4a34dce719e92d2a0abd8394b5b10fea0c2db2cd2ba21a0059defa3019310114

Analysis

max time kernel
149s
max time network
154s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
05-01-2025 17:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HakoGram.apk
Size

102.1MB
MD5

72636d9438aff5b5720c1d2e6b914722
SHA1

e13dc8f1add3d1b6fb64aab6e257d91a72369652
SHA256

4a34dce719e92d2a0abd8394b5b10fea0c2db2cd2ba21a0059defa3019310114
SHA512

3ab27a9449707b2984e00f332596a72e99c09f37a787ef829dff908a685913be1eec6e5af307f85bc1162531f6c363cc84f79457c0a2541265fc8ba5b571c54d
SSDEEP

98304:6Kfg7F1d+kYQ+QbISPYo5FGDzsmzxzBNTs0tR06/:n47F1dcQbJFG/7zZ/P

Score

7^/10

collection credential_access evasion execution persistence

Malware Config

Signatures

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	interference.footwear.determining

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	interference.footwear.determining

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	interference.footwear.determining

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	interference.footwear.determining

interference.footwear.determining
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Schedules tasks to execute at a specified time
PID:4497

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Foreground Persistence

T1541

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/Config/sys/apps/log/log-2025-01-05.txt

Filesize
33B

MD5
dd6f97ce360fc74f49b994a826bb8c67

SHA1
9be6a792d5aeabaa568b918c8057ef5cec18c918

SHA256
953d3a7109a393f550bcbdab19055e428cefb90ee9816ba70df16c39cee65079

SHA512
cbafc3f2bb492ed716c913d3089f9c84477971bd77f4d0844f26357a6d285771ae231489ab5d21c362f6f337ab21a8b07438a12515e96825f9b05b1fb4e876a2

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2025-01-05.txt

Filesize
13B

MD5
de2c41a51ee9246eb1708f65b511add0

SHA1
2f442d634c8a18760a232c8829d4b5d74a52f074

SHA256
ad2d914ca347cd1930e32f21c6d5448c34104bea181b93abc85ec518985653ab

SHA512
7cdfbd001594503644e9ed80ae852f90ef9e841a8382e2eec6979e149a2c400a3b83055d205b4d1d66e1600e5127482932d5127eb5800d35a4ee5673fe34d84a

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2025-01-05.txt

Filesize
25B

MD5
362413890618d8a9c0fd0ac9affb1611

SHA1
c8499eb6815304beea203e27a28aba15f72c3832

SHA256
58708cf1e1881aa010d7f5051db15507195cedaa9776d78e2ec74807406d2ca6

SHA512
2348e269566780f1c1b88b53cd33acdafdd637600440fb6e89756d78d9677d9387401a29a216923906fa3f4a63804ba2079106e79505c456384661e80d268c90

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2025-01-05.txt

Filesize
37B

MD5
9749192580b2ea878f269ff1664b2d65

SHA1
1672bf5830064ec049195bc4493d8e77be2cad9d

SHA256
db5760c25427f8ca5dd0f92b51c4d5d248621393ea5e33558d44adf8b2066d3b

SHA512
353be6a6b7e13b0a7a91161539a0541e0c9a0868c06e5c40f53182deee46363ddcf60a3f0e07191c5f7c83f128c8fcc39c91f3e7ecc32480970b163f892d18bc

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2025-01-05.txt

Filesize
21B

MD5
40fcf48a4ecdb632240619eb756772ce

SHA1
83706b0dcc3ff8032962dcd0d73a36ba65dd6f30

SHA256
d153cc76e9f7a12c26dbe0d197285a77fc8efeed1b1f3d35c25ba386711b5c80

SHA512
4757ed0904a24ed77c8c2dca9be96f084cebc54a93c43eb0eb27545aba7e58916abb0b639254d90ebffea1e760b85d0a0fe53ada28194734748116475dd9829b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads