Overview

overview

10

Static

static

10

0f6a93a698...7b.apk

android-9-x86

8

0f6a93a698...7b.apk

android-10-x64

8

0f6a93a698...7b.apk

android-11-x64

8

Analysis

  • max time kernel
    19s
  • max time network
    151s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    24-12-2024 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0f6a93a698d0d2a19eab56bffcb6714eeb9f4b5aa686735eecdd99144931007b.apk

  • Size

    4.6MB

  • MD5

    e3caae71921e4019af76a8ba38404f17

  • SHA1

    ecf9bd49efc589bc06aef9a18e3cd1e596d81c82

  • SHA256

    0f6a93a698d0d2a19eab56bffcb6714eeb9f4b5aa686735eecdd99144931007b

  • SHA512

    4779967346f6519aeb4042dc8ac694624d4b17e64c631bd2b757b94fac81fd81749fd47690343cce8e3900c57cb7f28899b41a183e8d2110cd1ab5de24fdb820

  • SSDEEP

    98304:rezrmwGWDjOU3KjvaeDgmcCZZLmtzf6glrc0HIk+qfGxUvTHfrbmZF2Lj:rezx5ijvaeDgmcC/Ls2g1c0D+uq2/

Score
8/10
bankercollectioncredential_accessdiscoveryevasionpersistencestealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
    collection
  • Reads the content of the calendar entry data. 1 TTPs 1 IoCs
    collection
  • Reads the content of the call log. 1 TTPs 1 IoCs
    collection
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence

Processes

  • com.tencent.mm
    1⤵
    • Removes its main activity from the application launcher
    • Makes use of the framework's Accessibility service
    • Queries account information for other applications stored on the device
    • Reads the contacts stored on the device.
    • Reads the content of the calendar entry data.
    • Reads the content of the call log.
    • Requests cell location
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4261

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Execution Guardrails

1
T1627

Geofencing

1
T1627.001

Foreground Persistence

1
T1541

Hide Artifacts

3
T1628

Suppress Application Icon

1
T1628.001

User Evasion

2
T1628.002

Input Injection

1
T1516

Credential Access

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Location Tracking

1
T1430

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Location Tracking

1
T1430

Protected User Data

3
T1636

Calendar Entries

1
T1636.001

Call Log

1
T1636.002

Contact List

1
T1636.003

Screen Capture

1
T1513

Stored Application Data

1
T1409

Command and Control

Exfiltration

Impact

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tencent.mm/databases/Dname-journal
    Filesize

    512B

    MD5

    eb2c3391096875a623e0a623f5ab60b2

    SHA1

    ab8d72b725b0966854449ba5e83ef636158fee19

    SHA256

    f97a917784b602d41c310d1af0c9d5ff70cb8a6d018885bb991bb3f66efa1d89

    SHA512

    e46e9e317055d4f107ba8b4396acc989598110ebf561b91c0c21102bcbe95547bd5d43ee72b77ee2c7d3af22a220491d88f6bbafe8ab9e3f2c121c06620c48aa

    Download Submit

  • /data/data/com.tencent.mm/databases/Dname-wal
    Filesize

    60KB

    MD5

    4f277d0ebc376f8f77d2c27fdfabc661

    SHA1

    08755eef5680c132d38b81749ccfce1802a4696a

    SHA256

    f4f60ea2d5c067c96255a978a3e4fa0d8e62f7430eadb75a0a27f449d14d46fe

    SHA512

    b2d5e8271549260943a71dfca0b1ce2343006bb3c71611f233698cfd23e51a4492e0c0fdaafd14564219264d9edd7c0e8a74991aa80da0fa7f0f4892ca881f77

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    512B

    MD5

    1036d676288d4858b5ab1bbee3cf6ed0

    SHA1

    6a0cc59d06d67b0dd2aaba7a154198b8f0f7114a

    SHA256

    9e7c41069c5a99f5197f8976617cf36cd38cd7ede761e9b8319419ba91ed9c02

    SHA512

    537f22e6d6d4d0d68607863cc664fbbcd605d872d63d8dabbe39d1b326cf4cb7cbc2823ba1b7224a9eb54458c337a7fa9969435fc60201e77359e19aed266f25

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-wal
    Filesize

    32KB

    MD5

    a9736459f147a66f60f4baa7d6d78967

    SHA1

    d2a3348d294fbf679436abef5254cc5bf910dbb4

    SHA256

    72e1f2f955e151fb3810e6df5ac5b962d313ca56109f69275ca30de2a4c7295b

    SHA512

    d2e0c91343ac9ff71eb710838b40a5ba6a8f94e4e81216592a095dc767eb5bbf231911410283ac09ea3cbfa85adf06677f62f7861d1cea52023f097efdbb83f3

    Download Submit

  • /data/data/com.tencent.mm/files/CallLogs.txt
    Filesize

    3B

    MD5

    58e0494c51d30eb3494f7c9198986bb9

    SHA1

    cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d

    SHA256

    37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570

    SHA512

    b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

    Download Submit

  • /data/data/com.tencent.mm/files/GP.txt
    Filesize

    116B

    MD5

    fb5441b8026c19545c5192312e61ab79

    SHA1

    bbc67d6abfe343b76d73123ff7efb7504e934dcf

    SHA256

    c3fdf76ac9b93f1e55b6ea3ccb99d28d766bac9d7578d7bcb89aa584ce5247fa

    SHA512

    12ed119fd8aefffd74627fcf6ea01e1c55f38d937f712abc38910f8cf5c71c08d9554e05cf5ba7637fed4126513b6f3e220ebd205a8635a2170e163eeaa7c4f6

    Download Submit

  • /data/data/com.tencent.mm/files/GP.txt
    Filesize

    126B

    MD5

    8d9b97e4fb72072fe9633660494e2e86

    SHA1

    de382891fa94871eca089ad4dc9bf6078ea83fab

    SHA256

    02b01a063340c0a58dc68a7031859b0f7c4e7559d1bfeb9194028ef74f22cdd1

    SHA512

    4f9e8b1d57503dc10484eac4e17e81a8022b896178ce276986421ebb67d2e21c475963ea94d4a6309fe4dbb0425f90b1fdb445c81043386c9085941bbfe72aaf

    Download Submit

  • /data/data/com.tencent.mm/files/Tree.txt
    Filesize

    282B

    MD5

    47e35fc7605a42a94b736ac167a3e31c

    SHA1

    6dd208544324ed1163b432b708873192b1e4a51a

    SHA256

    b1437a65b808976e4b5b8d536d17b8f8b17c6acade44dc1981de4114296cdc91

    SHA512

    23b9102a6e8bf8ae4b572083ea3945ac237ceec2345c3f82acf346ff74cfabe7f1b11884708cfcef192b26a08360878449453545f0f1ee94ca9b92748f56b8a9

    Download Submit

  • /data/data/com.tencent.mm/files/accounts.txt
    Filesize

    2B

    MD5

    d751713988987e9331980363e24189ce

    SHA1

    97d170e1550eee4afc0af065b78cda302a97674c

    SHA256

    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

    SHA512

    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

    Download Submit

  • /data/data/com.tencent.mm/files/netinfo.txt
    Filesize

    609B

    MD5

    81aaf7b8503feb625b796c0a329f5435

    SHA1

    717e398e70f484cbe36f7ffda8847601f6cacb95

    SHA256

    94b421c32aa376caf98471650abe7d92b93da8c5ec046e83e34778fbb00e404e

    SHA512

    6f9c66d8adb7a190c1039363ae3e40358d5fe85a3089d15204b47d19baa7c3366b9a8777c69604b7b56b9279b50d330995983f0334d636306433957840e967b8

    Download Submit

  • /data/data/com.tencent.mm/files/netinfo.txt
    Filesize

    609B

    MD5

    87d3e11045b3f30c1699db610d987b0c

    SHA1

    39f9bc37810c9538e85b320ed1005d7d837c7b6b

    SHA256

    1e0a7bee468fcdd252627421714a9c33ea722fb59f1c3f8531e08d1c72d9ff3b

    SHA512

    2eff7f965d3abdebcfeee2306b2b0be6491a61c20bd972348c2ba86e63b3a99575436f6f884450eff8f11ac7508c61b4a61d4e237ba7bf77d2c67b59038513be

    Download Submit

  • /data/data/com.tencent.mm/files/pkinfo.txt
    Filesize

    5KB

    MD5

    9857c0caa99fde5d0bf47c0ee0fd821b

    SHA1

    ef4629899e6ebbdbaf45ca4885f5b960da25538f

    SHA256

    d68311a5561ada62ee327cda3a9b29c41ed0d7bc16586f9af6d5595a96d497a8

    SHA512

    312c11c7b41384fd5a7ef466f06813c09f6c661ade0ed4ffe6e8e88969f2ba31257a90333b13ce8d4b2ab0692318b638f06aecfea11aeb2df3739580e635a148

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-12-24.txt
    Filesize

    267B

    MD5

    2fea6fcd7b73787ea80ce21066f22bb5

    SHA1

    c31ad28bebaa4436e3f66b518e708fd60f145164

    SHA256

    917032a07f9e4b0e36b58f89001e310b87d6a3b8ba3b9249014026a0ff8d2113

    SHA512

    9cf2f442ea6a7b6057a7cf51c1546671e873c6c3bcdb5796e35aa66fed2c791de375ceb594abb83620c0c8a98ae5c6cf6d399e0647191aa7ab8a897d0e737af6

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-12-24.txt
    Filesize

    12B

    MD5

    a9256f55737b655c8cff95418411997c

    SHA1

    d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24

    SHA256

    bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412

    SHA512

    10d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-12-24.txt
    Filesize

    12B

    MD5

    e48057c3603c907cacbe1568a7dbfc41

    SHA1

    6e100086b53e20e499a9be069aa1b452faf82ba3

    SHA256

    4b36685dbf772b2de007f4c98f824966f4f3a132075692d3d3d8f11e84e5468e

    SHA512

    787e1140832e8c308039f0287ee801c00040544d5241425b0c0c8e8dc19ecf3feefa50706723f7a21be209c13b24ab3dbe0691ec42118fdfe18611b13155fb9a

    Download Submit