCIjMko/4qLUWHUiAh6fHN:LkFwprAhH3K0sCIjMk7qpfAh6fHN
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground cj7.hunting -
Requests enabling of the accessibility settings. 1 IoCs
description ioc Process Intent action android.settings.ACCESSIBILITY_SETTINGS cj7.hunting -
Tries to add a device administrator. 2 TTPs 1 IoCs
description ioc Process Intent action android.app.action.ADD_DEVICE_ADMIN cj7.hunting -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver cj7.hunting
Processes
-
cj7.hunting1⤵
- Makes use of the framework's foreground persistence service
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4256 -
su2⤵PID:4309
-
-
su2⤵PID:4536
-
-
su2⤵PID:4570
-
-
su2⤵PID:4599
-
-
su2⤵PID:4628
-
-
su2⤵PID:4659
-
-
su2⤵PID:4687
-
-
su2⤵PID:4718
-
-
su2⤵PID:4746
-
-
su2⤵PID:4775
-
-
su2⤵PID:4825
-
-
su2⤵PID:4854
-
-
su2⤵PID:4882
-
-
su2⤵PID:4916
-
-
su2⤵PID:4945
-
-
su2⤵PID:4973
-
-
su2⤵PID:5021
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
62B
MD5fc43add074085ee5bbf1a75973db863d
SHA170c61b68a1a89500c05921300b1a9434e1254c6c
SHA2564c2144357e2847f4f8038267afc59f29b90452b1cf7352cd14d86c6ced8d5eaa
SHA512cfcb1f0dda0a62c0079d647753a885a008eb62138e4104a493de6363dc3482268106d20af7648923765a6fb119fba3304bd8783c4204a26ceb024bb45e9ba52f
-
Filesize
53B
MD5d862ae3c5ba3ed67057e44ee84ace10a
SHA1c9eb60e0fc71e7f4930406badc18df9f4549988e
SHA256563a64d425d4724355dd099cf9f21f109fe69a430121b74873fcc7f7625b8be8
SHA512397f09bb31855fc01089510078d1dfde9bb470e2d0d4b823862743ce0e5152f3df6936b1d3b48ad688dfa81891776cc57a6f8f1d5381bbe0657d69036fcad7af