04965d57d6fe546f9cfb7b8db78487ed4d4777b3629098485f89f5b86b209337

Analysis

max time kernel
27s
max time network
36s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
16-02-2025 08:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Ant-Miner7.4.apk
Size

9.6MB
MD5

04b9595fc4a3ad1495d99bc3ecda71e2
SHA1

ab232bb987567eb835fc506c6f621f479495fcf1
SHA256

04965d57d6fe546f9cfb7b8db78487ed4d4777b3629098485f89f5b86b209337
SHA512

baa41cbc9229f20d826406055f7fdcbc0f1cfe203e848b5bf86fb41e4742dac32b0918dc6fadf77cbaf1bb145882015126f7ed9bc909dca75125878096246ef1
SSDEEP

98304:aeyuNw5Gzhfhydu+/Aql4OPcsFRAromzTGzBXTG0teoFSx:QuNiGzRIdl6OPVFeXzTONlI

Score

7^/10

collection credential_access defense_evasion execution impact persistence privilege_escalation

Malware Config

Signatures

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	connection.luxembourg.mine

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	connection.luxembourg.mine

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

defense_evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	connection.luxembourg.mine

Tries to add a device administrator. 2 TTPs 1 IoCs

privilege_escalation impact

Device Administrator Permissions

T1626.001

Account Access Removal

T1640

description	ioc	Process
Intent action	android.app.action.ADD_DEVICE_ADMIN	connection.luxembourg.mine

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	connection.luxembourg.mine

connection.luxembourg.mine
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Tries to add a device administrator.
- Schedules tasks to execute at a specified time
PID:4619

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Foreground Persistence

T1541

Scheduled Task/Job

T1603

Privilege Escalation

Abuse Elevation Control Mechanism

T1626

Device Administrator Permissions

T1626.001

Defense Evasion

Foreground Persistence

T1541

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Account Access Removal

T1640

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/Config/sys/apps/log/log-2025-02-16.txt

Filesize
13B

MD5
de2c41a51ee9246eb1708f65b511add0

SHA1
2f442d634c8a18760a232c8829d4b5d74a52f074

SHA256
ad2d914ca347cd1930e32f21c6d5448c34104bea181b93abc85ec518985653ab

SHA512
7cdfbd001594503644e9ed80ae852f90ef9e841a8382e2eec6979e149a2c400a3b83055d205b4d1d66e1600e5127482932d5127eb5800d35a4ee5673fe34d84a

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2025-02-16.txt

Filesize
25B

MD5
8740e34d9d022ce34928dffc552c44ff

SHA1
0014c556afce94f429bccefc4724cead4438f43e

SHA256
eeb5ed8ddc43bcb1da30fcb17b5321aafba4d6334ab2bcf8205c07ab6b5a76d3

SHA512
ce14db926ff1a2d82d3ecc363089c74f5ef25a7c7d1f4c784fd87fbc05cbd39fc81d3c0fed8f37aa9c5ef96061f5b9444d2f1c2e720aa9ac8d9fe00f490da570

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads