Overview

overview

10

Static

static

10

9db3d7a0c6...84.apk

android-9-x86

7

9db3d7a0c6...84.apk

android-10-x64

7

9db3d7a0c6...84.apk

android-11-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    157s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    21-02-2025 04:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9db3d7a0c657c5abbe688ab61638cd14d905484b1b9c4906a347922fc7e30e84.apk

  • Size

    3.9MB

  • MD5

    0116c96dce400053d1348a2626032efd

  • SHA1

    0218c087f748073cc4d2b3693a259bf240c897cf

  • SHA256

    9db3d7a0c657c5abbe688ab61638cd14d905484b1b9c4906a347922fc7e30e84

  • SHA512

    164de2e1b097879eb74ba16ee55045b6cbcf77ca669fb5195395721e8cdce48c97e31308f74db37cc6adb377cad603b2d158995cffc8e56fd9d01cb1b3c5a909

  • SSDEEP

    98304:mPKZLILt8f33dv8mzzzBRT1h0tplH+ODJ:mPKZLzf33trz/4F

Score
7/10
collectioncredential_accessdefense_evasiondiscoveryexecutionimpactpersistence

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    defense_evasionpersistence
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    defense_evasion
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • feeds.pavilion.employment
    1⤵
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about active data network
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Schedules tasks to execute at a specified time
    • Checks memory information
    PID:4612

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/Config/sys/apps/log/log-2025-02-21.txt
    Filesize

    37B

    MD5

    102a6539070bfefa648e9a2771b2396d

    SHA1

    a86b0c4b9d816152227f5821a3993e5b7f16d2bb

    SHA256

    f4235554036a78efb4f48567cf4e4335db7ace503ced4e14e3a637aa6f562116

    SHA512

    c62b433ceabf366b431afc2a15d91d43f9a8d643c33967c0795bd5da073796e8ba77b4c53363172b4811aae89c345327583858f0047419a85811d92c4fbcc385

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2025-02-21.txt
    Filesize

    25B

    MD5

    ba30336bf53d54ed3c0ea69dd545de8c

    SHA1

    ce99c6724c75b93b7448e2d9fac16ca702a5711f

    SHA256

    2d6988fb5afdaafc4e33fa1f71d6f10c95ab5a49a8ec820add5b13eef05439af

    SHA512

    eea34ca526e03349e746d3687ea660b4748f0174fe2ffdb65161e232e08630b345e03329614852ce881a71362ba68575e9dd08fa361a416e5b2fb231e21a0a3e

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2025-02-21.txt
    Filesize

    288B

    MD5

    a812d7e921f75b22461945c993023aad

    SHA1

    dbe7cb658d73d5206af399576214426592156b15

    SHA256

    ef5b5268cf1cb4ce6068e18cd2b4b3e4bc2f4d65ccb354b36568791ec7431575

    SHA512

    c0841e5b79a50870dd7eb1cf5f8ffd8d883c8eaebd8c3f151687c3065e3edbf161c79907d729a27f2e239f3e534f24af7de8222099268460c4ff0476ac1387b2

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2025-02-21.txt
    Filesize

    57B

    MD5

    498e926df9ff1942017a9f82fb354fcc

    SHA1

    9508c1fd8830bf078b052b80bd282576ebbe442e

    SHA256

    ea4e7cf6662d3216ddbb17bd9188c2e1c9645638f5ef5d93348bfd5b9fdd5fc7

    SHA512

    edacd4c74629a3dbe638139af4bd3777e16cbd22ada0a85152e1cda4bad7bab0d019caf5c5d78291c37f773dfe1eb04c26498c8cf42ee31d37a86d1f22388cf5

    Download Submit