Overview

overview

10

Static

static

10

c0950c697e...3b.apk

android-9-x86

7

c0950c697e...3b.apk

android-10-x64

7

c0950c697e...3b.apk

android-11-x64

7

Resubmissions

13/01/2025, 11:29

250113-nlxfvaspeq 10

12/01/2025, 22:06

250112-11gedstqdm 10

Analysis

  • max time kernel
    880s
  • max time network
    905s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    13/01/2025, 11:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c0950c697eb7ec84d1406e258a137924b24ef22be460eaee9e4cc88b6a43cd3b.apk

  • Size

    4.2MB

  • MD5

    c60df2dcc8e5c990bcac34123e232f45

  • SHA1

    53b688467668bb5ea3a0c97a0bec12edf82f3769

  • SHA256

    c0950c697eb7ec84d1406e258a137924b24ef22be460eaee9e4cc88b6a43cd3b

  • SHA512

    7a9b88ee04d3b885879aa17bf5709ccc2f7524b8cce2612103200126b1e37dcd6fcf8b52cde579dc79ed3fcd3d7a90f5da611dab4ba916755ba23222d2637405

  • SSDEEP

    98304:lDxwlp3SgS0Dk8JaF/6SudPIqfSD0eXD0fD0pD0nA5D0lD0Dv8:lVup31DBJaF/TYPI2SDFDGDoDCMDEDKk

Score
7/10
collectioncredential_accessdiscoveryevasionpersistence

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 12 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
    collectioncredential_access
  • Requests allowing to install additional applications from unknown sources. 1 TTPs 1 IoCs
    evasion
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Requests modifying system settings. 1 IoCs
    evasion
  • Requests overlaying windows on top of other apps. 1 TTPs 1 IoCs
    collectioncredential_access
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.com.androidrr
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests allowing to install additional applications from unknown sources.
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Requests modifying system settings.
    • Requests overlaying windows on top of other apps.
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:4260

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

1
T1541

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Subvert Trust Controls

1
T1632

Code Signing Policy Modification

1
T1632.001

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Access Notifications

1
T1517

Input Capture

3
T1417

GUI Input Capture

2
T1417.002

Keylogging

1
T1417.001

Discovery

System Information Discovery

2
T1426

System Network Configuration Discovery

1
T1422

Lateral Movement

Collection

Access Notifications

1
T1517

Input Capture

3
T1417

GUI Input Capture

2
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.com.androidrr/files/db.db
    Filesize

    12KB

    MD5

    256df4f1f534234b1d510cd7ccd71dab

    SHA1

    b7d93f7875c80eb6d55ca84ed3def780b6a84759

    SHA256

    8aad7daf3faa9bce66f44dabe11613afeb8731704e93112d890573b9d909d5e3

    SHA512

    3768be2a2f53ce428473f1d92c55342240994ad92fe6af315ba9322239a267fc059c7f0dd8f156c395dcfa5841c257c5158c7fabd28b6ef342fcc2e01b709ffc

    Download Submit

  • /data/data/com.com.androidrr/files/db.db
    Filesize

    4KB

    MD5

    24815b80325d6a52a5a4663ba1f85d21

    SHA1

    300b7ac83e8bda4225d5e4daa6bd0e7b640136ba

    SHA256

    e536c2307655f1145a41e3bdf9baa12c28d1aa4b189e4ab4d79a9d662fc9dee7

    SHA512

    ebed5cf3e67f53b8112ef0541f3110db3462d4684cf92ff7bfe5b232d53a9cab5b4a42d5d1591d66b9501d78f068c059ffadb42d9d0b58261fcb2bf585ade1e4

    Download Submit

  • /data/data/com.com.androidrr/files/db.db-journal
    Filesize

    4KB

    MD5

    a6edaf5d196cbe37001c442300f0259f

    SHA1

    98ac268b72517e5e7d31bdc5795f2c44e9190a16

    SHA256

    f685855220b0a9c9d1814a752ea4091d8cc46f19eedf10de4db5c667c5256a3d

    SHA512

    68e4a76f7ecc880a83618af80401a9bbd7f2782a730fe16d8238ccae466d6f51778bce0b1a6460335c07aa9671f0838b65fb665f4a251f6657eec2ed7ed1b87a

    Download Submit

  • /data/data/com.com.androidrr/files/db.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.com.androidrr/files/loading.gif
    Filesize

    121KB

    MD5

    7b38720a0352dffa26411726c72dd2b0

    SHA1

    b15e687f42abcdc12427f146a3115ef2259211f8

    SHA256

    2013f490d45638cada331b3474ed65b9a43cec60da773accc98332e58c06336d

    SHA512

    0df28f87da4f9beb3ca8c108f54021a2a1a1434771abbb5ba67a2736097f2287b05e5220a33e92c42ee13ecae1144714a422b986763712794f69e65bc44c83e3

    Download Submit

  • /data/data/com.com.androidrr/files/txtscreensize.txt
    Filesize

    11B

    MD5

    1b65c10c6215685f9d621d797f911373

    SHA1

    cc50aaed5cd521a62ec8cf9fe0413153ec90f265

    SHA256

    2230c2b2787663a054c47450ecd1718f0296853ad768b8e5d306ecb912685e89

    SHA512

    5a9139f295dbe384b1584eff5c11f3f86759232f7b661b75f27fe92b996b4cdc0552e315f79b26f5f2c1f91756d9ae04cf0c3675b6172e91a3d373b9b314496f

    Download Submit