Overview

overview

10

Static

static

10

9db3d7a0c6...84.apk

android-9-x86

7

9db3d7a0c6...84.apk

android-10-x64

7

9db3d7a0c6...84.apk

android-11-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    21-02-2025 04:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9db3d7a0c657c5abbe688ab61638cd14d905484b1b9c4906a347922fc7e30e84.apk

  • Size

    3.9MB

  • MD5

    0116c96dce400053d1348a2626032efd

  • SHA1

    0218c087f748073cc4d2b3693a259bf240c897cf

  • SHA256

    9db3d7a0c657c5abbe688ab61638cd14d905484b1b9c4906a347922fc7e30e84

  • SHA512

    164de2e1b097879eb74ba16ee55045b6cbcf77ca669fb5195395721e8cdce48c97e31308f74db37cc6adb377cad603b2d158995cffc8e56fd9d01cb1b3c5a909

  • SSDEEP

    98304:mPKZLILt8f33dv8mzzzBRT1h0tplH+ODJ:mPKZLzf33trz/4F

Score
7/10
collectioncredential_accessdefense_evasiondiscoveryexecutionpersistence

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    defense_evasionpersistence
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    defense_evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • feeds.pavilion.employment
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Checks memory information
    PID:4261

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/Config/sys/apps/log/log-2025-02-21.txt
    Filesize

    37B

    MD5

    102a6539070bfefa648e9a2771b2396d

    SHA1

    a86b0c4b9d816152227f5821a3993e5b7f16d2bb

    SHA256

    f4235554036a78efb4f48567cf4e4335db7ace503ced4e14e3a637aa6f562116

    SHA512

    c62b433ceabf366b431afc2a15d91d43f9a8d643c33967c0795bd5da073796e8ba77b4c53363172b4811aae89c345327583858f0047419a85811d92c4fbcc385

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2025-02-21.txt
    Filesize

    25B

    MD5

    ba30336bf53d54ed3c0ea69dd545de8c

    SHA1

    ce99c6724c75b93b7448e2d9fac16ca702a5711f

    SHA256

    2d6988fb5afdaafc4e33fa1f71d6f10c95ab5a49a8ec820add5b13eef05439af

    SHA512

    eea34ca526e03349e746d3687ea660b4748f0174fe2ffdb65161e232e08630b345e03329614852ce881a71362ba68575e9dd08fa361a416e5b2fb231e21a0a3e

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2025-02-21.txt
    Filesize

    288B

    MD5

    59af408edd64fc3e1b8a806b09fc3218

    SHA1

    508760357388f4a979abb88f9aa1c598df11e602

    SHA256

    951797dca4a6daac6201f3cab7f6b9d3eb98a073a98c0ebeb02c41182ef5c810

    SHA512

    09dd08853ac1d25a759ef8aa39f656469864f4f4d30c8e10bf299dc1f817c4fa1102fd96ed09bbf4b68cad460c06c7edf072723780dbaf9e20184cee6d9521ae

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2025-02-21.txt
    Filesize

    57B

    MD5

    094664572d9996aec06473f6753a146f

    SHA1

    13d82e282aa498c8fae69a6f13db8eacbc5fcfea

    SHA256

    a0c8e8e0893203843e5dafe8e9d81f2a417326c1985312e5042d2ae941b464ef

    SHA512

    eaee01dcfe3dcbb7771b8577ea347e66c791169d19fb5dc2fb1dd22d46b378c25902ce133c1f62ffbd13f513de689caabe0b094ab695f8bfcaf9845b46d558dc

    Download Submit