bcb12986fe8ba7e2e6d433f18416d236ce5bdc76456201ab3a529fa6cb7f92fe

Analysis

max time kernel
108s
max time network
116s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
27-01-2025 12:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Tarif_base.apk
Size

4.6MB
MD5

5db867f30b739f86186d449f747f590a
SHA1

3871729d78429ad2127d483d65a836a6c6e53128
SHA256

bcb12986fe8ba7e2e6d433f18416d236ce5bdc76456201ab3a529fa6cb7f92fe
SHA512

ac144a15c992e8f158d2bc38c661d172fd60ede8129e8604f2b42cce0f0a90451356cfa843466f5817049260557fb45da5f3bc77beb1114b14fbb51c2e487f87
SSDEEP

98304:GMQGOK0DIkAPAvLoSPrH2Q+J6pxQmzAzBxTa0t0MQ+yO79y:GMQpKEIkPPL2Q+qpzu57Wp

Score

7^/10

collection credential_access defense_evasion execution persistence

Malware Config

Signatures

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.whh.premium

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.whh.premium

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

defense_evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.whh.premium

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.whh.premium

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.whh.premium

com.whh.premium
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:5053

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/Config/sys/apps/log/log-2025-01-27.txt

Filesize
13B

MD5
de2c41a51ee9246eb1708f65b511add0

SHA1
2f442d634c8a18760a232c8829d4b5d74a52f074

SHA256
ad2d914ca347cd1930e32f21c6d5448c34104bea181b93abc85ec518985653ab

SHA512
7cdfbd001594503644e9ed80ae852f90ef9e841a8382e2eec6979e149a2c400a3b83055d205b4d1d66e1600e5127482932d5127eb5800d35a4ee5673fe34d84a

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2025-01-27.txt

Filesize
29B

MD5
4787ec2d793459d6d824cba15d698735

SHA1
979a7e7dd3fa4d69d0427bc2e8ccc2b8f63b29ad

SHA256
9f8a9b9fc5b3e5fea728e01c17bc0894da19597f2887b000639533a397372c23

SHA512
0f54c2c637ffa3276812cd914eb6b20bd58ade4e298147aded85876ee7bbf0f1f2feee38f3b159a4b9f9af8009746933be254fd924fdbaaea1bb93453ddad768

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2025-01-27.txt

Filesize
57B

MD5
146b62df2923e0cd39d35ddc7e1bbbaa

SHA1
99d8e6753383263a61891f4707db501a96658633

SHA256
8ac7fa9da05d5404f8510e906cba121534eec3037b90bc642cbf1b7d6e521be8

SHA512
04da03bcc1112d1b7b218df97044c3bee81d249d7120a07e4d2b62553e5e8b3b018e0526a0e56983e4f5b6bdccd2258db31a87c31f974c878cefeb8c3a2f784d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads