11bd8f00a6c26a3277ecad50f031c6d341da0e3997296a1ce2ed38827bf62891

Analysis

max time kernel
111s
max time network
132s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
19-02-2025 10:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ready.apk
Size

692KB
MD5

82b3d1e048d440c286131650dc6ca9d8
SHA1

7697b560d5b3d6d99ebe49a4e6d4c4e1b47ff843
SHA256

11bd8f00a6c26a3277ecad50f031c6d341da0e3997296a1ce2ed38827bf62891
SHA512

b7f337ef686022a02ec5a1c41607d37dec873b6a69749dd5ff7c3b22162c0bfd533ecd07d49312d67e8b67bf588a38bb20c6b35eb710801c643f6116c90e1066
SSDEEP

12288:O1VMC9BHFg+H6MT4ThOx1z6amPbWLpiusT3cgtN0F8I6Rq21XgDAtWDpO:O1Vr9NFgO6JUzzZmzWUHT3SF8IGNQnpO

Score

7^/10

collection credential_access defense_evasion discovery evasion persistence

Malware Config

Signatures

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.appser.verapp

Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs

Application may abuse the accessibility service to prevent their removal.

evasion

Prevent Application Removal

T1629.001

ioc	Process
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.appser.verapp
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.appser.verapp
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.appser.verapp
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.appser.verapp

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.appser.verapp

Requests enabling of the accessibility settings. 1 IoCs

description	ioc	Process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	com.appser.verapp

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.appser.verapp

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.appser.verapp

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.appser.verapp

com.appser.verapp
1⤵
- Makes use of the framework's Accessibility service
- Performs UI accessibility actions on behalf of the user
- Queries the mobile country code (MCC)
- Requests enabling of the accessibility settings.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4220