Overview

overview

10

Static

static

6

com.tencent.mm.apk

android-9-x86

7

com.tencent.mm.apk

android-10-x64

1

com.tencent.mm.apk

android-11-x64

10

Resubmissions

25/01/2025, 07:51

250125-jp628svlfk 10

25/01/2025, 07:47

250125-jmnswasrby 6

25/01/2025, 07:40

250125-jhj9wsspdv 10

Analysis

  • max time kernel
    90s
  • max time network
    96s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    25/01/2025, 07:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    com.tencent.mm.apk

  • Size

    3.7MB

  • MD5

    e15906ac8b360aa6e7867fcbb2922089

  • SHA1

    53555056dd2af1933b911ac8adc81a2f438216c1

  • SHA256

    9eaabb6d9f532f9fa304a6826b269296d7ed7ebc404827eb99b3dec1f9bc2b89

  • SHA512

    d79083592e07fe78d3bfabe5989aab9e6eba61ee1632b724115e6170daaad84e9d58f42658aa2dabfa00fe6afa2c8c4b9390d924bde9c538dbddbb4a4a8157f2

  • SSDEEP

    98304:jPR8//FcLJcwHCxZei/svO7LgJQYlcqPTwWVKQ/9Nx:rRy/K1cwix9svOuGqPTp3x

Score
7/10
collectioncredential_accessdefense_evasionevasionexecutionpersistence

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 5 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Acquires the wake lock 1 IoCs
  • Performs UI accessibility actions on behalf of the user 1 TTPs 8 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    defense_evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • com.tencent.mm
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Performs UI accessibility actions on behalf of the user
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:4231
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.tencent.mm/app_mph_dex/classes.dex --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.tencent.mm/app_mph_dex/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4266
  • com.tencent.mm:remote
    1⤵
    • Loads dropped Dex/Jar
    • Schedules tasks to execute at a specified time
    PID:4423

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tencent.mm/app_mph_dex/classes.dex
    Filesize

    7.4MB

    MD5

    d35cb1611e7b7df9d0a619a7fb9691e1

    SHA1

    1815183b2654a7b153093b1c531bcf6efa3ed4a4

    SHA256

    d747e46c7dd239597e3696133ebda66dfa4459794f65290c43d52e8df13596eb

    SHA512

    4aa50f91a49e22ee98d606c627899e722ad0cff159772ca83cec6523c05ad0933fd16d051ba5c21d871f26912e3925c3ad1d7c61027aa9200d5886b9e5aa975c

    Download Submit

  • /data/data/com.tencent.mm/app_mph_dex/oat/classes.dex.cur.prof
    Filesize

    399B

    MD5

    d9d8021920a2091a7bbc627de8cecd3b

    SHA1

    b8c73c6189825b391eae95e731aea41a13289b41

    SHA256

    f43f1dae3876b9920d3de4a73923f00348819f412962200e48b60fae826abdd2

    SHA512

    013853a3017adbcbfbdb5d764d967a4364841905446dab864b653451215bd7b75d1ae0c6ab5dc903f87594351da3791d1a75f0460b5bb2cac4b473ddecc74b63

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    512B

    MD5

    7a115259bf42db434811e36c649122ec

    SHA1

    55db05e252e3aa297a71af7b8232f2a24de89032

    SHA256

    ef9d35baf25c686826a2231d906526dcd7f913b89e4bbf34b27782cedf9018c3

    SHA512

    9baa60713cfc2b99cb7e1b80e33ce2757ccef04b73213bf6bbad5e68bca50ebb7f6a4c1aa497251e6a6c5b7410d33e24b44cae63ae3b1bfcfe5543ad5e6837e7

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-wal
    Filesize

    72KB

    MD5

    c551b855e8204bae5ad974bf2e957b45

    SHA1

    418f0e0ecdf502b633efa543fef683eec4e16b63

    SHA256

    5e441b7d677935a1f555ed5a6c9441d22ddd62426d176d8fe74a19ad64ffd583

    SHA512

    ecf9e795bf1f719dd822ffb9759fbc839cfe63e230c0cdb2a4d15b36c2b6535e96f9b465e146f7c4a008d1bdba10d8c35cd2a579f16a9282c22bb384f5fa97e1

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-wal
    Filesize

    68KB

    MD5

    daf4dd35ddfafe4a0ff6e72ce7c35b4f

    SHA1

    ded316d32634cd507bab31b8a6b83f0d6ddbf946

    SHA256

    3d97cb11a9c51d87556e847891259ffbe01636fdfa36100abbfedc86022af55e

    SHA512

    219863094ac5675ef385c52a90ead0b8fdddcbf87e41938e19b3638000136dc503f7d31b0452ccdcc57b892df92f6c887fda19fa0e80cd77f2dc96eee3f6ed0b

    Download Submit

  • /data/user/0/com.tencent.mm/app_mph_dex/classes.dex
    Filesize

    7.4MB

    MD5

    b35bf0f8786ed0a8b35d41365f3e4ad7

    SHA1

    58a9f03e384407ec9277c86418734029772806c9

    SHA256

    7d05944009dfa9fa1e01f8cb1a038d1eb203894797888e2bb420da31cd9804ef

    SHA512

    95fbf16716eee4decba5c59e855bd6a7c750c455f7556c33944f38b241f67681672b3d1354909eedc9e9201acbeb615108bf93bc2d271ee85c7a3946b705ad99

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2025-01-25.txt
    Filesize

    13B

    MD5

    de2c41a51ee9246eb1708f65b511add0

    SHA1

    2f442d634c8a18760a232c8829d4b5d74a52f074

    SHA256

    ad2d914ca347cd1930e32f21c6d5448c34104bea181b93abc85ec518985653ab

    SHA512

    7cdfbd001594503644e9ed80ae852f90ef9e841a8382e2eec6979e149a2c400a3b83055d205b4d1d66e1600e5127482932d5127eb5800d35a4ee5673fe34d84a

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2025-01-25.txt
    Filesize

    33B

    MD5

    a4108eccb5739553e673ab313da65849

    SHA1

    0fb13e179f07dc45182ab052d5a3d7c8a7d36274

    SHA256

    b89eba20870e3e99735226ea6d971fc91f137b5cf9e0750dc53823fd5c88c8e3

    SHA512

    724733a2e2fd9047b6312046028600b170c5dc823bde3ca867fd7016414a03ac1d2761484e8ce6c2c1bf8837e8216981ea755561d5f3ebbf2ec327224ee8ac78

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2025-01-25.txt
    Filesize

    13B

    MD5

    90d0fa7ccdb0cb7811deebf7ba61bcd8

    SHA1

    5df3531436beb45f541a2ecf66f9d5b63e1fd8e8

    SHA256

    af2231aaeeee16d548418d872b61e50f05602bc5bc2f19f99a18fd17178a5803

    SHA512

    c4e7bcdb35bb47e8204dbc8a882bbb95dc4fe54d8d42c3f935d2e43b87754df6744e5a1b8cf672213760b666e66381fd2876d8ad928670645a3f6eca1a25ffaa

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2025-01-25.txt
    Filesize

    268B

    MD5

    707b079ed148beec1b14485f3927109f

    SHA1

    7986d6b2d784ab8569fd928bfd3bf3317d14c25c

    SHA256

    c938743ba7590b1b81a883bcd36d101138aa00f74e35342ad393b292bc8e952a

    SHA512

    8c8f13a55f57c9c17f128646e77d9698bc6a8f211ae2310e66e0dc369ba55df17828c84fae6b41c0093bb3fc29ede9664117a95499f623ae91a2f7fde9f78ed2

    Download Submit