79bf103ab57bfc8aa75314210e804af7172b64531272e76d32a979941961135f

Analysis

max time kernel
899s
max time network
654s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
14-02-2025 07:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Adobe.apk
Size

6.2MB
MD5

02ec3e67453ef5c466cde8a55f095a2e
SHA1

ebd228ef8699475700cd43f102557f4d207df94f
SHA256

79bf103ab57bfc8aa75314210e804af7172b64531272e76d32a979941961135f
SHA512

948909555d1de799f364ff0db4fbf151cba36c0994afd89fb28b16ca403dfa5e21c0ba1a5351a0569180efa451e9140e308468b971988fed5f6455b848f2a7ca
SSDEEP

24576:wHDJ2fcso0nE+sqsvo3by7ILeVWOrL8FWYtDH/m:gDMfRfZsAryckdrLi+

Score

7^/10

collection credential_access defense_evasion execution persistence

Malware Config

Signatures

Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	showers.ana.staffing
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	showers.ana.staffing
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	showers.ana.staffing

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	showers.ana.staffing

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

defense_evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	showers.ana.staffing

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	showers.ana.staffing

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	showers.ana.staffing

showers.ana.staffing
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Schedules tasks to execute at a specified time
PID:4332

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Foreground Persistence

T1541

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Hide Artifacts

T1628

User Evasion

T1628.002

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/Config/sys/apps/log/log-2025-02-14.txt

Filesize
29B

MD5
93a5c56126ece8009fb7183738ef3fe7

SHA1
93ca7d98f72dabc6af2f9ad1c1189820232d504d

SHA256
a15029143f904346e1a1e5319881b0aac7d3104f3653fa25509cd2874326ec62

SHA512
ba4e43f11fa5a03c9e514210b729183c160e2bfd611327144451d208e480d65a5b8be4732572b4e0739cdb29a18d848127d008261b1273f9bae3565e110dada9

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2025-02-14.txt

Filesize
29B

MD5
7c53b28a8cbc44a1f555eca8f4e52157

SHA1
0e34d3f51418e75b5d506d9c72b471f6ff01b002

SHA256
cb7374802c704b30f79b565d01511360de01a48369e09a467eb956ce197ed1e6

SHA512
395ceba176a962dd8cb11ca9ff1277f84b8301409b2050da6500d0c0c5a45fc9b3ccc9126fb1633db3039366fc160b0e062c714c34d64450dce8ba6c12e77879

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2025-02-14.txt

Filesize
29B

MD5
b9b530e2448252311640bbecb69b796a

SHA1
215ede46fb42a68a7ae84c3019acb3019668a46c

SHA256
5a290151305de1ec4f790cd8ada8bd68c076a2c4ed497c40a519509659b65150

SHA512
5834499307946d130887067b2f837ddfef7fdfe3a7e5ed8977eb14c2dc1ab328334da35ed4c978e20b3e6b28ff30dbd12f0430f4b7c831481f339d360c260919

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2025-02-14.txt

Filesize
45B

MD5
11e464064dcae11be7956bbd5e854dc1

SHA1
33f37d3846cab06a54e791fbd683e5c6359add58

SHA256
c47b1353029508b39f7b6c7660a73a6434fc47c67acbcc5fc0a4d536484594d5

SHA512
02bc0a1469cd93bb63027291c7e9ccf21a0cdebff5a56996b7e03f92020b40dbada10bcd09ab41e29415bda65d9cafe948415a9542af897fd9561560adfb3ba4

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2025-02-14.txt

Filesize
65B

MD5
d6f61192edad8c6a6c1461ae95ccd718

SHA1
cf9a677883eafd6a7b2fa0ead4cdd58954974aef

SHA256
f3f66d3fb7e33dfad59736e69b43ce8191bb67ff4ed73457ad0519559dea2f76

SHA512
da288f9760576231d4e9bbf889262fa5ee92f1a3f749e77fe2b66b27925ca2325899534a138ba121a6f2a71e490aec332b120f2ff31d70918b61df266f1693f4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads