Overview

overview

10

Static

static

10

9db3d7a0c6...84.apk

android-9-x86

7

9db3d7a0c6...84.apk

android-10-x64

7

9db3d7a0c6...84.apk

android-11-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    157s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    21-02-2025 04:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9db3d7a0c657c5abbe688ab61638cd14d905484b1b9c4906a347922fc7e30e84.apk

  • Size

    3.9MB

  • MD5

    0116c96dce400053d1348a2626032efd

  • SHA1

    0218c087f748073cc4d2b3693a259bf240c897cf

  • SHA256

    9db3d7a0c657c5abbe688ab61638cd14d905484b1b9c4906a347922fc7e30e84

  • SHA512

    164de2e1b097879eb74ba16ee55045b6cbcf77ca669fb5195395721e8cdce48c97e31308f74db37cc6adb377cad603b2d158995cffc8e56fd9d01cb1b3c5a909

  • SSDEEP

    98304:mPKZLILt8f33dv8mzzzBRT1h0tplH+ODJ:mPKZLzf33trz/4F

Score
7/10
collectioncredential_accessdefense_evasiondiscoveryevasionexecutionpersistence

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    defense_evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • feeds.pavilion.employment
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:4931

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/Config/sys/apps/log/log-2025-02-21.txt
    Filesize

    37B

    MD5

    bba20f1812ddeb5a708655d7e7b7181c

    SHA1

    acc3e9116fc28f5036d4ee1e7386b29eb0f68c05

    SHA256

    dfe73530ab107811224adf8e84da13eae3fcef4f2f1941ba839308342a38c653

    SHA512

    5346bd8bf1053c72c42d57f601519bbc47619e9952501446244f3a032595066e4b95a37a6005bc0be60a0362bdb31afef19dad0c60e2203c46f85944b5caae8c

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2025-02-21.txt
    Filesize

    37B

    MD5

    102a6539070bfefa648e9a2771b2396d

    SHA1

    a86b0c4b9d816152227f5821a3993e5b7f16d2bb

    SHA256

    f4235554036a78efb4f48567cf4e4335db7ace503ced4e14e3a637aa6f562116

    SHA512

    c62b433ceabf366b431afc2a15d91d43f9a8d643c33967c0795bd5da073796e8ba77b4c53363172b4811aae89c345327583858f0047419a85811d92c4fbcc385

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2025-02-21.txt
    Filesize

    25B

    MD5

    ba30336bf53d54ed3c0ea69dd545de8c

    SHA1

    ce99c6724c75b93b7448e2d9fac16ca702a5711f

    SHA256

    2d6988fb5afdaafc4e33fa1f71d6f10c95ab5a49a8ec820add5b13eef05439af

    SHA512

    eea34ca526e03349e746d3687ea660b4748f0174fe2ffdb65161e232e08630b345e03329614852ce881a71362ba68575e9dd08fa361a416e5b2fb231e21a0a3e

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2025-02-21.txt
    Filesize

    288B

    MD5

    1de88d3fd0868953d5c38665d70dadfc

    SHA1

    8e8c28e58427c6151f3c98a0671ffc688fa0ae56

    SHA256

    65c1cb24cb6128f8e41a02e237cfbb1af3aa4b00fcf1a99a7eaebe2dcb359e39

    SHA512

    69291935cd65db23b27f0348917a5db4ba706bf68644bfe24f571ce41e1a3f0cfdf2ec76acc20a22a94c53b3a68dd3eb472246738a79f268399fc3030e2078bb

    Download Submit