2955d3b29478cfa7cef60cec968225d5541edd94ab4f08ba037843368d86806f

Resubmissions

28/02/2025, 12:42

250228-pxj6bszqx6 10

28/02/2025, 11:57

250228-n41wzsyvhs 10

Analysis

max time kernel
142s
max time network
156s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
28/02/2025, 12:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2955d3b29478cfa7cef60cec968225d5541edd94ab4f08ba037843368d86806f.apk
Size

12.7MB
MD5

198b09fea9e34251de6eb1970814cdf6
SHA1

f430c95ce40aae9565008abe064f708bff63f295
SHA256

2955d3b29478cfa7cef60cec968225d5541edd94ab4f08ba037843368d86806f
SHA512

51d7eede38aeb80ab5f87ac25ed64421113a4be739076931cd92c37db138aecf8756d9dac2247c12cc2247c623bd87fe8272d85f4991da082ec45b005aacc4d8
SSDEEP

393216:ipAM02+p7+IB2rhNumqYZz1xwPmLH+luHeFoDcJ6FSoRlK/a:ipAM02OuT3ZzzB7eV6A9a

Score

7^/10

collection credential_access defense_evasion discovery evasion persistence

Malware Config

Signatures

Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.bdjthys.asragzw
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.bdjthys.asragzw

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.bdjthys.asragzw

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

defense_evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.bdjthys.asragzw

Performs UI accessibility actions on behalf of the user 1 TTPs 7 IoCs

Application may abuse the accessibility service to prevent their removal.

evasion

Prevent Application Removal

T1629.001

ioc	Process
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.bdjthys.asragzw
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.bdjthys.asragzw
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.bdjthys.asragzw
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.bdjthys.asragzw
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.bdjthys.asragzw
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.bdjthys.asragzw
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.bdjthys.asragzw

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.bdjthys.asragzw

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.bdjthys.asragzw

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.bdjthys.asragzw

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.bdjthys.asragzw

com.bdjthys.asragzw
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4308

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Impair Defenses

T1629

Prevent Application Removal

T1629.001

Input Injection

T1516

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.bdjthys.asragzw/files/app_icon.png

Filesize
100KB

MD5
da33e2a9f8ee81850255041f142ab811

SHA1
8fb4dbf6b550ce35df3130f51a275f8e9d20879f

SHA256
a1f9632e4fde058b43bbeb137ad446d761e54950b9e5e238ef4d76cb8ee4ed83

SHA512
40fa0d8480dd936e2a4b534c4cc09e78cbb1c37e3639f71015a831b47a60766e1aedffabb12f0cb13f669a042ecf1319c27a1a43957880d9ede274fff7c4ae9b

Download Submit
/data/data/com.bdjthys.asragzw/files/db.db

Filesize
44KB

MD5
d5d190e1180c5e6858c40a93f7526f12

SHA1
0d054f2e34776c8d5bcfd54d743831b9919618fe

SHA256
274fe3e82fc2630d99809afd6a1c64768a77ed69c04b33e0df6a292a5a042203

SHA512
0d58df37359d6e35f02ef95e4edcfb05fac6c3bc57d1c3e56e49fa7b6c66aef3f99b383cb14dc5a01b52bc6a0d4685f275fb30279aa26e8339a5e0b8416ba85e

Download Submit
/data/data/com.bdjthys.asragzw/files/db.db

Filesize
4KB

MD5
2c6fe773f7cc42d162630d93a98fa91f

SHA1
a0d76f9403df661aea3017a0d912de03c415e3a9

SHA256
3855acc95e1e3648649a16c91abdcb1e2eb81826ae6171a0ab25c5b74452f186

SHA512
20436ab982d11ec32d69267c93c378e4ad92d8f840f5b412984af5aa0240f0eb8df757fdfde5ab95a2649c6f9862d9b633cd8dfcab5c07c1a4533072600c39a6

Download Submit
/data/data/com.bdjthys.asragzw/files/db.db-journal

Filesize
4KB

MD5
2e32cd87e6f39c1e624bc8829e551631

SHA1
65b733983572a4601b73e40a8ef001e7c104fe7c

SHA256
a6e063c4a38d95535e78cc47e241af6b2f14e0250f7d8060a2081d6a204e3697

SHA512
a6ff9c902d06e37b13f130d2b233a1c93092a26e5b54f25c0d7c9fa3fc1b58defad66cf6da6a0a2d8bf840ee87ff30930d83172e76d95d45cadd39de28ab846f

Download Submit
/data/data/com.bdjthys.asragzw/files/db.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.bdjthys.asragzw/files/design.txt

Filesize
1KB

MD5
713bec4ddb1bde5251ef6452c376ae3f

SHA1
e9ea184c10e73f42d56ca9fe647b98ec14acdfa3

SHA256
ed5bcc3fe37e5ab8e659b891bbd1ff76d75cb7796b371fb158d567eb22d290c7

SHA512
14ac81cdaedc10a64d89d22c1a106733eb8027e475c0d929d73ac1b7d5e1bcd30382d5f7e5c6fa5245d0b7604b3ba56de75c14dae8ce189b5742f1a232f9c76c

Download Submit
/data/data/com.bdjthys.asragzw/files/designxiaomi.txt

Filesize
1KB

MD5
8d823a447deb03af61befa852ef1b32f

SHA1
e8e0b4b907692c574074686bc1b126fb65c20f0e

SHA256
6462cdc6bdabfe21a3232252e29ba091dfcf6243335345ff1a17cd7fbafe97e5

SHA512
b48931bbe23124fb18c6f32d8660f033d40fc0de399174af51f1a3d01c186880b9d0b1ab5311699afc22e54381fd60d7adb6c635d91aa535eb088b78922de039

Download Submit
/data/data/com.bdjthys.asragzw/files/files.zip

Filesize
2.7MB

MD5
1a6a523bf8707c4ed8c49b7fe93cf3f1

SHA1
a7ead56b1ec28e42fff8c3f770effbc501e14c18

SHA256
553952900bf10d8d63955de2af68b8f5080d7815e0393f32ee484e1b72330ce9

SHA512
ca51f7522e63cda309f6ca8b0c1a53d6bac7a64a030804a7c73ca5c8f7454682e070af688d743153a490487d57ba819ee310fde178e8f828109e8a7b9ee522aa

Download Submit
/data/data/com.bdjthys.asragzw/files/imgarrowdown.png

Filesize
1KB

MD5
a1fbff307d6e911590578fa04663bdae

SHA1
829677a2f6bc86d8bc940c154d329919bedfc698

SHA256
32d9f596bcb9a6c5b497c843d4a1176979fea3c4bdb77b8c9f1a13726003e146

SHA512
8f238ad2eb2e62e946c1b6924f5480d73a080176acd2e5c781a1b48e06f3d826f55d5988cf5102ada0c3622cf675b0009df2d8613c9973673661dd171b974eb7

Download Submit
/data/data/com.bdjthys.asragzw/files/imgcamera.png

Filesize
6KB

MD5
99bdc3d1123335965cd33195220d6eea

SHA1
143370ece74f7f6679294d2f476774f6d9c59ab5

SHA256
9bb1a42dbcb9acc9640727d6edfede011df24e0a3bf7fe4c7bb74c8a9d65b85c

SHA512
d5145410c0d38d6d11b345fec853f349a4b86b99fb4d3480ee478fc4419b43ad44bc8c2a6cf50966d90b29122ff0718a75ed967c420e04175cc7501cba3cde21

Download Submit
/data/data/com.bdjthys.asragzw/files/imggallery.png

Filesize
6KB

MD5
e4f6be9a58c8180e02ca4b058d05c4c0

SHA1
c2a483cb8ab31df818f682444b2f13e1172b9f71

SHA256
deca6226c9ef5ebd1fca2d06036eaabe9e8745b782b46872dffa2dfa49b9caf7

SHA512
9154c5eda29c60a7a9b8ca646fe9aba23664dc89b542657c0a16a4505cbb39e002fad6d5457188f206e1e067be701376693254025130b7ec044ff95ddb04d8a8

Download Submit
/data/data/com.bdjthys.asragzw/files/imgmessage.png

Filesize
5KB

MD5
d1c61fb016074dbdac7e6a60435081b0

SHA1
fd9a8d0699fbe1a99bda11e1693e1a318ac5c6c6

SHA256
e9089bb6e29e711b36116bcd7ba87b9592c239a4b9b4fd1155ec28cb4d471c23

SHA512
e6beddbc922becfef4590658a9cedb132d369477dd2c12a920e9187408d2725185b5ff5f7c9a6aa8a26da69c77d57f0361a7ed4db5f9c2d2c40fe808a656831c

Download Submit
/data/data/com.bdjthys.asragzw/files/imgphone.png

Filesize
5KB

MD5
b92a3d4ab3fdae196a8b1ed6cee33502

SHA1
c5ebcf9c231eb293cd7f7a93b297e165d3cbebaf

SHA256
af70d22ce6d7c2af6cc81e87e1380334ef5d9bba38d6de1cf94eb83a5d97705b

SHA512
3cf15c62f50a7f08a04f0821b2460b83b3df1a23097afa5f25cd5540ba06189dd33c92d95468a9163ab0cec93cad2c349a1bd4c694a8a0eed27251276a781495

Download Submit
/data/data/com.bdjthys.asragzw/files/l_homescreen.bal

Filesize
2KB

MD5
d3cb6e8479f561d7c3d6912fe05fd8d4

SHA1
504d3da1ae52491f5e7b96111d8c7bf3357fefc1

SHA256
731766f79da8aec555e20f75a7f4ee29f4eedda8aec373e92c6fbfab0136210a

SHA512
92d431aabf7bc7e6f5949b05e23dd6bf3229d3e6fbd22009c9a954a0c76ac18a718a2b98e97cae1cccee31c13174d87a80332a34cb1cc7451e7c400e694ae029

Download Submit
/data/data/com.bdjthys.asragzw/files/l_pagescontainer.bal

Filesize
1KB

MD5
af2e70f46f78d2f1ba868ce94787c916

SHA1
5f18b30ff94e4b23da0f06963447d3049468c2ff

SHA256
43bb1cf8a7316de8ba757a1bdc5aa399a230f6dce758202734f22e0b56855720

SHA512
c65758d092b21bffcaf184e1c8f092b8d13758c03665ea17bcf145deb518d35cec659f669c5f1ade3ddbe3d750d4c090032efc76d89f6ec98a0b033bcc092202

Download Submit
/data/data/com.bdjthys.asragzw/files/l_pagescontainer2.bal

Filesize
1KB

MD5
966968c8a5b9aec07736ef4b68fee227

SHA1
6dbf45f443da33ffe4a785496e7e0a4d43d54474

SHA256
3fd58ca0c4af622c3abd12ddeca20b75d8224610bba9476d7da4582264a26b9e

SHA512
fb11a9cafce9fa83cafcc25b84042f4e7249e3d701d01f8bd90b9dd38614d11be1f643de846205b35d63aa46481afd74bb4032b975472dbf9dad53c226edb9c2

Download Submit
/data/data/com.bdjthys.asragzw/files/l_pagescontainer3.bal

Filesize
2KB

MD5
1607cbf08a167daaa7b137e6f3a5cd61

SHA1
484e7fcbdc9c9334d19e5f5bbd1aec4d0075c565

SHA256
6f976842593169bdc5aaad6845c2cec3cc54bb9b29009480324e75e78baba294

SHA512
177d01e112e26ce6f010342058a83230fbb8e468841bc6ce9b202fdc4d297b76b5d9f920c3bb431e9c7708e840b3729cde29ad865a09cb43bc4f3510a0d77d78

Download Submit
/data/data/com.bdjthys.asragzw/files/layout.bal

Filesize
1KB

MD5
62aec1c5c40f6420d29aa822e0fe1a73

SHA1
e181dd37e0f2488591c780a730443ec26ed2fc7c

SHA256
47e720e35e185d8497e80ff0e4c8c48ff0623b37feabafcee457073a5d2ba37d

SHA512
6d8677c65884552dad02217b48f83f476b4c7b467c411cd72c38b73cfb5313c328f510443229faf228a8b399196d14b6049946fe8d45b1227b483922900149d9

Download Submit
/data/data/com.bdjthys.asragzw/files/loading.gif

Filesize
121KB

MD5
7b38720a0352dffa26411726c72dd2b0

SHA1
b15e687f42abcdc12427f146a3115ef2259211f8

SHA256
2013f490d45638cada331b3474ed65b9a43cec60da773accc98332e58c06336d

SHA512
0df28f87da4f9beb3ca8c108f54021a2a1a1434771abbb5ba67a2736097f2287b05e5220a33e92c42ee13ecae1144714a422b986763712794f69e65bc44c83e3

Download Submit
/data/data/com.bdjthys.asragzw/files/pg-de.html

Filesize
420KB

MD5
fb1e526e2589394eb44abe6ceedc237b

SHA1
01544e9440b01a9ccb066cdcd74e59cf6817f344

SHA256
ba6c903c5e79d53ababf0995977af72885f942e54458eb6eaa534e023eb2f493

SHA512
b36cc76b3c503de0903401cebfd0eb97c49debc21ed07cf88615ab8a3e36a3befafa8a5eb37a3d7a75464e43edeb4b0e7fe37c971fefdf4686bf15bd7e5233c7

Download Submit
/data/data/com.bdjthys.asragzw/files/pg-en.html

Filesize
420KB

MD5
cdf8a3e3784ab140dcd5d2baf5111bd6

SHA1
eb85bf1a6a37c263b5728c81b331beba9d96411e

SHA256
6c99eaf9f9dd37bfd95a2b115461217d16b459a6b63c33cee56b37286379c83e

SHA512
53eac4fbe1643fefe48fcf6bc5c71b2026fb400c27186e300c3e39a7d07a2a3ab81865df4d314e40f2f2dbd5b9afa12879b8ce6989dbd7be14c337c78f6c97c3

Download Submit
/data/data/com.bdjthys.asragzw/files/pg-es.html

Filesize
420KB

MD5
b0a296ef4aa25c160e1772441ef68b56

SHA1
1897261d7777fa9a838fe2f8496176694e55c3db

SHA256
a2a61b3a253554768f6ce48523fc0c6c492230317db072a9be0f8a2e95ce1a0e

SHA512
e7fb3a8c91c09a22b81cf37e6cd97e9572edb9bcdb534a23c8f69e4bb64f3748b74d03ec080e22c3e25d8562f476d852c3029bb6dc4b2178d139c284b00dd863

Download Submit
/data/data/com.bdjthys.asragzw/files/pg-fl.html

Filesize
420KB

MD5
92899c7c532d1e428eab098d2d392213

SHA1
cc94c942cee010d6a72c3d0d763707624f653500

SHA256
ea01b841d8fe42d6e9b819b14886375684f4875042b20bb4c6091f7e1347f205

SHA512
9049f11ced171e46183f969765456053b7c4a258b32b48602972059c6acefbabddf907ba1f1c7bee6c66884c12ae2c27524d734f2c84d89adac7a941b60974a2

Download Submit
/data/data/com.bdjthys.asragzw/files/pg-gr.html

Filesize
420KB

MD5
017ad81fa694432ff875514b20721de5

SHA1
6b867dc6643d697ecf7e88914f0eb0dc755ee749

SHA256
759f26572c97390acedd5373ad039870914095e0c0ce0aa421ec95793a886187

SHA512
3646df32d349481a3435bafdd7b97777bf645c3e9876393cd055e30babd1debe75b55260018637abf09de906666c9ca8cb1d5a1b20d11418f08467e6f5114a7e

Download Submit
/data/data/com.bdjthys.asragzw/files/pg-it.html

Filesize
420KB

MD5
39a06acb14ec8507e7f23ae630d01efd

SHA1
d675cecdb91b9f6b53c79de492524f715cdc3c22

SHA256
bb882a49f48e199bbec097e87efe1224a0c79db0464b17e407858450f9dc0404

SHA512
1dfc466ff823f7f9d9b52cca223269e2cc0b851daeb82084d2a009cc5e593c7f46788a42893469748e1e0b3bd91d9f1a4c5065277ede3172007004f5a10cfb2f

Download Submit
/data/data/com.bdjthys.asragzw/files/pg-pt.html

Filesize
420KB

MD5
3f50a4a7bfdbb4b9285af8fb8ceb9389

SHA1
4cafc258ec41199f4c88da8810893821d8700c7f

SHA256
1e34f728255a05d5daffa36e7124dd9fc4204def9102a0cf27588e8c0db2d734

SHA512
afb578ce9124d590f728c0c455ed66e00b2b3fe1e5db2f32d3daf7165ee733a5889a994cb13beb8ce997284d012377579f8ddf5e698f23d4c192a47280416ce3

Download Submit
/data/data/com.bdjthys.asragzw/files/pg-se.html

Filesize
420KB

MD5
cd54237e4adfe9aed711fc29507e7a80

SHA1
a2251f9287c774b993f837c59f40fd6dc6721f30

SHA256
f496a030259c720c36d3cb3049ec031db32b1ca478df32f44f38da062efd31ca

SHA512
e7d05dd4fab720ba591000d82e8394f5673e526def4db8eeb24bab0ca2dbb8776873ad2d42560b39baaf8486c963514e7a0cf56e40fdf2b237705e22eabe58c1

Download Submit
/data/data/com.bdjthys.asragzw/files/tmpico.png

Filesize
2KB

MD5
6af6fe01c19168fb3721cdd41b5b18d3

SHA1
be58b1bdebf10cbebb957df5c10938500b484f88

SHA256
23afbd8afbe3f734e1a6208562bffbd7baf0e6857476a5cd6e64a337ecb3ccde

SHA512
3a0d9b5649fe07955d78a0e030e90c58d6cf3dd097fcbc7c779f2ee052e4f9725ff6dcf04442816048b7d06e4c836cb663c7b64540ce83172e4997fb5a168a6d

Download Submit
/data/data/com.bdjthys.asragzw/files/txtscreensize.txt

Filesize
11B

MD5
1b65c10c6215685f9d621d797f911373

SHA1
cc50aaed5cd521a62ec8cf9fe0413153ec90f265

SHA256
2230c2b2787663a054c47450ecd1718f0296853ad768b8e5d306ecb912685e89

SHA512
5a9139f295dbe384b1584eff5c11f3f86759232f7b661b75f27fe92b996b4cdc0552e315f79b26f5f2c1f91756d9ae04cf0c3675b6172e91a3d373b9b314496f

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads