Overview

overview

10

Static

static

10

cde634ac24...31.apk

android-9-x86

8

cde634ac24...31.apk

android-10-x64

8

cde634ac24...31.apk

android-11-x64

8

Resubmissions

11/03/2025, 05:19

250311-fz4hbasqx8 10

11/03/2025, 05:17

250311-fyy67stvew 10

11/03/2025, 05:15

250311-fxq47sspz6 10

10/03/2025, 22:02

250310-1xw1nsz1av 10

Analysis

  • max time kernel
    22s
  • max time network
    151s
  • platform
    android-10_x64
  • resource
    android-x64-20240910-en
  • resource tags

    arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
  • submitted
    10/03/2025, 22:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cde634ac2435441a5bef4befaf4b4acc68393bf02380ac0cdebd5104be99cf31.apk

  • Size

    4.4MB

  • MD5

    a993c52e3f70025fe896428a4b43d9a6

  • SHA1

    4a156e2db4319c3e20a1678277237e323a0c963c

  • SHA256

    cde634ac2435441a5bef4befaf4b4acc68393bf02380ac0cdebd5104be99cf31

  • SHA512

    056515f44cca830987d41aa1d5f932f5bb5920556b9cfbaa405da28459d18362eff714852f5912122ded92b4d89b653abf37b0a60a9d68b75688706d4e54a590

  • SSDEEP

    98304:pdDPNsl3JKkr5J+ZGdAt1sFIPp00HcKhQcfLTbBFjOj6rH:fDPNa5KklgodFiG0JQcfL3Lb

Score
8/10
bankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutionpersistencestealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 3 IoCs
    stealthtrojanevasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
    collection
  • Reads the content of the calendar entry data. 1 TTPs 1 IoCs
    collection
  • Reads the content of the call log. 1 TTPs 1 IoCs
    collection
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoverydefense_evasion
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    defense_evasionpersistence
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    defense_evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • com.tencent.mm
    1⤵
    • Removes its main activity from the application launcher
    • Makes use of the framework's Accessibility service
    • Queries account information for other applications stored on the device
    • Reads the contacts stored on the device.
    • Reads the content of the calendar entry data.
    • Reads the content of the call log.
    • Requests cell location
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:5136

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Execution Guardrails

1
T1627

Geofencing

1
T1627.001

Foreground Persistence

1
T1541

Hide Artifacts

2
T1628

Suppress Application Icon

1
T1628.001

User Evasion

1
T1628.002

Input Injection

1
T1516

Credential Access

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Location Tracking

1
T1430

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Location Tracking

1
T1430

Protected User Data

3
T1636

Calendar Entries

1
T1636.001

Call Log

1
T1636.002

Contact List

1
T1636.003

Screen Capture

1
T1513

Stored Application Data

1
T1409

Command and Control

Exfiltration

Impact

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tencent.mm/databases/Dname
    Filesize

    32KB

    MD5

    0ec8d5e24581e56eb01c45155efe2049

    SHA1

    4de2aebc5e22d0420e54cb553c2739e50481e50a

    SHA256

    5bb1fd7e82a28019975971aae5f49b0eb2ddef4a943663b654ede402d2f7f616

    SHA512

    23f87b81f1b49b80a88b1eab7d5e08e7001486b135bedc434601eed4ab74b72804ae4f907ede18213454dfa9da7058692b012861170306adbe6b12650dd51fd4

    Download Submit

  • /data/data/com.tencent.mm/databases/Dname-journal
    Filesize

    512B

    MD5

    630af2bb68ca0f5264612e1167a0a2ca

    SHA1

    3172c98b687decb5e5f4afb16d824d23b289d9a6

    SHA256

    94e00e8e75225ce7fab722f06d8d62818b1485ffcda7f32d68088ef495b1073d

    SHA512

    b90dd045d91c1f834e4dbbd38c6943869f3aaa13bf1fd8aabe7bbd3dfb32febf7e4f75aaf815a7a66390e8fc0fac149957ac31c919d1989a73e212f7c295336e

    Download Submit

  • /data/data/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    06a78615b43dd07d6518ac7ac9d1df42

    SHA1

    f2e8011b35ee92174bca53fe9572e053edd097ed

    SHA256

    0fcb7da6c754dae08d9f9ba7e0f8429ab80d03ee391a5bf3241dc755c3da7607

    SHA512

    a64cc543389e65ece933e93388b1c603056aa4ead79a02be297eb4905e10d34fd79f70a557a5daf71c2a40814f8fb11a5da894f86ab5c539002013f9c30f92e9

    Download Submit

  • /data/data/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    213389acb1a05ce21faa5d7da5ea71d4

    SHA1

    f28d1198c6bcac50fda0da2d8fbd2fc036b4d4d8

    SHA256

    2d5da366c6b269006658b1b00eb90d8089aa0af1dab909a092ff8beee7e7dcc7

    SHA512

    2ee6da423ef28a3c3b1c607fe91ee3cd92d65915947bced3a056e60feefd320c564117d838d9e276c981c63e6e967d78bb6b92e08e75a88e2b78b3db9cf6f6f3

    Download Submit

  • /data/data/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    79a0052eb56956b46ef7935f616a6879

    SHA1

    8e4fca04969f8cf20b8cbcb37c573f9f16be6ac6

    SHA256

    c4c15dd42d253c8f4a257bcbace23f5d0aeaa668e7a3912cc62bace51f48e4e7

    SHA512

    9b3a53021c134924b1bba104ba58231cbc57cbf5d0dd7b46c392858cb48548da1417ef5ca3a3e68b8c408944a2b9bbfcbef7e3e755bfa9535a87751e935673f1

    Download Submit

  • /data/data/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    cd1ea620a089a1caad961a55111ec2b0

    SHA1

    c1be39db91637d0790b72822e535d6c7b7f4a3d1

    SHA256

    348862367a56f125bb02cb7a5ef9a3a5f2f57cb0f2466f9f09ea6483bc1f370e

    SHA512

    f8386507c5c4cde14aa7a4c1ada854f61677020a93f66af0744dd7bd47d2a6b2ef72461603fecc491c41ef6d685ae17334dac19ba299f496065f7b2025c1cc4c

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db
    Filesize

    16KB

    MD5

    a3cfef1a18558702e5d43ff2b4071084

    SHA1

    6fad79a729f3c333ffd7b9ecada478e934564cc2

    SHA256

    cb144f1532dc2030b99bdc37e1360bdfba0bc4327bad55c39e0d6a03c6bb103a

    SHA512

    8fc19bb57c83d9bf993ba1bfbaa0539ba4fccb07b944b075df960f4c9c69cf36feebcaaa6a8d3156354b6b05690b6b26c3001408352943c7809e28a01c9ce07f

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    512B

    MD5

    7c472fe227cc788d2736bd68480c2957

    SHA1

    8a73846b3756e756ba167e377770ae5e70ab773c

    SHA256

    63fb070d32487dcdf77ad0e31a5d41eecb034c6a20c42c640412c8f6a7dadc7f

    SHA512

    a270d600ee7d2a8dd91257ff8d79352fd93f3a1dc68cb46c9cbfc3f669d44a090b0919cff1aaf0941b7ec093c3a2f2d0e654496826fb632835a0ad86bf01b5e1

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    95fcd1722f5b9bcc45574e76d91c2fe6

    SHA1

    82916c9272ace431fe085dfce6762b70f41c1b63

    SHA256

    e33970ebfb21c9a5deb02b9d9cca765b40e9f0142861884777a5c9e6d13c75cd

    SHA512

    78775266f434c620cce5506f4e903c9ed5b6409ac0a4820b5005bdd83803e656d603792e7d5e3f4c5c343ed6522033e678b9145d840aaa76e624955317022759

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    05c4045e5cfdde0a754044ddb2da3538

    SHA1

    1d273c5cabb50ddb5935a626d776d76a5bbf30c8

    SHA256

    5e20980aca10f7fdf7fa77a70cd8a014b604eda59278013cfef0b2727a15d80e

    SHA512

    1e0e8641816646fd5ddb76e887c08034af18b2ca067bd89d752cc02c85ed4d074ebd1bb4bb754c47994d0228b09c0b30c5ea24fe348fd56b2414fcbaabed6014

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    9120015670f4dcc15468a8d4898ae513

    SHA1

    64db262b7543bbe0f69c300abd736c5f71135f14

    SHA256

    879c749e22e99e5ded5fa344d46c0f42895250fdc5f64c94fc8a4261d40e6db3

    SHA512

    027e776061480602485147931fc008855e2ddeb829fa4375b563ad979784b772fe559fb5f0104c5f4890e058c22e571bc6f98900bcb8cf49b0bd42b691e41902

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    2924e00e21777bbdc1a17e3aeaf79af1

    SHA1

    f84f4b86ecfd11dc35ef0da153e0763573c4defc

    SHA256

    30dcfb9b3a8df4a290adec6dc0b69fe93e3b55c26141fc45483f2d617e67ba57

    SHA512

    399af2d43d74b687d27daa4b578943dbd74695fbbe75d11000659890070f783c3cc9c24045b8620b82d1916c8f38d3ffa1ee7d6dfcb8b4dfce6bed32e39767df

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    84ca8c08dd88dca1d3aa27ac54d06f7d

    SHA1

    b0122e31dc4d55b261788558e0e04f623366df34

    SHA256

    e52122570847a54dadb58bc56262cd6d65ba78380cc4c6d756bfcaaee5eb6421

    SHA512

    3d5228ea204bb819c9406d36d614e95742eb3d7a403693ede733ff1bde5e876d4a2004ea728a96b8a2c11b0404a5caca865fabefcfd83a600c22004e8b2ffcd6

    Download Submit

  • /data/data/com.tencent.mm/files/CallLogs.txt
    Filesize

    3B

    MD5

    58e0494c51d30eb3494f7c9198986bb9

    SHA1

    cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d

    SHA256

    37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570

    SHA512

    b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

    Download Submit

  • /data/data/com.tencent.mm/files/GP.txt
    Filesize

    108B

    MD5

    1736b69b2f95c0cf79f29d79286b71b1

    SHA1

    aa73d38edc5ebd3e53d56f661b77332ab1a61166

    SHA256

    3421958ee7eeac7e34720dee65eed5a4de486bf55647b4ce22c58f76f5339f26

    SHA512

    af4e487d45a77deb0c474e199d8993a03676dcca56c9f89bc2c3325d3466b1f95e7e6a4527ab29b722d32bde39109f780458caada2b9ccbb9b88ac9c3a913c42

    Download Submit

  • /data/data/com.tencent.mm/files/GP.txt
    Filesize

    126B

    MD5

    70c2e2e0ec6f99535093467cf44c4b28

    SHA1

    ac82ec74f3f16b23b1f1464f305804a66afb55ce

    SHA256

    2b1922c0990bbc8a610413a3a9f732446e865a2696bda21f43ef8f318ef849e1

    SHA512

    dda858865fc79a7cbf032ed9a996106d437283d4965512e7ac61b21d3e824b5e7d86eb4ec520ee605f99aa3461f172bdf66cc3c22e53507a1a152d7dd758aef4

    Download Submit

  • /data/data/com.tencent.mm/files/Tree.txt
    Filesize

    515B

    MD5

    b8e29dac46d447f7f10ce4b7e952eae7

    SHA1

    d0a5689dc139527d30020591b67afac7b5e28eef

    SHA256

    a53cafa176a29a8c4bb6de065470e11ffb8f36a5d781442eba8cde3adec21783

    SHA512

    51b1fa5ea55d9b56a5b0dcdefd5662142b735a29f57b2c3836c7c13d5082fc3951c6d3c04b99c0ffbcaf3c549c4b18da250733bdfadd48ab6c9f70e35ec672af

    Download Submit

  • /data/data/com.tencent.mm/files/accounts.txt
    Filesize

    2B

    MD5

    d751713988987e9331980363e24189ce

    SHA1

    97d170e1550eee4afc0af065b78cda302a97674c

    SHA256

    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

    SHA512

    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

    Download Submit

  • /data/data/com.tencent.mm/files/netinfo.txt
    Filesize

    827B

    MD5

    c43b281f04bcac9df3e8dd5b5e864966

    SHA1

    7fcc6755530d379820b63a3056230309ca855626

    SHA256

    a254413854effec96b79925d6f4c568f4188cf9e0b16f3fcc35d9f08f8888295

    SHA512

    adadc870ceec6050a30ddf2e49ab39dd57d83b687415d0ee37d0949621114d47924d101796ae860978b73ceeb2e6341b0b6668d06e790af7f2258775e48a8723

    Download Submit

  • /data/data/com.tencent.mm/files/netinfo.txt
    Filesize

    826B

    MD5

    392f654ff35a31f733e189c2582350bc

    SHA1

    c1ba9bf34215c9ba2692bc388e735545064786b0

    SHA256

    40aa63a1a0e0ebbc8c2ee7464817670a62827bb9f8fca6009c9a2909ab26fb22

    SHA512

    7269494846fc0e363ee452ca1e7bd7240c9f8d4b649de16b91b8bd4688a44998ed0e230ab9e50e118c6ba41a4293885bd0ccb308d155aa326a361f36c8c42409

    Download Submit

  • /data/data/com.tencent.mm/files/pkinfo.txt
    Filesize

    9KB

    MD5

    de42df6381f44c0dc45891054c656259

    SHA1

    5a76c1ad2ff42094034a18774912bfaa79489c29

    SHA256

    51c06cbd2eee387145a0eac5b55b387f2da3797cfb737cbb151aacc1b145e747

    SHA512

    700f8a3e85a7ea4f1d15aa3046d6c96ef898ac628b797616f94737570b802ee22db555e4d81c3fe91a90c3c92e9bc45aa940d55dc2c876a6488387743eabc037

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2025-03-10.txt
    Filesize

    12B

    MD5

    e48057c3603c907cacbe1568a7dbfc41

    SHA1

    6e100086b53e20e499a9be069aa1b452faf82ba3

    SHA256

    4b36685dbf772b2de007f4c98f824966f4f3a132075692d3d3d8f11e84e5468e

    SHA512

    787e1140832e8c308039f0287ee801c00040544d5241425b0c0c8e8dc19ecf3feefa50706723f7a21be209c13b24ab3dbe0691ec42118fdfe18611b13155fb9a

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2025-03-10.txt
    Filesize

    267B

    MD5

    ca83936d0c0ffdb4a991046e32ccc956

    SHA1

    6d34827e6fd5b8f716cc5f7d7843b581713aeab3

    SHA256

    b50da55ec1fcb8d0589b49d5b3dfef915d77f3dbb24416bb1305441f81c507d2

    SHA512

    61bb1d4d033b0ddfa7ae802d5732c00af6db3aa5bcfbda0c60a0f12bd9fbbbd03123990c55d5abbd3d6e967471101b82e409f1620a73a3cf8c627452f61440d4

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2025-03-10.txt
    Filesize

    12B

    MD5

    a9256f55737b655c8cff95418411997c

    SHA1

    d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24

    SHA256

    bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412

    SHA512

    10d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574

    Download Submit