Overview

overview

10

Static

static

10

0fdaf59e05...0d.apk

android-9-x86

10

0fdaf59e05...0d.apk

android-10-x64

7

0fdaf59e05...0d.apk

android-11-x64

10

Analysis

  • max time kernel
    35s
  • max time network
    151s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    06-02-2025 22:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0fdaf59e05e59b7013c7a24c5429d7932505e6f03ad3e6a1d794dbcd0c2a590d.apk

  • Size

    3.7MB

  • MD5

    a325db6558c6f6f1029cf46214377c97

  • SHA1

    0b4bcd61485cef461fd48df28dcb03d49d7640d2

  • SHA256

    0fdaf59e05e59b7013c7a24c5429d7932505e6f03ad3e6a1d794dbcd0c2a590d

  • SHA512

    701d82c6e7b9e8bc20c46e254293d5f3262da406b81a4238a6115001cf800bb6a184713b460440638e8554e8b456e92939bf966237644e86f28db55f1d8b5e05

  • SSDEEP

    49152:GgShUVpA25jLKOa8M5Lzzf1q2Jtema+yDvq8sFFP2NEofEcEUh9KXJVntZk+lY6g:ppA2Jnz2fyGdFFP27f1njKZhtm+oWcP

Score
10/10
hookbankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

hook

C2

https://ws.extrawol.top

AES_key

Signatures

Processes

  • com.tencent.mm
    1⤵
    • Makes use of the framework's Accessibility service
    • Queries information about running processes on the device
    • Reads the contacts stored on the device.
    • Reads the content of the SMS messages.
    • Reads the content of the call log.
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4220

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Foreground Persistence

1
T1541

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Process Discovery

1
T1424

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Protected User Data

3
T1636

Call Log

1
T1636.002

Contact List

1
T1636.003

SMS Messages

1
T1636.004

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    4d918733b1e0aafe0183cdf4830ac491

    SHA1

    1375846d34d9a936b920705ec9249388989f452e

    SHA256

    b14c2a3997a9b01978a6e8c11b336238901a414b066534bbe2d4227cec7fe8c1

    SHA512

    a29ba5a9f3deff0091651384dcf8137f40dc54b497bdd8636d823792e9af3b7ce2fdf8c7781ae1999a761feebf0fa4432857298806f090b3c77a1400097417b7

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    ff9369155e69eb080b5db7eafc497855

    SHA1

    077478c727796204240c8baa34694c05425f7a25

    SHA256

    404b82c36f7f9b1d26a3bb06f99809a218bf874685721996f531fc308b972ad7

    SHA512

    8b44876bb9f6fecb9fc1faf475d39306ec77fa921f2063be69c575f308439b0e482b18631b546e3d23c2475cec27c6682e20e0fe3fc33351d6e47d033e28e730

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    41ca17d74f44c86a024c3b265616a6ea

    SHA1

    785c331718760a27ad3082b0becde719979d1c57

    SHA256

    79225e438e660e5e6f2d99754ba67e8107992c5e3fb0f08344827618806c7746

    SHA512

    64aeabe8c30c117be04dd44479894b9d9bdf2d46d4a890f7e78ca6a541a394e4e211d9df01fee8ec926e6b6f287192be94fa19e6de53b022759b4d22d1dd4392

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    41abeef31a3f86f837cbde8c25873a61

    SHA1

    6fa88b99aed2ff0e058e6f07c8ad0c8de608b193

    SHA256

    54f2634e1ac8e149970a0282738ee34cfd351c0f88b85ff00e6bd7064fda1a2a

    SHA512

    20c6a62b3e3bcb24af927b01dd6ab9d1d7333f21cee72595481777a9657e1eb8eabcd50f4a88432fba34620a7ab7eea95beb4cb1452fe81496d515e07f38ceaf

    Download Submit