Overview

overview

10

Static

static

10

0f6a93a698...7b.apk

android-9-x86

8

0f6a93a698...7b.apk

android-10-x64

8

0f6a93a698...7b.apk

android-11-x64

8

Analysis

  • max time kernel
    46s
  • max time network
    156s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    24-12-2024 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0f6a93a698d0d2a19eab56bffcb6714eeb9f4b5aa686735eecdd99144931007b.apk

  • Size

    4.6MB

  • MD5

    e3caae71921e4019af76a8ba38404f17

  • SHA1

    ecf9bd49efc589bc06aef9a18e3cd1e596d81c82

  • SHA256

    0f6a93a698d0d2a19eab56bffcb6714eeb9f4b5aa686735eecdd99144931007b

  • SHA512

    4779967346f6519aeb4042dc8ac694624d4b17e64c631bd2b757b94fac81fd81749fd47690343cce8e3900c57cb7f28899b41a183e8d2110cd1ab5de24fdb820

  • SSDEEP

    98304:rezrmwGWDjOU3KjvaeDgmcCZZLmtzf6glrc0HIk+qfGxUvTHfrbmZF2Lj:rezx5ijvaeDgmcC/Ls2g1c0D+uq2/

Score
8/10
bankercollectioncredential_accessdiscoveryevasionexecutionpersistencestealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 3 IoCs
    stealthtrojanevasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
    collection
  • Reads the content of the calendar entry data. 1 TTPs 1 IoCs
    collection
  • Reads the content of the call log. 1 TTPs 1 IoCs
    collection
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • com.tencent.mm
    1⤵
    • Removes its main activity from the application launcher
    • Makes use of the framework's Accessibility service
    • Queries account information for other applications stored on the device
    • Reads the contacts stored on the device.
    • Reads the content of the calendar entry data.
    • Reads the content of the call log.
    • Requests cell location
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:5053

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Execution Guardrails

1
T1627

Geofencing

1
T1627.001

Foreground Persistence

1
T1541

Hide Artifacts

2
T1628

Suppress Application Icon

1
T1628.001

User Evasion

1
T1628.002

Input Injection

1
T1516

Credential Access

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Location Tracking

1
T1430

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Network Configuration Discovery

1
T1422

System Network Connections Discovery

2
T1421

Lateral Movement

Collection

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Location Tracking

1
T1430

Protected User Data

3
T1636

Calendar Entries

1
T1636.001

Call Log

1
T1636.002

Contact List

1
T1636.003

Screen Capture

1
T1513

Stored Application Data

1
T1409

Command and Control

Exfiltration

Impact

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tencent.mm/databases/Dname
    Filesize

    32KB

    MD5

    0ec8d5e24581e56eb01c45155efe2049

    SHA1

    4de2aebc5e22d0420e54cb553c2739e50481e50a

    SHA256

    5bb1fd7e82a28019975971aae5f49b0eb2ddef4a943663b654ede402d2f7f616

    SHA512

    23f87b81f1b49b80a88b1eab7d5e08e7001486b135bedc434601eed4ab74b72804ae4f907ede18213454dfa9da7058692b012861170306adbe6b12650dd51fd4

    Download Submit

  • /data/data/com.tencent.mm/databases/Dname-journal
    Filesize

    512B

    MD5

    2c52bee2d774613a4e9da899292e8598

    SHA1

    9d22965c4d14bbfd0293a0ba6ce310e1dfe7e174

    SHA256

    d48229d950f34dfd2c6649aaf6898e492ffdf3b0dde5bbe88089497e274ef4d9

    SHA512

    219ec364b33f5bd544afd7e823aac5975884fbe0f86d160011b9d2eb1fe4e2e7a37fc1dbf64dadb97a130a27b4966c6e0f5e607fb9665fc0dfbce1ad36d4ca81

    Download Submit

  • /data/data/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    9e53c02d2367456c1f0f0d9c3ba79142

    SHA1

    a140950e28f87e073fc94a6cf8e6e8438303611b

    SHA256

    a14fded15332a689fd69b8007932ee026bf4b5a5eaa7b5b6e6a87be10323ddd2

    SHA512

    b9036988433c528d8d90b869c19c82f261f0bcde5226125c81fc12ee0304aef340081b3c4bba854b9521b75589e8958bd33422484d3214ccbb601c52c88a2e98

    Download Submit

  • /data/data/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    97fb3cc9835c02a866922796976b5690

    SHA1

    50f9752dea461f7cfef5946ee7a13a0143f3e785

    SHA256

    0ab07682423b32d2f28c52555956e30eec71c88b93cf3763a62283e4deb18735

    SHA512

    44e389e96c25a19b740b4307f82aed366fe199064764d6dc1aa421830f7e0ffe0bb89119bb2a4b7ca2a4b46946ee7ebd030da3f9dde2c4b38c17f1e552b64277

    Download Submit

  • /data/data/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    4677f9d71715cc18858a19c8a5c0d337

    SHA1

    fda689683ecb78c3229ec0159a2a6e1bd9761f41

    SHA256

    772f59a2cd721e0038edf757ba451aadce9bbe1069162b64ef93629d500dd277

    SHA512

    22197550dd3e71669884d76f54d01b9411f7fd2f1a148856b76f19a9ebfeb36267991dfa198c94dcf47033c00cf5b7d81708d5b28fb15d2469d80b6be80f1bcc

    Download Submit

  • /data/data/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    c0bd4af72393650d4c787924fa93a14a

    SHA1

    b6644f2d915a9ed4dba5a03f993a109c98d88a19

    SHA256

    8d20bf38703916ed90285c4fd6d66faf5d5d1c354dca435f728e0c25ebb36c56

    SHA512

    867198945948e91bc8b22f4cc680161cdee2cda0b6ead3d8c3a3e03719c58eee5a83c36c4ada1d2981a71f13c2bed20c7b29220367b79e203810bfbfa2e80fe4

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db
    Filesize

    16KB

    MD5

    b3b033635a848ac987e4b3d49056b24b

    SHA1

    ec44a7f9483be168f845b205fb23fe14cf470dc7

    SHA256

    43339746d606afc7120946063006f08f1b452260584ba03872070d83f2096f6e

    SHA512

    25ef0cd5a94c5c3209bb81b00a79789867b21720091a671dbdef1d03537d8fe87e29747051e6c95e2ef848de0fd683d62733fce072742bcf7827b1aa8f4c06ed

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    512B

    MD5

    d43f3c3f7943386fcccf1e46dfb97aeb

    SHA1

    7d4f54531a35531ed167fdd1d9b80d56ba43b692

    SHA256

    991ef4abc5667758091f1d015b0e3bc1be9b46ac5952e716be40d88e7bb3c325

    SHA512

    02e2818b79466a388cded504f31ac98d4c6822b4f9409eacb41401e3ef81e69483686c8957259494e669c625c15ea9d0950684c375898fc5127bcdeaef5d06a6

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    180314f33f0380719757f15d481d9cb5

    SHA1

    d77b59893ff055861f6deb1382ffbbfe22198cd2

    SHA256

    6b091b7e5ff6454cb6546f78f71b075b9397541387fc509c947322c19c2f7b7c

    SHA512

    4e2617dbc4f941115cf8d04a176c07dee57aae738568a81a0b2a28ea7b7892232e56b53bf0c1fbd8130d25609bcc7450688716eea46e3c048507c833700701b7

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    b0ceda8dd56793962f6c3529897e3b8b

    SHA1

    bd62a40d2d56ab383d7370d9d7640f560f40d326

    SHA256

    9060efb7b25755000a5780dfa6422ffa19a54c5bfee8fd96e9443567478c65b9

    SHA512

    f6548da83375bdb5baeadbc5172d675cae6c68e1bfd5167a755dc65d626cafbfe409f7ba008653e4977756d551c8659b39859834c76cd302c5ee2f618cba0a6d

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    78aad662fd9a5d69774aeb11d5a2e03d

    SHA1

    3ec703de454f36b474ca7d26b8bd4e3077668c49

    SHA256

    2d1e6c4077a40f770d6a1fe404be7242973a1e517bfbff8474910d6120ff669b

    SHA512

    d02231804c2dac1cb4e536b990b1c61c402e5bafbb25faf563ab0fc18246ff32ad53ec2b3c836934c7bea77bdd6cac0562a79095907c697ac2773d4d68a0ab75

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    e1fd233c21981448fb1ce27b2233596a

    SHA1

    badec0228a2aaec3bf939168a68255a1c8a7d21f

    SHA256

    307d9c7fdcdc0f8e5fee0d4405449b4869de53702cc617e965792261ccdd6f5c

    SHA512

    7424e2c93c02fa4005cbb7575721d9fd235eaabfd189174bd5dc9d08114dace019d689730eb50bf53db3c7281a6371eeb560467ba7740f73ce92adeafcc805e8

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    f58b45f7fe9e8c54067a2772d0d7dffa

    SHA1

    efb08bbccd9717aeb818e5b7a6d2c1091986abb2

    SHA256

    57577036c65badde3f52a8f62cdfdc82d37aefad4fa06e6b2b144a4c13355305

    SHA512

    089d2bfd8c9b423b85b0b9636e3245e11a467e2c2d4014c9583a24dad8ac859bb6b1639c0c0d7f0ddf9ff2c746108ab483819ed99e03291d4ac64eacb6faa3c0

    Download Submit

  • /data/data/com.tencent.mm/files/CallLogs.txt
    Filesize

    3B

    MD5

    58e0494c51d30eb3494f7c9198986bb9

    SHA1

    cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d

    SHA256

    37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570

    SHA512

    b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

    Download Submit

  • /data/data/com.tencent.mm/files/GP.txt
    Filesize

    108B

    MD5

    39e89b811f481a371bdee223b5657f66

    SHA1

    967624a44e7155dd159cdfab194deaa09e2006c4

    SHA256

    13395ac7093709d550e8b067e2fd502b93df2c7e831dcf51b1fac430879b619b

    SHA512

    e40b5836e70fd21ee22ab21bc2552b46b624ff4502ee1ce33d19ac452463ebe2bc24ffac9618975b1b18aae749e1a0e7483bb699ba6053be038d5b8e8932d179

    Download Submit

  • /data/data/com.tencent.mm/files/GP.txt
    Filesize

    126B

    MD5

    5a8e4fab22ef014f1bb2abf9a31918aa

    SHA1

    640f69c041a34035c56a83bc8c72acbc31f88b45

    SHA256

    af491101b26326fbe95cd5aafd8b8c5271b06b57d1cc8e82566bfdefee250711

    SHA512

    ef632a2b54fa7237a7763245e0971831efe9ab9f427ef4e6cbff890db87dff5872e7b96be87ce3d0e3c715c7e0ed39fb606303c11952a09aea8d0328e2d35ba3

    Download Submit

  • /data/data/com.tencent.mm/files/GP.txt
    Filesize

    108B

    MD5

    7e945c559f96dac48ca64243dba7af0a

    SHA1

    f8c96b46c18f1914659380816b6675efb5abf0b0

    SHA256

    d1e190215fea818bfa4738d1d720527b186607404b88dda082c12186bd3eb7e2

    SHA512

    6513b72f624606986ebfd7ba33c793d739d421c88a3f3c1c1c41562125b670ae72a138d9340537eae3cbc8a5242710fefbca5f92080602cb894c7d2929d93ee3

    Download Submit

  • /data/data/com.tencent.mm/files/GP.txt
    Filesize

    134B

    MD5

    a2090a7f12b43ff4968d4aef9b6a4c9d

    SHA1

    57c972ee45cff866e35254568fa5e1d6a3e2fe91

    SHA256

    eac1ac0a06443181ef351b2e6dc3bd1ade72d2a46831f73e497d98f3f54daf9e

    SHA512

    4bd1835d4a139003bdac6b77bbccf730eceb359880e3f81be583a08fa49760363bb7806d4ef77f878a050edd03261490d993b860176d718e398fe4df0cc497c2

    Download Submit

  • /data/data/com.tencent.mm/files/GP.txt
    Filesize

    126B

    MD5

    cc6f553a3d0215d3d21968d1b4b3d6c1

    SHA1

    eefd32d5f2e9ca03c17a90f04c594331c20c7adb

    SHA256

    9a9cad02065b31c5d95b0a65e4b2df6dab61b9c99347915b129cb66f7763784f

    SHA512

    d055ae6925d9c1960ad7cca3c42a0d47c8b6592b334bcb427fb6c732d3d932cdefefb967b77bb91de7277dee80df32c8ef84ea90829825aeffff1debcc153d6e

    Download Submit

  • /data/data/com.tencent.mm/files/Tree.txt
    Filesize

    351B

    MD5

    533046aeb3cde18865995fbe6442c17e

    SHA1

    3aedc6263fcfc88006d1613e6bb0d12663aa6db3

    SHA256

    d98fa1de90ae745400ddb704e4957941f937bcc69de2e78d0be005761f6ebe2f

    SHA512

    3243813f2b2d9e7462800da0195164d97610581a49de1ab3f89a26ff366406f29e60d68cb505982ab4630c1dd2ed95f65bf5ab228d9c1d7f67df16b935329336

    Download Submit

  • /data/data/com.tencent.mm/files/accounts.txt
    Filesize

    2B

    MD5

    d751713988987e9331980363e24189ce

    SHA1

    97d170e1550eee4afc0af065b78cda302a97674c

    SHA256

    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

    SHA512

    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

    Download Submit

  • /data/data/com.tencent.mm/files/netinfo.txt
    Filesize

    827B

    MD5

    a5c803b94ada991ee682153cd694fd29

    SHA1

    c65dfcafd3c7bf722ea2c93f51cbbb431cfa123e

    SHA256

    3aef653072de26c327bb632b5b6aa01d839ab005c65cc596a6440aa67826493d

    SHA512

    45ec27d9aa70f42bf2ec076c433035a2371852bf8317bacefea57783672d56d72ab5993578920a4cbedc9fd05896379d9b344d94580eca11f88846b6793fc94a

    Download Submit

  • /data/data/com.tencent.mm/files/netinfo.txt
    Filesize

    826B

    MD5

    6f9bd0be5ba173cca5667cdcca742a1c

    SHA1

    9d2aed733d5fdf8afdba3b7aa1ac6a653e332358

    SHA256

    76f7a213188d3ef9bae8500764a094250c7a6e90961dbfd50ab15d27e7af725b

    SHA512

    28849abe1022d2c1dc8c2ba90480a1cc4931e921b5ee351c8eb1da473cb1e82e70e28dcee0eb34c47b2e8fd8206adf94cd5d0aae4bb5e0749d8483f3226e4e83

    Download Submit

  • /data/data/com.tencent.mm/files/pkinfo.txt
    Filesize

    9KB

    MD5

    de42df6381f44c0dc45891054c656259

    SHA1

    5a76c1ad2ff42094034a18774912bfaa79489c29

    SHA256

    51c06cbd2eee387145a0eac5b55b387f2da3797cfb737cbb151aacc1b145e747

    SHA512

    700f8a3e85a7ea4f1d15aa3046d6c96ef898ac628b797616f94737570b802ee22db555e4d81c3fe91a90c3c92e9bc45aa940d55dc2c876a6488387743eabc037

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-12-24.txt
    Filesize

    12B

    MD5

    e48057c3603c907cacbe1568a7dbfc41

    SHA1

    6e100086b53e20e499a9be069aa1b452faf82ba3

    SHA256

    4b36685dbf772b2de007f4c98f824966f4f3a132075692d3d3d8f11e84e5468e

    SHA512

    787e1140832e8c308039f0287ee801c00040544d5241425b0c0c8e8dc19ecf3feefa50706723f7a21be209c13b24ab3dbe0691ec42118fdfe18611b13155fb9a

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-12-24.txt
    Filesize

    267B

    MD5

    ca83936d0c0ffdb4a991046e32ccc956

    SHA1

    6d34827e6fd5b8f716cc5f7d7843b581713aeab3

    SHA256

    b50da55ec1fcb8d0589b49d5b3dfef915d77f3dbb24416bb1305441f81c507d2

    SHA512

    61bb1d4d033b0ddfa7ae802d5732c00af6db3aa5bcfbda0c60a0f12bd9fbbbd03123990c55d5abbd3d6e967471101b82e409f1620a73a3cf8c627452f61440d4

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-12-24.txt
    Filesize

    12B

    MD5

    a9256f55737b655c8cff95418411997c

    SHA1

    d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24

    SHA256

    bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412

    SHA512

    10d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574

    Download Submit