f44630788c304e096e9bf5eb4f46364c1175202777878b8f9cbb6a4611ce90f6

Analysis

max time kernel
38s
max time network
151s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
24-12-2024 22:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f44630788c304e096e9bf5eb4f46364c1175202777878b8f9cbb6a4611ce90f6.apk
Size

3.7MB
MD5

e98ecefca85d786304eb9d01fca542d8
SHA1

1da2290fee305ea62cb6571090275071b8960e37
SHA256

f44630788c304e096e9bf5eb4f46364c1175202777878b8f9cbb6a4611ce90f6
SHA512

47d95bdbb189641c4fdb33865be5bf00af75c9947e9b58ea30bf3d7b26eca36c5428fa2217f19371e74d5f92b45c35006df62f86064e5df539b8930b0be19b41
SSDEEP

98304:WF1y8VrJ8OEEQx60BLEA26c5/i/ro4mFb7LNcjFk:Gy8V98KQE0BLEAAK/k4ubHNcRk

Score

7^/10

collection credential_access discovery evasion

Malware Config

Signatures

Checks known Qemu pipes. 1 TTPs 6 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

evasion

System Checks

T1633.001

ioc	Process
/dev/qemu_pipe	com.example.mysoul
/dev/socket/qemud	com.example.mysoul
/dev/qemu_pipe	com.example.mysoul
/dev/socket/qemud	com.example.mysoul
/dev/qemu_pipe	com.example.mysoul
/dev/socket/qemud	com.example.mysoul

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.example.mysoul

Queries information about running processes on the device 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.example.mysoul
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.example.mysoul
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.example.mysoul

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	/system/bin/cat /proc/cpuinfo

com.example.mysoul
1⤵
- Checks known Qemu pipes.
- Queries information about running processes on the device
PID:4214
- /system/bin/cat /proc/cpuinfo
  2⤵
  - Checks CPU information
  PID:4245

com.example.mysoul
1⤵
- Checks known Qemu pipes.
- Makes use of the framework's Accessibility service
- Queries information about running processes on the device
PID:4328

com.example.mysoul
1⤵
- Checks known Qemu pipes.
- Queries information about running processes on the device
PID:4425

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.example.mysoul/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.example.mysoul/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
7b246238dfe7dada22a81d8fc3b5447c

SHA1
5777529037aa3f07c3d260da3a92e321615d41af

SHA256
82a6514a861bd50d5aa7c34db2c7142e0055f4b942de5d3557ec2119cf920eca

SHA512
c60d1ded6148d2c549f0dce6e6b1c66caa6571d7731ab51a595b6061d84fe1e35c85acd7cac5cb846083f0d7e84676710fdc3de04c411b43437e63b4aeb0721d

Download Submit
/data/data/com.example.mysoul/no_backup/androidx.work.workdb-wal

Filesize
32KB

MD5
8cb8dd4f6726813c4d46b44f267fef33

SHA1
7d0d4b5e49d9dcf0723e5bf851544c3c7b480e12

SHA256
1d7b3661cb26df81483b9d811ec80cfff29a41d37eb87d74fe70aaff4564fee7

SHA512
0eb6d9a50983055b658a1da92ea1ffe06bb257f315654c906ae3e459cd29fd530037215254f9ff311474a4f8e79bd726a100ac0b53cc566ab2a548db79fb2793

Download Submit
/data/data/com.example.mysoul/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
fc0c97c9abc5cfc9501337e976c65ec9

SHA1
c9d5fa7916433aebc1904ac8032397dcb010ffd1

SHA256
3ad87a1f7fd350d089efe78353008daaf6868ada0c98e6d8202ab776ab1ed3e6

SHA512
a3f7ddb8d17beffd3a94ab92c12c6af464f8989b88b928545db6873027a37f2b216131b9e2023e923516b61576c1ab99688378068e050903478be8529b32d3db

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads