Overview

overview

10

Static

static

10

c4ffcc636a...4d.apk

android-9-x86

8

c4ffcc636a...4d.apk

android-10-x64

8

c4ffcc636a...4d.apk

android-11-x64

8

Analysis

  • max time kernel
    140s
  • max time network
    156s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    08-01-2025 03:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c4ffcc636a0cd535ed86ae31c5311a9da7a0951f62b41f98d229d680a8ba574d.apk

  • Size

    15.7MB

  • MD5

    e2251311fc8acf5de09952fc451a752e

  • SHA1

    f2c651584be93d84f7ea66e2c2c5dc4ebcb1d058

  • SHA256

    c4ffcc636a0cd535ed86ae31c5311a9da7a0951f62b41f98d229d680a8ba574d

  • SHA512

    f31add99459b749071ae7e5e940ac3e440aae5f17dfa335ffbae9f5ee00d434c7cd2448d94c74166a556fb503e56462541313c9861e41e6494dff37448088210

  • SSDEEP

    24576:YoWgP6AWRuEjdpP4V9YeNkA1LJQX0qQxnh:lvYwPY09k0Xxh

Score
8/10
collectioncredential_accessevasionexecutionpersistencestealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • permitted.condo.respectively
    1⤵
    • Removes its main activity from the application launcher
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Schedules tasks to execute at a specified time
    PID:4470

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/Config/sys/apps/log/log-2025-01-08.txt
    Filesize

    33B

    MD5

    c5eeec129870dd069e1b353ddcd6fe60

    SHA1

    7849bb170a85ab2f929efbadfff6cc6f06c3bd32

    SHA256

    11f2fa2034cbff5198427931b6a3f2bb9be2d7076dfaea20e62a7b91d2326cbc

    SHA512

    4a7b9db60cf8229cc6376deda79ff07b00bd60427925f7cc91060b9b8019c7fb620c651def20b928c6ec6eaed1976b441093a1118795cc8632f6160e2347929a

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2025-01-08.txt
    Filesize

    284B

    MD5

    ee453d77603c551eae9ca4709d0e4f81

    SHA1

    735e60ec270fed9eb8ef12cef35eddb3f8d66322

    SHA256

    3e22f06551e4c66f22889f841b1843887b23ec2b5ab527399c7f0c8627f31cf8

    SHA512

    e29ce47bfa4a6b213d610b5f5320c1b6ce747e7477b9a38da797f3f949a83a2f5773bf657496e3b35c595b8afaa26ddd838f475e2413804edce2990ef5fb1d08

    Download Submit