Overview

overview

10

Static

static

10

97b57a4161...ac.apk

android-9-x86

4

97b57a4161...ac.apk

android-10-x64

4

97b57a4161...ac.apk

android-11-x64

1

childapp.apk

android-9-x86

7

childapp.apk

android-10-x64

7

childapp.apk

android-11-x64

7

Analysis

  • max time kernel
    299s
  • max time network
    301s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    25-12-2024 14:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    childapp.apk

  • Size

    3.8MB

  • MD5

    2e4eb67c47fcd577049a2b51de702998

  • SHA1

    7d1253695a722679c3adddac860b79d33088d444

  • SHA256

    47a9af3f2ebcd0cf940e0e4f5a65a8bf20af15786030e0b921709adade6cf2d7

  • SHA512

    e8402ede8062c25f0693133355c1068386cb5427a8ed9c2ca0852980c8ce86fe24c3e372e642113152e9ff3d64dcd80c3341b00124df563c1f1be6405803721e

  • SSDEEP

    49152:G6FQ0bL+VAttjJxbf43Bo1dJtp6CUIA1vmzJzdGG1QTOMQUhYqy0cgeRX2ikwWwn:xBZH2o1dJqvmzJzBaTa0teR7Wo

Score
7/10
bankercollectioncredential_accessdiscoveryevasionexecutionimpactpersistencephishing

Malware Config

Signatures

  • A potential corporate email address has been identified in the URL: ecc6f5e6b0@apng
    phishing
  • A potential corporate email address has been identified in the URL: gt@5
    phishing
  • A potential corporate email address has been identified in the URL: [email protected]
    phishing
  • A potential corporate email address has been identified in the URL: [email protected]
    phishing
  • A potential corporate email address has been identified in the URL: [email protected]
    phishing
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Acquires the wake lock 1 IoCs
  • Performs UI accessibility actions on behalf of the user 1 TTPs 12 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • ave.fri.portuguese
    1⤵
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Performs UI accessibility actions on behalf of the user
    • Queries information about active data network
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Schedules tasks to execute at a specified time
    • Checks CPU information
    • Checks memory information
    PID:4787

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/Config/sys/apps/log/log-2024-12-25.txt
    Filesize

    21B

    MD5

    fbfc3753e49de35edfa29ac4d5925771

    SHA1

    694b9067cd129fa3eafab5ef5e3bc83e5a2d4f22

    SHA256

    07a5cb2ecfd86f8f2d28757ffb2a5daa4973477148b7e0fc569d48492965984c

    SHA512

    c253ace16d973614ffdc8b7fa3b8e7abf655d450f7186050dd2c155f97d57ea8a65d07d5b62c7ea9d3b405da0551061cc1281a4ed0066d73b28d41e0a8105ac0

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-12-25.txt
    Filesize

    21B

    MD5

    e0fddd4b3263097526c231829b172988

    SHA1

    3904c7aa3b8d5b1b9a1c94eabcfbb33267abd510

    SHA256

    55092658897ec6df89f8a134f237777fa906231726bdc00b5d5588c342d7ee2f

    SHA512

    b78e8ad01772efdcfb52144c0e438b79eab8df6502f8a116156141e91750b7d79c779779758ec951d7dcf55b3de07b140d93d3ec773b020daeaef1a2caa1556a

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-12-25.txt
    Filesize

    25B

    MD5

    ba30336bf53d54ed3c0ea69dd545de8c

    SHA1

    ce99c6724c75b93b7448e2d9fac16ca702a5711f

    SHA256

    2d6988fb5afdaafc4e33fa1f71d6f10c95ab5a49a8ec820add5b13eef05439af

    SHA512

    eea34ca526e03349e746d3687ea660b4748f0174fe2ffdb65161e232e08630b345e03329614852ce881a71362ba68575e9dd08fa361a416e5b2fb231e21a0a3e

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-12-25.txt
    Filesize

    276B

    MD5

    4761d146b85d870d94134c23416ab5f2

    SHA1

    093b5c6f77be39976d583eacc4c88218d28a6e9e

    SHA256

    b1b6fc149b3bc20621fa2ef8bc99573758be1223e3f6d58309d8948d104fa205

    SHA512

    7fa6a6a00d7f74deef82e69a44e947627f220d79e0bec921493caee2f217b273b16e88b182d950d189df5066908b5d7d0fb8a2ec7bf8e33b7acd6e4a4fb8f3a6

    Download Submit