Analysis
-
max time kernel
149s -
max time network
158s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
-
submitted
28/02/2025, 12:00
General
-
Target
2955d3b29478cfa7cef60cec968225d5541edd94ab4f08ba037843368d86806f.apk
-
Size
12.7MB
-
MD5
198b09fea9e34251de6eb1970814cdf6
-
SHA1
f430c95ce40aae9565008abe064f708bff63f295
-
SHA256
2955d3b29478cfa7cef60cec968225d5541edd94ab4f08ba037843368d86806f
-
SHA512
51d7eede38aeb80ab5f87ac25ed64421113a4be739076931cd92c37db138aecf8756d9dac2247c12cc2247c623bd87fe8272d85f4991da082ec45b005aacc4d8
-
SSDEEP
393216:ipAM02+p7+IB2rhNumqYZz1xwPmLH+luHeFoDcJ6FSoRlK/a:ipAM02OuT3ZzzB7eV6A9a
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Acquires the wake lock 1 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user 1 TTPs 7 IoCs
Application may abuse the accessibility service to prevent their removal.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.bdjthys.asragzw1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Foreground Persistence
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
Software Discovery
1Security Software Discovery
1System Information Discovery
2System Network Configuration Discovery
1System Network Connections Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
428B
MD57ec79378386bb3fda70534c7e090e6e7
SHA10ebd8b4f6d172b1414a4fe716ad567b07e0f2a52
SHA2568ecfc33ada47162228f2fa345ee3d024609f7db1ad3f17c9fc05fd3574f0f8af
SHA51234bf6fe8e779ae7b26f5e74f770dbece33a902ab1326713434e642028d7024cc2277e647ae4cd68c784c4468f13c560f587aa2437b530da9417b076c238a5f8e
-
Filesize
4B
MD5098f6bcd4621d373cade4e832627b4f6
SHA1a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA2569f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff
-
Filesize
100KB
MD5da33e2a9f8ee81850255041f142ab811
SHA18fb4dbf6b550ce35df3130f51a275f8e9d20879f
SHA256a1f9632e4fde058b43bbeb137ad446d761e54950b9e5e238ef4d76cb8ee4ed83
SHA51240fa0d8480dd936e2a4b534c4cc09e78cbb1c37e3639f71015a831b47a60766e1aedffabb12f0cb13f669a042ecf1319c27a1a43957880d9ede274fff7c4ae9b
-
Filesize
44KB
MD5d5d190e1180c5e6858c40a93f7526f12
SHA10d054f2e34776c8d5bcfd54d743831b9919618fe
SHA256274fe3e82fc2630d99809afd6a1c64768a77ed69c04b33e0df6a292a5a042203
SHA5120d58df37359d6e35f02ef95e4edcfb05fac6c3bc57d1c3e56e49fa7b6c66aef3f99b383cb14dc5a01b52bc6a0d4685f275fb30279aa26e8339a5e0b8416ba85e
-
Filesize
1KB
MD5713bec4ddb1bde5251ef6452c376ae3f
SHA1e9ea184c10e73f42d56ca9fe647b98ec14acdfa3
SHA256ed5bcc3fe37e5ab8e659b891bbd1ff76d75cb7796b371fb158d567eb22d290c7
SHA51214ac81cdaedc10a64d89d22c1a106733eb8027e475c0d929d73ac1b7d5e1bcd30382d5f7e5c6fa5245d0b7604b3ba56de75c14dae8ce189b5742f1a232f9c76c
-
Filesize
1KB
MD58d823a447deb03af61befa852ef1b32f
SHA1e8e0b4b907692c574074686bc1b126fb65c20f0e
SHA2566462cdc6bdabfe21a3232252e29ba091dfcf6243335345ff1a17cd7fbafe97e5
SHA512b48931bbe23124fb18c6f32d8660f033d40fc0de399174af51f1a3d01c186880b9d0b1ab5311699afc22e54381fd60d7adb6c635d91aa535eb088b78922de039
-
Filesize
2.7MB
MD51a6a523bf8707c4ed8c49b7fe93cf3f1
SHA1a7ead56b1ec28e42fff8c3f770effbc501e14c18
SHA256553952900bf10d8d63955de2af68b8f5080d7815e0393f32ee484e1b72330ce9
SHA512ca51f7522e63cda309f6ca8b0c1a53d6bac7a64a030804a7c73ca5c8f7454682e070af688d743153a490487d57ba819ee310fde178e8f828109e8a7b9ee522aa
-
Filesize
1KB
MD5a1fbff307d6e911590578fa04663bdae
SHA1829677a2f6bc86d8bc940c154d329919bedfc698
SHA25632d9f596bcb9a6c5b497c843d4a1176979fea3c4bdb77b8c9f1a13726003e146
SHA5128f238ad2eb2e62e946c1b6924f5480d73a080176acd2e5c781a1b48e06f3d826f55d5988cf5102ada0c3622cf675b0009df2d8613c9973673661dd171b974eb7
-
Filesize
6KB
MD599bdc3d1123335965cd33195220d6eea
SHA1143370ece74f7f6679294d2f476774f6d9c59ab5
SHA2569bb1a42dbcb9acc9640727d6edfede011df24e0a3bf7fe4c7bb74c8a9d65b85c
SHA512d5145410c0d38d6d11b345fec853f349a4b86b99fb4d3480ee478fc4419b43ad44bc8c2a6cf50966d90b29122ff0718a75ed967c420e04175cc7501cba3cde21
-
Filesize
6KB
MD5e4f6be9a58c8180e02ca4b058d05c4c0
SHA1c2a483cb8ab31df818f682444b2f13e1172b9f71
SHA256deca6226c9ef5ebd1fca2d06036eaabe9e8745b782b46872dffa2dfa49b9caf7
SHA5129154c5eda29c60a7a9b8ca646fe9aba23664dc89b542657c0a16a4505cbb39e002fad6d5457188f206e1e067be701376693254025130b7ec044ff95ddb04d8a8
-
Filesize
5KB
MD5d1c61fb016074dbdac7e6a60435081b0
SHA1fd9a8d0699fbe1a99bda11e1693e1a318ac5c6c6
SHA256e9089bb6e29e711b36116bcd7ba87b9592c239a4b9b4fd1155ec28cb4d471c23
SHA512e6beddbc922becfef4590658a9cedb132d369477dd2c12a920e9187408d2725185b5ff5f7c9a6aa8a26da69c77d57f0361a7ed4db5f9c2d2c40fe808a656831c
-
Filesize
5KB
MD5b92a3d4ab3fdae196a8b1ed6cee33502
SHA1c5ebcf9c231eb293cd7f7a93b297e165d3cbebaf
SHA256af70d22ce6d7c2af6cc81e87e1380334ef5d9bba38d6de1cf94eb83a5d97705b
SHA5123cf15c62f50a7f08a04f0821b2460b83b3df1a23097afa5f25cd5540ba06189dd33c92d95468a9163ab0cec93cad2c349a1bd4c694a8a0eed27251276a781495
-
Filesize
2KB
MD5d3cb6e8479f561d7c3d6912fe05fd8d4
SHA1504d3da1ae52491f5e7b96111d8c7bf3357fefc1
SHA256731766f79da8aec555e20f75a7f4ee29f4eedda8aec373e92c6fbfab0136210a
SHA51292d431aabf7bc7e6f5949b05e23dd6bf3229d3e6fbd22009c9a954a0c76ac18a718a2b98e97cae1cccee31c13174d87a80332a34cb1cc7451e7c400e694ae029
-
Filesize
1KB
MD5af2e70f46f78d2f1ba868ce94787c916
SHA15f18b30ff94e4b23da0f06963447d3049468c2ff
SHA25643bb1cf8a7316de8ba757a1bdc5aa399a230f6dce758202734f22e0b56855720
SHA512c65758d092b21bffcaf184e1c8f092b8d13758c03665ea17bcf145deb518d35cec659f669c5f1ade3ddbe3d750d4c090032efc76d89f6ec98a0b033bcc092202
-
Filesize
1KB
MD5966968c8a5b9aec07736ef4b68fee227
SHA16dbf45f443da33ffe4a785496e7e0a4d43d54474
SHA2563fd58ca0c4af622c3abd12ddeca20b75d8224610bba9476d7da4582264a26b9e
SHA512fb11a9cafce9fa83cafcc25b84042f4e7249e3d701d01f8bd90b9dd38614d11be1f643de846205b35d63aa46481afd74bb4032b975472dbf9dad53c226edb9c2
-
Filesize
2KB
MD51607cbf08a167daaa7b137e6f3a5cd61
SHA1484e7fcbdc9c9334d19e5f5bbd1aec4d0075c565
SHA2566f976842593169bdc5aaad6845c2cec3cc54bb9b29009480324e75e78baba294
SHA512177d01e112e26ce6f010342058a83230fbb8e468841bc6ce9b202fdc4d297b76b5d9f920c3bb431e9c7708e840b3729cde29ad865a09cb43bc4f3510a0d77d78
-
Filesize
1KB
MD562aec1c5c40f6420d29aa822e0fe1a73
SHA1e181dd37e0f2488591c780a730443ec26ed2fc7c
SHA25647e720e35e185d8497e80ff0e4c8c48ff0623b37feabafcee457073a5d2ba37d
SHA5126d8677c65884552dad02217b48f83f476b4c7b467c411cd72c38b73cfb5313c328f510443229faf228a8b399196d14b6049946fe8d45b1227b483922900149d9
-
Filesize
121KB
MD57b38720a0352dffa26411726c72dd2b0
SHA1b15e687f42abcdc12427f146a3115ef2259211f8
SHA2562013f490d45638cada331b3474ed65b9a43cec60da773accc98332e58c06336d
SHA5120df28f87da4f9beb3ca8c108f54021a2a1a1434771abbb5ba67a2736097f2287b05e5220a33e92c42ee13ecae1144714a422b986763712794f69e65bc44c83e3
-
Filesize
420KB
MD5fb1e526e2589394eb44abe6ceedc237b
SHA101544e9440b01a9ccb066cdcd74e59cf6817f344
SHA256ba6c903c5e79d53ababf0995977af72885f942e54458eb6eaa534e023eb2f493
SHA512b36cc76b3c503de0903401cebfd0eb97c49debc21ed07cf88615ab8a3e36a3befafa8a5eb37a3d7a75464e43edeb4b0e7fe37c971fefdf4686bf15bd7e5233c7
-
Filesize
420KB
MD5cdf8a3e3784ab140dcd5d2baf5111bd6
SHA1eb85bf1a6a37c263b5728c81b331beba9d96411e
SHA2566c99eaf9f9dd37bfd95a2b115461217d16b459a6b63c33cee56b37286379c83e
SHA51253eac4fbe1643fefe48fcf6bc5c71b2026fb400c27186e300c3e39a7d07a2a3ab81865df4d314e40f2f2dbd5b9afa12879b8ce6989dbd7be14c337c78f6c97c3
-
Filesize
420KB
MD5b0a296ef4aa25c160e1772441ef68b56
SHA11897261d7777fa9a838fe2f8496176694e55c3db
SHA256a2a61b3a253554768f6ce48523fc0c6c492230317db072a9be0f8a2e95ce1a0e
SHA512e7fb3a8c91c09a22b81cf37e6cd97e9572edb9bcdb534a23c8f69e4bb64f3748b74d03ec080e22c3e25d8562f476d852c3029bb6dc4b2178d139c284b00dd863
-
Filesize
420KB
MD592899c7c532d1e428eab098d2d392213
SHA1cc94c942cee010d6a72c3d0d763707624f653500
SHA256ea01b841d8fe42d6e9b819b14886375684f4875042b20bb4c6091f7e1347f205
SHA5129049f11ced171e46183f969765456053b7c4a258b32b48602972059c6acefbabddf907ba1f1c7bee6c66884c12ae2c27524d734f2c84d89adac7a941b60974a2
-
Filesize
420KB
MD5017ad81fa694432ff875514b20721de5
SHA16b867dc6643d697ecf7e88914f0eb0dc755ee749
SHA256759f26572c97390acedd5373ad039870914095e0c0ce0aa421ec95793a886187
SHA5123646df32d349481a3435bafdd7b97777bf645c3e9876393cd055e30babd1debe75b55260018637abf09de906666c9ca8cb1d5a1b20d11418f08467e6f5114a7e
-
Filesize
420KB
MD539a06acb14ec8507e7f23ae630d01efd
SHA1d675cecdb91b9f6b53c79de492524f715cdc3c22
SHA256bb882a49f48e199bbec097e87efe1224a0c79db0464b17e407858450f9dc0404
SHA5121dfc466ff823f7f9d9b52cca223269e2cc0b851daeb82084d2a009cc5e593c7f46788a42893469748e1e0b3bd91d9f1a4c5065277ede3172007004f5a10cfb2f
-
Filesize
420KB
MD53f50a4a7bfdbb4b9285af8fb8ceb9389
SHA14cafc258ec41199f4c88da8810893821d8700c7f
SHA2561e34f728255a05d5daffa36e7124dd9fc4204def9102a0cf27588e8c0db2d734
SHA512afb578ce9124d590f728c0c455ed66e00b2b3fe1e5db2f32d3daf7165ee733a5889a994cb13beb8ce997284d012377579f8ddf5e698f23d4c192a47280416ce3
-
Filesize
420KB
MD5cd54237e4adfe9aed711fc29507e7a80
SHA1a2251f9287c774b993f837c59f40fd6dc6721f30
SHA256f496a030259c720c36d3cb3049ec031db32b1ca478df32f44f38da062efd31ca
SHA512e7d05dd4fab720ba591000d82e8394f5673e526def4db8eeb24bab0ca2dbb8776873ad2d42560b39baaf8486c963514e7a0cf56e40fdf2b237705e22eabe58c1
-
Filesize
2KB
MD56af6fe01c19168fb3721cdd41b5b18d3
SHA1be58b1bdebf10cbebb957df5c10938500b484f88
SHA25623afbd8afbe3f734e1a6208562bffbd7baf0e6857476a5cd6e64a337ecb3ccde
SHA5123a0d9b5649fe07955d78a0e030e90c58d6cf3dd097fcbc7c779f2ee052e4f9725ff6dcf04442816048b7d06e4c836cb663c7b64540ce83172e4997fb5a168a6d
-
Filesize
11B
MD51b65c10c6215685f9d621d797f911373
SHA1cc50aaed5cd521a62ec8cf9fe0413153ec90f265
SHA2562230c2b2787663a054c47450ecd1718f0296853ad768b8e5d306ecb912685e89
SHA5125a9139f295dbe384b1584eff5c11f3f86759232f7b661b75f27fe92b996b4cdc0552e315f79b26f5f2c1f91756d9ae04cf0c3675b6172e91a3d373b9b314496f
