Resubmissions
11/03/2025, 05:19
250311-fz4hbasqx8 1011/03/2025, 05:17
250311-fyy67stvew 1011/03/2025, 05:15
250311-fxq47sspz6 1010/03/2025, 22:02
250310-1xw1nsz1av 10Analysis
-
max time kernel
17s -
max time network
150s -
platform
android-9_x86 -
resource
android-x86-arm-20240910-en -
resource tags
arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system -
submitted
10/03/2025, 22:02
Behavioral task
behavioral1
Sample
cde634ac2435441a5bef4befaf4b4acc68393bf02380ac0cdebd5104be99cf31.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
cde634ac2435441a5bef4befaf4b4acc68393bf02380ac0cdebd5104be99cf31.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral3
Sample
cde634ac2435441a5bef4befaf4b4acc68393bf02380ac0cdebd5104be99cf31.apk
Resource
android-x64-arm64-20240910-en
General
-
Target
cde634ac2435441a5bef4befaf4b4acc68393bf02380ac0cdebd5104be99cf31.apk
-
Size
4.4MB
-
MD5
a993c52e3f70025fe896428a4b43d9a6
-
SHA1
4a156e2db4319c3e20a1678277237e323a0c963c
-
SHA256
cde634ac2435441a5bef4befaf4b4acc68393bf02380ac0cdebd5104be99cf31
-
SHA512
056515f44cca830987d41aa1d5f932f5bb5920556b9cfbaa405da28459d18362eff714852f5912122ded92b4d89b653abf37b0a60a9d68b75688706d4e54a590
-
SSDEEP
98304:pdDPNsl3JKkr5J+ZGdAt1sFIPp00HcKhQcfLTbBFjOj6rH:fDPNa5KklgodFiG0JQcfL3Lb
Malware Config
Signatures
-
pid Process 4375 com.tencent.mm -
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.tencent.mm Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.tencent.mm Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText com.tencent.mm -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
description ioc Process Framework service call android.accounts.IAccountManager.getAccounts com.tencent.mm -
Reads the contacts stored on the device. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://com.android.contacts/data/phones com.tencent.mm -
Reads the content of the calendar entry data. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://com.android.calendar/events com.tencent.mm -
Reads the content of the call log. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://call_log/calls com.tencent.mm -
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.tencent.mm -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.tencent.mm -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.tencent.mm -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.tencent.mm -
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
description ioc Process Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS com.tencent.mm -
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener com.tencent.mm -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.tencent.mm
Processes
-
com.tencent.mm1⤵
- Removes its main activity from the application launcher
- Makes use of the framework's Accessibility service
- Queries account information for other applications stored on the device
- Reads the contacts stored on the device.
- Reads the content of the calendar entry data.
- Reads the content of the call log.
- Requests cell location
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about the current Wi-Fi connection
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4375
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Execution Guardrails
1Geofencing
1Foreground Persistence
1Hide Artifacts
3Suppress Application Icon
1User Evasion
2Input Injection
1Discovery
Location Tracking
1Software Discovery
1Security Software Discovery
1System Network Connections Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
512B
MD5a859919963427cd86ce2edec43a7581c
SHA1c979fc3f98593406c17e82e1c1446ad677da995e
SHA2561e31e9c5c2647abe7998a629fda3656c511508c9476a0ea876394939c9878593
SHA51259efca3dc529990c300a9a889dbaaa9f70a58de58ee2c5f10aa5eca6a491faab37faaa646a8a78902fa3cf9246abcbc782e8712fd276d758c9a65dc687b6c483
-
Filesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
Filesize
60KB
MD572132e604fdd9d10b9a7cc045dd6c4aa
SHA16dc31d1fe26c2be1a83e3c942a67cf6b62a582ce
SHA256c01430719d63017281caff9f132c392f2a0206b69986ce103e8510927ba85ab1
SHA5126298aed747e01333c77e2d7301992568a147c1357d8b477b882722cc3f9acce6b5444fec76c4e9b473867b0261efe8f022e08b1484a19e3d004b1d2449ae350a
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD56f996d473f6d7e0501f28a72f6752f36
SHA14501376e9bbc7e878808bad9a2b1f71c15f0898c
SHA2568723c0f349495d705af492066074ee61abb374ebc84cb9b61b5743c5ec1142e3
SHA51278ffd4a6942307a45f01e8313e4b8272051665b472d08c8f9431b11392637ab4855f7264126ec1da179c75248bc342818ae210364d035d8d47617f06a800cd36
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
32KB
MD5fa2c45563d8e56bfe783903b4b9bfdbf
SHA101e05c0d32d0fe5affd38b3e63c0e1b09b321db2
SHA256fd44996bdecb1cc528d3a612fd1f393f631987b49fae53ee3b627321543f74e0
SHA5124b2183fd0eca7023f04398f3732a849da0480126fe434f96a4f76ffb16f8d9239b4dbe346931cd7d25a8c4441a6d6aba43e1cab5f3f6dfa21cad2121470f91c9
-
Filesize
3B
MD558e0494c51d30eb3494f7c9198986bb9
SHA1cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d
SHA25637517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570
SHA512b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4
-
Filesize
116B
MD523335b6388716a0d94eaeb329219a4a4
SHA1898ba91f3342015d34907f5f1f017473fc2a5345
SHA256f7422dc56857c6a2c08c9341dbf62cf4c1aa2dd92ec2579187f6039b734f7b2a
SHA5127913b72eb3b044e9b8e72aaa786c74717d9a6ce440768f68b765634e7edada9ec4ea806f403a70fa71b33a5bc7899aa2a99244f8be84d4099654a433ae4c196c
-
Filesize
126B
MD553f21c4a5ca37c7f34b04c7f503290a9
SHA18a506bf62aa79b2c52044c846ab7ff834e089c4a
SHA256db8c68aca783da08fda9802f8a60933ba11a18b5bfebd8d2fb66fca0e19be5e3
SHA512a59bc1c06890713f128d022fac5d469312610446a8692b62bc78efc15ae89a255277729df70316d3105934ceda264198fdc5b185ca6499351c53117a750dccbe
-
Filesize
430B
MD54ce0c5c604d5f2301df07e48b29ebd99
SHA1a431977920164769ab332de8de241c67ebe50544
SHA256362e6b0fd9355ebc352a59978a96187db773ae0582f49dd5823253a1961b9cf4
SHA51293e51f87f92fe854bb544d5637f4077e1699d0a62d16d0131ed3ccede0b4ebe3cd6470df59d175643b7b3639ba875cf4a5bf781fdc3fb5f4c4eaaff149f8bd46
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
609B
MD58ce2dafa6b254ec7a008ae872b9f0c24
SHA1d7fa90f70ac66589bcc36f2a2d22a3d07d3e6119
SHA256ee80efe7a69ae2b95f2e17e3ed3f8b90b3788efc47e3521efd874399e7dcfca8
SHA5129241ecf135f9aa94323b1e309b6c4db9e9db8e0fb868480fbe066770cedc375a6541ce3dccc316e58dc8054d3693bb308b0a45c7c9345de5a663816890e15b2e
-
Filesize
609B
MD595cd022fba5de4adea04ebea09e0e902
SHA1966d0ccf856b736200f99606e233aa5a1b6002e0
SHA256e29b70ccd244a93c700a5937d13733ff7640000b80b60202ace1aa984a4a3f93
SHA512edfd610106316388ad87e0306ec85017cb846beef21c2fc840519052df9d216af9e9fc9c4608c1186367574c741b73e2465f7eb15bd44d2561f0a7de002032ec
-
Filesize
5KB
MD59857c0caa99fde5d0bf47c0ee0fd821b
SHA1ef4629899e6ebbdbaf45ca4885f5b960da25538f
SHA256d68311a5561ada62ee327cda3a9b29c41ed0d7bc16586f9af6d5595a96d497a8
SHA512312c11c7b41384fd5a7ef466f06813c09f6c661ade0ed4ffe6e8e88969f2ba31257a90333b13ce8d4b2ab0692318b638f06aecfea11aeb2df3739580e635a148
-
Filesize
267B
MD52fea6fcd7b73787ea80ce21066f22bb5
SHA1c31ad28bebaa4436e3f66b518e708fd60f145164
SHA256917032a07f9e4b0e36b58f89001e310b87d6a3b8ba3b9249014026a0ff8d2113
SHA5129cf2f442ea6a7b6057a7cf51c1546671e873c6c3bcdb5796e35aa66fed2c791de375ceb594abb83620c0c8a98ae5c6cf6d399e0647191aa7ab8a897d0e737af6
-
Filesize
12B
MD5a9256f55737b655c8cff95418411997c
SHA1d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24
SHA256bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412
SHA51210d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574
-
Filesize
12B
MD5e48057c3603c907cacbe1568a7dbfc41
SHA16e100086b53e20e499a9be069aa1b452faf82ba3
SHA2564b36685dbf772b2de007f4c98f824966f4f3a132075692d3d3d8f11e84e5468e
SHA512787e1140832e8c308039f0287ee801c00040544d5241425b0c0c8e8dc19ecf3feefa50706723f7a21be209c13b24ab3dbe0691ec42118fdfe18611b13155fb9a