Overview

overview

10

Static

static

10

97b57a4161...ac.apk

android-9-x86

1

97b57a4161...ac.apk

android-10-x64

1

97b57a4161...ac.apk

android-11-x64

1

childapp.apk

android-9-x86

7

childapp.apk

android-10-x64

7

childapp.apk

android-11-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    25-12-2024 14:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    childapp.apk

  • Size

    3.8MB

  • MD5

    2e4eb67c47fcd577049a2b51de702998

  • SHA1

    7d1253695a722679c3adddac860b79d33088d444

  • SHA256

    47a9af3f2ebcd0cf940e0e4f5a65a8bf20af15786030e0b921709adade6cf2d7

  • SHA512

    e8402ede8062c25f0693133355c1068386cb5427a8ed9c2ca0852980c8ce86fe24c3e372e642113152e9ff3d64dcd80c3341b00124df563c1f1be6405803721e

  • SSDEEP

    49152:G6FQ0bL+VAttjJxbf43Bo1dJtp6CUIA1vmzJzdGG1QTOMQUhYqy0cgeRX2ikwWwn:xBZH2o1dJqvmzJzBaTa0teR7Wo

Score
7/10
bankercollectioncredential_accessdiscoveryevasionexecutionpersistence

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • ave.fri.portuguese
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Checks CPU information
    • Checks memory information
    PID:4343

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/Config/sys/apps/log/log-2024-12-25.txt
    Filesize

    21B

    MD5

    e0fddd4b3263097526c231829b172988

    SHA1

    3904c7aa3b8d5b1b9a1c94eabcfbb33267abd510

    SHA256

    55092658897ec6df89f8a134f237777fa906231726bdc00b5d5588c342d7ee2f

    SHA512

    b78e8ad01772efdcfb52144c0e438b79eab8df6502f8a116156141e91750b7d79c779779758ec951d7dcf55b3de07b140d93d3ec773b020daeaef1a2caa1556a

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-12-25.txt
    Filesize

    25B

    MD5

    ba30336bf53d54ed3c0ea69dd545de8c

    SHA1

    ce99c6724c75b93b7448e2d9fac16ca702a5711f

    SHA256

    2d6988fb5afdaafc4e33fa1f71d6f10c95ab5a49a8ec820add5b13eef05439af

    SHA512

    eea34ca526e03349e746d3687ea660b4748f0174fe2ffdb65161e232e08630b345e03329614852ce881a71362ba68575e9dd08fa361a416e5b2fb231e21a0a3e

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-12-25.txt
    Filesize

    276B

    MD5

    9519e97837969a0b1379eef07e5b647b

    SHA1

    ead47b43c30014709668cbcabf9bf7086a65fdaf

    SHA256

    b828141e6e1d97ef0588bb22cb8f004eded98d860710620182890eb15d204956

    SHA512

    a8bd9c23413493f0a196714fb9dd555fed5e10d1f7543ee37f4246460f666ecb81e491b207006e05ef8cb5d7c0410b992eabdd7b939351a78e67ffe3759120bc

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-12-25.txt
    Filesize

    33B

    MD5

    ab19f5b27bdda553465bea37c85b6d8a

    SHA1

    39c9ea5da5a3f0efc548295b27444e11e5630c31

    SHA256

    117970679bdbb37a676b2b9c3444ac6954772694fd70c067658cac35de1860ea

    SHA512

    c71df23361248f0f0742b26d8423045eac041a1ace320904f43e6fd139bdbafdc96bc2796aba7ef53419cb5ac98ecc011352da597f24279d6adc34ba5e2f01a0

    Download Submit