Analysis
-
max time kernel
149s -
max time network
152s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
-
submitted
08-01-2025 03:20
General
-
Target
fde931224d2e558e67ac8c9c0c1d0aac4f7562622a67870d6c3024bdeb851676.apk
-
Size
3.5MB
-
MD5
4defa7e71f97180dd679875060b2188a
-
SHA1
351c7ed45a11b9fea142c40484d51b56a7084061
-
SHA256
fde931224d2e558e67ac8c9c0c1d0aac4f7562622a67870d6c3024bdeb851676
-
SHA512
53e7d453799ca9457bafa0643c6fa36f6f2095a81f081286c714545084328bdc5b3f7e23c511465f5886689bbb673f7ef4646287b76c1021eab226d24f31f6d3
-
SSDEEP
98304:21y8VlJ8f7H8/jRRb4A1RtZLrqOfLDcjzm:ay8V38zH8PbptZL3zDc/m
Malware Config
Signatures
-
Checks known Qemu pipes. 1 TTPs 2 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
-
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Acquires the wake lock 1 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user 1 TTPs 6 IoCs
Application may abuse the accessibility service to prevent their removal.
-
Queries information about active data network 1 TTPs 1 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.example.mysoul1⤵
- Checks known Qemu pipes.
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
- Queries information about active data network
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Foreground Persistence
1Hide Artifacts
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
3System Checks
3Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
Process Discovery
1System Information Discovery
2System Network Configuration Discovery
1System Network Connections Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
241KB
MD51e581b53b7641e4d96ac69a4f927fd06
SHA139aef08f433878685c783423ee7259b516f98ed9
SHA25693d95338dcdbd4ad5f2fbc8d506bee82543aa4da717c8896063611e339e7064e
SHA51232340104e51aa7e79b7d1423f0a05b47c9a15464ee90244237b91b556c626b33c2b47d7f5dfa6ff3989ce63f8520d093a9277cc68fe56435d68667a817a3adb6
-
Filesize
40KB
MD5f2fdb59f2eb823c4f5e959f970973f1c
SHA17f8ca86abaa2e464904cbe5817074f5a2f80e56c
SHA256904b998afb4fbeb90be14a01c9456374a18087a057a9ea159b3d7573eae331d8
SHA5127e726c9a4a64b7433262bece27d98d16266cf35f63f0e80fa18ba7c641658398e3fef68677ffab2f57cabd0f4f6448109ed8ad355c304e0a12857c687a6ff3f0
-
Filesize
5KB
MD56cf44569f41e5f0c857bf62127909789
SHA1e3515d92ec6541787de1eb9da524fdf3d4ab7c11
SHA256969b927fe71196dc78fbfadf008bfc5614de0643c13c440181992e6d534cab92
SHA5126a8cb20c596e8b0813c14d2c5e5da4b1c20e9b31447d7ca974cbb7cb95f6bdc8d29667fd14a1b8dd1a6823b0fd28693424fe28afd7231f94c991d6be80e5204d
-
Filesize
4KB
MD5640e3a359a2ce2dc2b38f32103d0ddad
SHA129ee94d7a2379d36711260b123018a0d324d1d65
SHA256e46ee30b8f4d76dd82a41b141f0152b9d4de6391baba5a421445e123af4ef34c
SHA5123c29404879e2e5c06edf9bddc2588015e851548e9560dc56baff768eb2246133a7f951a0bb0527d78957541f0ecf70c8d90b39abc53b10e8847280a727a91ec4
-
Filesize
3KB
MD54fda6fad17e9ef88f897241f321659ea
SHA1b4a647fa4adb9794847ebb6a653e314eec2f1919
SHA2566355a77e4491e9180c5553bf17a0e56d7a334fbc96074af1af376d41a9bab888
SHA51255b2b0a3b5b8fd6f934524870f4c481086b0cb1fda24c84329a843ed54e7fa15d03477cf8ea2ab71406a056f94931be5ff4318b32033dcbbfd759aa42e4cf112
-
Filesize
4KB
MD511374f3401e6e6c3727d69a0add7f819
SHA1735eacb25ad4bc087d56142a7349282d6f3d70ab
SHA256c3a61f4aa50b93c4471e9558bb22c988ff28c5a03d4edbbe048b5ab2bce1dbb4
SHA51269f7223d0128d1dd26e8ee0f8b4f3263e5896a63321df4bcf297cb0ff1af6d180888077773cf89baf8e756f659ad1e44c5bd425bbc6ae8141c6f7f2aa9986904
-
Filesize
3KB
MD5432d55defccbe71fb41cc62fade92e10
SHA18ec97d80caffb4b1fd2eaa7280a42797cfc3d1bd
SHA2568d794ae5892ec5f1b3e3f1c0552cc58532eaa4c921eb4420957b5b9d8276be2a
SHA512b765049b29f2b6f9e4ae65275190155c669f4b9442c0d564cddfdf909fdc6c110c8374e7c529fc7d693911d72b2498f282100c082ac0d0f9edae47033bed6f3b
-
Filesize
3KB
MD5ba8a91fcd5090f977a9cef8b69d74c4e
SHA13bcd775b4d8faec0e46af3ed2def7765e3d5e11b
SHA256894fd3e3600abcb56df4e5aca901741bd9337cf851d6df1c6941c30365ac5cb1
SHA5128f7011ef3d09b1d60cec10c3692320d562783d27371140c743de3fe072ea001448e221763599011a6252df5bd7953555ae3e177959471569e59257426f16366f
-
Filesize
5KB
MD5ce147da4e1058d0251b79ab34fef8c9c
SHA1b8df0c40eaf201c0ab5f322fd4a89a985c1d0618
SHA2564c5699a85a51d3950e7b067600495fc61082e3a4ec2a7e18b3bdb6fe6c82d3d0
SHA5126dde2b085d18340daa38be4908c22c0cce04c6615b30d216c591fbaeda7dd2b08d15c4717d552d80b9aef83ef26a9fef9b727cace604cd528b71bc40e9b0cd2d
-
Filesize
6KB
MD5f075b48093aef67c34ad551121156950
SHA19a069734e4c30fc44d75bc4a896091c822af2350
SHA2565596e6460cbda748965e898e1b34f036d26889d0a22d5ac6d6bf44a05d38f72a
SHA512103e06b4020e0789fc23069be15964048e27626c59fb40d0ab7b4317f58908b2a6c0425a4d061f896a82e7b26afe99cbf1e2fed50bce4ce91a5acb0a289474d5
-
Filesize
3KB
MD582b8ff572b408c1b2c4917c32c4b438b
SHA1ffd66a043d3258c907ea41ee364158b1a71451af
SHA256de09e1ce11982f78e15f8816179029f5120b4b050063cd7c035bcb630883b3a0
SHA5122a470cc60a6224c563235d760aa54cca77b14caccbad9b580685be289e13253ca36c5053a759f526fe04a73babb32ec2713b05b1dc46afbdf66cd6b6a80a0233
-
Filesize
4KB
MD561ff11b0ddcf0292d22cd8dd27b4b1e3
SHA1c7ddfe72b92207e7e4afde422158fb335780e582
SHA256b8f48372c899dc8e1ed06d29559429c9e75090bb2925fb8b310fc0ba4a35b089
SHA512a78190319a32c09c87bc124226123607a116c990ad35ff26ff971fb44470c14492866d7eb825b84ba0af4a52ec2e5c22a8c23079c6f4d5f41db73bd903bb0153
-
Filesize
4KB
MD5afb56e0518e6483857ca83025194d484
SHA1604bf9db8313357c58e2dc1c594a2fdfa971f880
SHA25669ffaf407d5ed09e0e262f8e5b7c9bdb9c35a633c27d0d9f9a8ebfbb4a147778
SHA512a6fa9f0d35051434137a7654bf7cbee16aa285fbd042cea576269b20a5708a80694a82c782837d63ee6a9a110015ef5e75a49407b38cda06e7f416dff49909c0
-
Filesize
3KB
MD5f14b694bf73f41f556fce0f7c1c7aba2
SHA18c962cf2e1c507273ba388ed8c1b2db8ea743f0c
SHA2561e87d280011f87f19e1269b74aa82b6885b38f847286635cfa921a1aee863df4
SHA512e0b7a75835db5930c41700f1ee70690820f0039a192b8cad39205afda441facc8cd492db46207b6edeba1a9efcf486642ddfb90640e30a6790dfe4eca0893a7b
-
Filesize
3KB
MD53205099fe676ded66dc1752f1bd244d7
SHA10f39e9fabc5cc42ce4d6cc2f5197efa0c01449db
SHA256e4270fdabe9da0fef6d8c254e1b41857e08ea46ac568478efca632588b0256e3
SHA5122d397591eeee018795021b89b67938e8c8b9a580a3c5443ed2159e0719892855d926bc85526e3c8c766c9dc352df1ce963312ee315ef5eea9ec3d43ace3c4bb5
-
Filesize
3KB
MD5e96000f78015cfc5cb311a5d55ea903d
SHA19aba1d2cf4404c118fb81d8c28eb5dbae3afc72e
SHA256a19bedeb70fceeddedd0b071067f304b9da5d97e5412316312dfb7599e10981a
SHA512d352b08a55504411086a741d04713c934ad54b2253e0fe54ac7c4cc0830693bb70db5644eb20d1ccebbd9199702b13a501a3d0aad9db9ea57424db77449893ef
-
Filesize
4KB
MD532ac1770820500ee1677993404dcd7f0
SHA13fbf82185713648f5cbba35a4d8e3b41b876caf6
SHA25693fcaa60d9267a33e50c9fd9c44ed3303cd5987daf15b387ab4bf956a8c6b0be
SHA512914d206b72552cc17587d3f60c602e6bbd5e285f668dc72abcfb8d3b0d992b16964d4fa4fca0bb9ed51a8c9d975fe39c1414141f8bb56b694b637ee072e66404
-
Filesize
4KB
MD5089d720ca4a4609d1bbe78cd1522a690
SHA1f4449ba78f13b4f75b9da4c55286a3f7e90a4237
SHA25623c31d9925151e141e001c71766f5965c52ba4ca1c1bd082c41b6ea38c308f84
SHA5127fa49c6fa5d9653b22e9b08f75f68f894ec335c78273950ce2f186b54e0c47667e9de605ceb9c5b93f23fe04cf0d59a3a26ee8eaebc86a9cee4b9558fcbc7b17
-
Filesize
6KB
MD5f074b0757ba8a9f90269f49a563be662
SHA17ba07c6be010f6c802fd0da961263d4e490392ff
SHA256298e182a7304ff2c6706c20122efa5753b5fa02bcb50131d750a4d3b9bdebba0
SHA512ce807faa4a451d97771112a9d32e47ba020d44618eddda009cd35b5bbcfbe31a767aeeebb90b7a131b4abc782c24b462b19f3667f34eed5b9d2c36612048c2c8
-
Filesize
3KB
MD526dc5030784cdeb1fe62f5bd935affc4
SHA1634906f3892ac9c1e3c31b26a82a03ae5adaa3ed
SHA256379c021bce16218f35c96f1c9b6306376e67b5aca9684d5b0931fa2e31105014
SHA512e9fba48ea3a6b66c2c3a0c9514f3ccffd0fde77d7937de2c4797104f8e1b051afa515b12b7d6d5b3b4952b6502c2526f6ee16fda2eb9b91b433668b695bea709
-
Filesize
3KB
MD53a1196e350fda1f7303f8a12defed7ef
SHA1872778a398c24ae7bf8ae3901b211ef8c7988fcf
SHA256d56628f27dabf4c48f9e1017ad068786624bc742cdf7a3f6f9401f3811ad6e3a
SHA512d675f18d600845dca66f2b34a39abb8bb607c10c85747a95e04ca43225b5f223f41b5eb2096f3b7e23a008aa3cacbdcfa0010d7a31c611a8ee2c84b8dec734d7
-
Filesize
4KB
MD5968fc0589e584445415d464bbdef70c1
SHA173f25c387d7df784ae9629a9d71dc850482402e4
SHA256da48f32c6cdad63aa141aa02260042f17ba48e6ba0fc86bc47e24537ed663683
SHA51257260346866f2148288868f08eaf3dc05f7c9a6294d6eab4940e5deb428a3173ac6b246b755788dc74ab6a22675fe19d026194fb4fff7061922043feae6c4f7a
-
Filesize
4KB
MD5bf5c526542440d3f932b9f8ca30777dd
SHA1b485a9ecadbfb15cb19a75fa6874f06732458ab1
SHA256327ac20924f2dcbed1ef1a5ee1a20e532b26ed55221720f8e39115df48f20fb9
SHA512309148ea8446545e0d81873315b4d866ae4d326513e08cc9557159ae7c974bfdd8bfdb7d83e4f180f253f8b9756013897d26ef34279d389523332e988ced3eb5
-
Filesize
3KB
MD5f94499b21887da5005957df04797bf74
SHA1cfb812b13a811b00da3dd4bdff250f5cba00d2a4
SHA256e85a56506e1b64160941488a1b68cf594a367d6f8d0db7aefa7ec67c803c75ee
SHA512ad56a3b53d668f6c4909712f22495118aaf061d44ba7b09569ea0092cfe083a1002df3424e660652bc140385fbaed859e103637522e8ae53a47d5eea196601d5
-
Filesize
16KB
MD592f4fccd58415db0e92162a51e719449
SHA115f497fd30d342607967aa873c78865d9472c5f0
SHA2560be3961d25c265074fe92a0e0f18bd6b59f7fce478a964b156cfb6573dff3c04
SHA512606cad27d1ffb6d5e4c03ca5049cded29430665937c94f05f1b755694338639d69715025e55707275278d40ac54cc41ef6765211cf376db6a79427726c9b0aea
-
Filesize
4KB
MD57e858c4054eb00fcddc653a04e5cd1c6
SHA12e056bf31a8d78df136f02a62afeeca77f4faccf
SHA2569010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb
-
Filesize
512B
MD5627306fe05e6093dd12ba8f570547682
SHA1374b2e020e0306cfb3a406b9d5a4b078fa529505
SHA256a7bd6afbdaa069168b5a4a387d6b694f767fe5e587a973d9f710ff8dbf91b587
SHA5121e930a242650c72fd849b1df3a967a94c0472bdb58cb7385772bab2254312a1e5ea5a1e33cfd36c303854e7d9861363850b6109635a1bed139c6b95b9ba4bde9
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
16KB
MD5bdba923739e82cf2d28bbb13af51e8a7
SHA1151af061e5d02c9b118c2c3979f22c8f96731f87
SHA256407b5ed7c16b042ec75d3203265fb1dda974e3bf32561a1c668d47c409ebc87f
SHA512a0b3cde318977edf08bf0cef14a562a4022f2952ee8aec51edd2eed2da4675eca3621143a5f443037bf4529abd0027b94468a83d91919b20d40d2be18f8f9ee8
-
Filesize
108KB
MD56acd0549ff621eb82bfc06b6723c0c9e
SHA173bebb8e210bfe1bddfeb0f4cd54dca3c0dbb4bd
SHA256b5707b021b0b717ae0f94df3cdcb98d10f01a6343e818388a5875b42fb5a3659
SHA51243b80256c0a4f4873bf5e67ee91a77ec1033610f8374322f48e489ec7c82cd48c122eca1186d7562b2a2689ea64b4ce776a7bedaea434e900a09d750aeb53f79