Overview

overview

10

Static

static

10

c4ffcc636a...4d.apk

android-9-x86

8

c4ffcc636a...4d.apk

android-10-x64

8

c4ffcc636a...4d.apk

android-11-x64

8

Analysis

  • max time kernel
    140s
  • max time network
    153s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    08-01-2025 03:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c4ffcc636a0cd535ed86ae31c5311a9da7a0951f62b41f98d229d680a8ba574d.apk

  • Size

    15.7MB

  • MD5

    e2251311fc8acf5de09952fc451a752e

  • SHA1

    f2c651584be93d84f7ea66e2c2c5dc4ebcb1d058

  • SHA256

    c4ffcc636a0cd535ed86ae31c5311a9da7a0951f62b41f98d229d680a8ba574d

  • SHA512

    f31add99459b749071ae7e5e940ac3e440aae5f17dfa335ffbae9f5ee00d434c7cd2448d94c74166a556fb503e56462541313c9861e41e6494dff37448088210

  • SSDEEP

    24576:YoWgP6AWRuEjdpP4V9YeNkA1LJQX0qQxnh:lvYwPY09k0Xxh

Score
8/10
collectioncredential_accessevasionexecutionpersistencestealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • permitted.condo.respectively
    1⤵
    • Removes its main activity from the application launcher
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:4263

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/Config/sys/apps/log/log-2025-01-08.txt
    Filesize

    33B

    MD5

    d97615906510446bff6ff42f8933c9c8

    SHA1

    eddcfb510c64ed615036ae5763ce71e39d229dfe

    SHA256

    fa0871d303e54951941de6170567be6be05d774489a4576cd9f8a9a71a6af72d

    SHA512

    0589a73a748f947510465e03a15b51c82650f012ab36cc1127752dc5b9ba4323b2c8dcbef404975a7ed66cb566a63ead83f422653008701b7bf701ae1ad73439

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2025-01-08.txt
    Filesize

    33B

    MD5

    c5eeec129870dd069e1b353ddcd6fe60

    SHA1

    7849bb170a85ab2f929efbadfff6cc6f06c3bd32

    SHA256

    11f2fa2034cbff5198427931b6a3f2bb9be2d7076dfaea20e62a7b91d2326cbc

    SHA512

    4a7b9db60cf8229cc6376deda79ff07b00bd60427925f7cc91060b9b8019c7fb620c651def20b928c6ec6eaed1976b441093a1118795cc8632f6160e2347929a

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2025-01-08.txt
    Filesize

    284B

    MD5

    63918b85145b30924f50b21178452440

    SHA1

    9b5eb6e1075a0096bd5bc033c0eb48f4f4b459f1

    SHA256

    9f8853a0eb21aa0eb9d8ec6e743bbeb2c9cb6844bdfdadfea61cf899739a461f

    SHA512

    1bf064d75074366de6eb545272ad9d0da632390b77d90d5ff4a63c7a801ef38df711f409923e6417ec7f2e9d052541e9e241897a4da87198531a06f151444e3d

    Download Submit