Overview

overview

10

Static

static

10

0f6a93a698...7b.apk

android-9-x86

8

0f6a93a698...7b.apk

android-10-x64

8

0f6a93a698...7b.apk

android-11-x64

8

Analysis

  • max time kernel
    23s
  • max time network
    153s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    24-12-2024 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0f6a93a698d0d2a19eab56bffcb6714eeb9f4b5aa686735eecdd99144931007b.apk

  • Size

    4.6MB

  • MD5

    e3caae71921e4019af76a8ba38404f17

  • SHA1

    ecf9bd49efc589bc06aef9a18e3cd1e596d81c82

  • SHA256

    0f6a93a698d0d2a19eab56bffcb6714eeb9f4b5aa686735eecdd99144931007b

  • SHA512

    4779967346f6519aeb4042dc8ac694624d4b17e64c631bd2b757b94fac81fd81749fd47690343cce8e3900c57cb7f28899b41a183e8d2110cd1ab5de24fdb820

  • SSDEEP

    98304:rezrmwGWDjOU3KjvaeDgmcCZZLmtzf6glrc0HIk+qfGxUvTHfrbmZF2Lj:rezx5ijvaeDgmcC/Ls2g1c0D+uq2/

Score
8/10
bankercollectioncredential_accessdiscoveryevasionexecutionpersistencestealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 2 IoCs
    stealthtrojanevasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
    collection
  • Reads the content of the calendar entry data. 1 TTPs 1 IoCs
    collection
  • Reads the content of the call log. 1 TTPs 1 IoCs
    collection
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • com.tencent.mm
    1⤵
    • Removes its main activity from the application launcher
    • Makes use of the framework's Accessibility service
    • Queries account information for other applications stored on the device
    • Reads the contacts stored on the device.
    • Reads the content of the calendar entry data.
    • Reads the content of the call log.
    • Requests cell location
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Schedules tasks to execute at a specified time
    PID:4639

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Foreground Persistence

1
T1541

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Execution Guardrails

1
T1627

Geofencing

1
T1627.001

Foreground Persistence

1
T1541

Hide Artifacts

3
T1628

Suppress Application Icon

1
T1628.001

User Evasion

2
T1628.002

Input Injection

1
T1516

Credential Access

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Location Tracking

1
T1430

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Location Tracking

1
T1430

Protected User Data

3
T1636

Calendar Entries

1
T1636.001

Call Log

1
T1636.002

Contact List

1
T1636.003

Screen Capture

1
T1513

Stored Application Data

1
T1409

Command and Control

Exfiltration

Impact

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.tencent.mm/databases/Dname
    Filesize

    32KB

    MD5

    1854505a3f6d683ed7eb81612934370c

    SHA1

    4f710add9a652d2fb92b7ce45589e27bf03f0b2a

    SHA256

    8100330a266f3027b929ea1bde99440ce4a544c9d9a0abb2ef0d1a73aa4cd9a4

    SHA512

    104a6e9c840b1fddd22ae579624a549c911abfbb48dc4454d3d231619c41a9abbf22f0dc5362a80c8c8245cc18566661f3645ac48c61259132886d4bf4678962

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    512B

    MD5

    0d63e0fde6915987f070edc74f9fb48a

    SHA1

    92b6193118beaefce187a45e4e6dbee87dd72faa

    SHA256

    6f595172321ac204fe6055d68b16cf36a051f3e421e41e582de044a5775ada6b

    SHA512

    1e2bae5fd141a927ce199984d2c7ad71495ea0210ceade619e2f5d041a61cdd3615d57c7eea9c304d7c2b22a5840b0e0c3ded138dc7bd2bd122fa89eb760995e

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    380e904e931c9f2481d16643b498fe4d

    SHA1

    3b7549965a3021ae3063e8f6b1b07f203ccdd083

    SHA256

    39b9114c3226477ab30dd82b75b5152196aa0469cf2b7c9570ca14a17b8c0152

    SHA512

    bf007cc27d42fa39d6f9a484a695eb5ff288e38f55632ba8279865193162c0c957fd107cd9fd91cee46fb85f2bb130d87e897edf3eaddc4ebc5b0d39d88295e3

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    21588b62f0dbe7a136a8df74c0074a09

    SHA1

    caf3f2f5b663d84c03c829f90eeb859495b6c99e

    SHA256

    6f8c44860c497a1bbce42c4b7977f8a05dd2c8da1a0ef81c2e731a288a7bb532

    SHA512

    de39961dc33f1668adaa9fe0946dcc451badab7c173d4cf8c5b8f0340a902e0ca0d953a36de2c83bf48c6e4ec6eb22c506ba5628a6406a918a7e5db7ddd879b4

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    88fc58fd66c2418f8c6097415a130445

    SHA1

    02a8ff00f768dc491f82bcde494cb053869bb9f4

    SHA256

    a57d130116f54f350f60415b2e4fe91200473b1ecaff01432bd958d8e3ede80c

    SHA512

    0b73402ec418da3c5dc3f7a97b719eb9ebf67bce658a5aa9ae9d003bfb6a2a3e9b3a319f6733264c53fdd0e8c0bc1a40eb813ccc902815509b05a2d3e1f27c15

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    b03d7164149c7c49d90e70065ad2dbe7

    SHA1

    e9780457550871fcf7fe08320f176bd3115bd7f3

    SHA256

    1cf2ef5e4151be163e6fde165e6239cb703a19ca53bd4354a2060e34b4856fe1

    SHA512

    6b82cbc417b55b2bcec0f940e694c7a6668dd942648c8fb61eaaf55a7bd17262a576a916df77c6f3a88993f93f0e5efee659294bd44f63c60eac511026bb0b17

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db
    Filesize

    16KB

    MD5

    a487762f813ccd394d22230d5ca1b3b0

    SHA1

    81355be2809bc687dae31dcf09c53045617754fa

    SHA256

    62746b7708ce3e4eec15939c89fc87e2aaac15293b1927b21b6f6decd99108ca

    SHA512

    d526301082939288cf5431c5065384058d8af4f20afa3f92edc8f29c0de3927454938e1d04519bada40e90e5ee28ad6b035818f15b6eb3d987306553c9053f64

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    512B

    MD5

    e0e07b902c41adc33059313d9a8e3290

    SHA1

    d615aaff7086545b551b29b519d708f0a02f65b6

    SHA256

    950730fbebde8965a131eba1d5cbf9bb3f1bb62e3b26ad1992ebe9c8c0c973b6

    SHA512

    385af5a382934db476c6c83ee461b2de6e67a55f7bd61de10daed4603c1caa264e20ddeeaa2578433b4e9fac73ef81ad9de7d4fe1bfd0c1c4d87942657c9ed17

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    03f457337f3d8f2df06ed6e572062fba

    SHA1

    5557052ced8ad09eae1d9c87f076215e981d64b9

    SHA256

    dd28ae733276f575e09c6e8a65f9f74906ef111fa9bc9a10ed47f4e38dc13ca9

    SHA512

    266d414e97b98dbd2c56054ba6d744c6670ea8355b0278dc9e8f57e0e50bcb5aa1ee35aaca00e60271ed48d85890cb90d28f108efd4b9c0ef45a033d5b6a6af2

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    9a6a82bee62fbfe9df52b4aca538eec1

    SHA1

    5fe3cb6279082d3d9112035a1816579332d275c7

    SHA256

    3fe5552c614f5f247b1531dd066323f145baff6c4a40d5a64d3b07e37e4fb48e

    SHA512

    d136bd5335ee4936c174a310d93a892c074eb2d5e6e68622cc64246a083a52355515287e48bb38b3614988bf9c681e5794005b3b6e203acbe745edf78b4c96f3

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    c144210ca145f7ddd2636a8e51756aec

    SHA1

    15ff348c166f3140ef389b77af71e29b7f43422e

    SHA256

    ca252dcaae1d7e09126e057bc480276b48879c991278f74328a16e4c57af45c6

    SHA512

    90f8454b7959e2885941f075400548a1f52038bb8aaff36c9557e268a91c68653f532227ea9b512f0ee1aea85504ca2c48e0fc27ab37ca1bee8214d0de5d619b

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    b85913139be2b4eafb8bc3fe40c3b5bf

    SHA1

    350c7ad7c43810ac69361702e914044b65492e2a

    SHA256

    99a66e2ba895d25921b795e515255aa5e7752894f7d6e20ab2e93cd96f693cf1

    SHA512

    72c60bae7e52b9add136533a64ff0b734c0d115e9c7b9b13c577987f23151323a211dbe358715cc18ee888d72289ab0d8c83b3b0b965e9dabc8600cea456ecbb

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    6d8d6193fcc84abf2dfb1869cb689929

    SHA1

    b9806a408bd99ab502cc1948c110af92114934b5

    SHA256

    f2eb441b598b81d725a42eb481c53f3e66762b1117895118f209eb5a529a46e7

    SHA512

    d5760648ff85a3cd0811a295bf19efac89abfa4a61453284d5228de5f3b7aaa6e028622f49efc203f3a98b7e7569cca076a4cc3bfa89c9dcf03ff163b30c79d2

    Download Submit

  • /data/user/0/com.tencent.mm/files/CallLogs.txt
    Filesize

    3B

    MD5

    58e0494c51d30eb3494f7c9198986bb9

    SHA1

    cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d

    SHA256

    37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570

    SHA512

    b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

    Download Submit

  • /data/user/0/com.tencent.mm/files/GP.txt
    Filesize

    108B

    MD5

    d2e807ccb004d6572ca4157f7af48511

    SHA1

    630aac61af552865429e3363105037dfc2907795

    SHA256

    a77e56fd7d2809615abe4de1766854ea0680a01fe38a1650af645c55e1237f1d

    SHA512

    35b951140c78b4f9b2e8c08dc602deb9611ab6f4f146b4b6280de32fb6ebeba6129fbcd9941c07d2b16b966856a19e789fb51898a0effc7d6fe5ff76d91bd998

    Download Submit

  • /data/user/0/com.tencent.mm/files/Tree.txt
    Filesize

    566B

    MD5

    5d0d51c29ca98c51c1e5688ae78ebe09

    SHA1

    d0df65122201d6c0bab279c0568e52b326b20be4

    SHA256

    a98d8869f4d54dbd45046dc5c48a4df88e0b91ba33ceafa4a790cafabb509eb1

    SHA512

    ab6f1841acf277d789d5fc60fc6a4160c11d9f6884dfcc8334bc2b7e9028b2731593a871bec2f3c40679b99c2dc8806f0ed5d99b656dbe3383acd4369fdc893d

    Download Submit

  • /data/user/0/com.tencent.mm/files/accounts.txt
    Filesize

    2B

    MD5

    d751713988987e9331980363e24189ce

    SHA1

    97d170e1550eee4afc0af065b78cda302a97674c

    SHA256

    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

    SHA512

    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

    Download Submit

  • /data/user/0/com.tencent.mm/files/netinfo.txt
    Filesize

    854B

    MD5

    3f8b010344a083b83ea0fc5f00fa7474

    SHA1

    6265c05b67e88419116c70eb86410f57a8a8f13d

    SHA256

    57a264699c9329f6f4aaea99cce031290988e4d2510b5f4732e99bdae97209b9

    SHA512

    cb3a4376deb51f611d8e6b0e7f8787c473c1e74f724d2ca9105e6ec31b13d2a8b299773a6d900ed9cff9033d7a111f4721f8d7e7834391127db511d1dd43b494

    Download Submit

  • /data/user/0/com.tencent.mm/files/netinfo.txt
    Filesize

    854B

    MD5

    f35e3986c2dd506d544024032a5495c1

    SHA1

    03ab8326f5d41a714dadb055c4ff5e17c4bfa054

    SHA256

    fc21d5de31a6dbdccb5ccb93e02a6591648e4a0e647622111b1bcd285323c7e2

    SHA512

    9941789628308e80538cf275cdaa9005f883abe4892c9ae6720ee8514cc03beeb1b74309438666e3432b07f31c5393679e7fbf4af5dbf06c20af8c579e99cfd0

    Download Submit

  • /data/user/0/com.tencent.mm/files/pkinfo.txt
    Filesize

    10KB

    MD5

    b593d0594fc2e98f60b0288475ba950b

    SHA1

    1c10ef393a2666d7640ca45e663321019a5675fb

    SHA256

    49e287b4855336cc22b24d4f912538f43d226ddca9b322d769fb3ef0306d9411

    SHA512

    7ba2ceeddfbc8efee39b6a5d9f81001cca3e07d6d6311ae16e0eff38fd395567fa3236aa7f7b59def32a5a7ed27d24cd852b3936d32bd05b467dbd1ed8dcd40b

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-12-24.txt
    Filesize

    12B

    MD5

    e48057c3603c907cacbe1568a7dbfc41

    SHA1

    6e100086b53e20e499a9be069aa1b452faf82ba3

    SHA256

    4b36685dbf772b2de007f4c98f824966f4f3a132075692d3d3d8f11e84e5468e

    SHA512

    787e1140832e8c308039f0287ee801c00040544d5241425b0c0c8e8dc19ecf3feefa50706723f7a21be209c13b24ab3dbe0691ec42118fdfe18611b13155fb9a

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-12-24.txt
    Filesize

    267B

    MD5

    d2126d9fc9e1ee250e0272ee7d6775b4

    SHA1

    be81c76cb8c8cb20879582a38be90827feedcbee

    SHA256

    dc91ac84aa21024b24a9133c035f36c9d39497738cfdf067155c45b293dc8942

    SHA512

    3afa1210834d864df0fe48de8734f806c13b61c31824318377313c9bd69c84321fc0671c1ca29cf3b5971423c6457a50f9e80f4e008bcdd76c4ff73535aa5e70

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-12-24.txt
    Filesize

    12B

    MD5

    a9256f55737b655c8cff95418411997c

    SHA1

    d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24

    SHA256

    bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412

    SHA512

    10d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574

    Download Submit