7d69e0d82e74059115486fae5dd5ac6463c7fccd91dbbcaa9587117c7d201ddb

Analysis

max time kernel
149s
max time network
154s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
15-02-2025 18:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a1de866d5f75b3f31becb07f4660e2a3cc29d242888be38fadb5a54657156745.apk
Size

8.5MB
MD5

9f4e25cdd7cf65b7714204ca91162e0f
SHA1

6b824048947cbb6c99ab24fd62cd0eb603f30fd8
SHA256

a1de866d5f75b3f31becb07f4660e2a3cc29d242888be38fadb5a54657156745
SHA512

d07a6d10cbc9264a0623d31a478c2ef30e77ae13e3d021504e4e46d2a807a829a0e2d848447f5f4dab25a68c836c0c1c1cfc21365bbdc7b05167961e99bdaa6e
SSDEEP

49152:P826LuO1F0uqpLVmMGyYQ3CwnJUiBqW0ucmDmzZzdGGYQTOzfUNYqK0cg9cDo:PbUP1DsV/GyCQxpmzZzBfTs0t9d

Score

7^/10

collection credential_access defense_evasion execution persistence

Malware Config

Signatures

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	copied.accommodations.enquiry

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	copied.accommodations.enquiry

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

defense_evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	copied.accommodations.enquiry

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	copied.accommodations.enquiry

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	copied.accommodations.enquiry

copied.accommodations.enquiry
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:5236

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/Config/sys/apps/log/log-2025-02-15.txt

Filesize
29B

MD5
431fd570b6715380ce36d5717504cf73

SHA1
245f1db5c17489167619d7dada8102717c2a3144

SHA256
0fd19ddd6e0f69c8349c53b4cd99036672e14b8af49cb516faf717cfdd3b5ae7

SHA512
f0ab652fbe0719343ca07a36e64a2ad04b172df6e40d86519c46b7b6d85f21657fea77babee7521f8c5726b00e889cad1afd17c8993be11679ff23f93429ada4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads