cde634ac2435441a5bef4befaf4b4acc68393bf02380ac0cdebd5104be99cf31

Resubmissions

11/03/2025, 05:19

250311-fz4hbasqx8 10

11/03/2025, 05:17

250311-fyy67stvew 10

11/03/2025, 05:15

250311-fxq47sspz6 10

10/03/2025, 22:02

250310-1xw1nsz1av 10

Analysis

max time kernel
30s
max time network
159s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
10/03/2025, 22:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cde634ac2435441a5bef4befaf4b4acc68393bf02380ac0cdebd5104be99cf31.apk
Size

4.4MB
MD5

a993c52e3f70025fe896428a4b43d9a6
SHA1

4a156e2db4319c3e20a1678277237e323a0c963c
SHA256

cde634ac2435441a5bef4befaf4b4acc68393bf02380ac0cdebd5104be99cf31
SHA512

056515f44cca830987d41aa1d5f932f5bb5920556b9cfbaa405da28459d18362eff714852f5912122ded92b4d89b653abf37b0a60a9d68b75688706d4e54a590
SSDEEP

98304:pdDPNsl3JKkr5J+ZGdAt1sFIPp00HcKhQcfLTbBFjOj6rH:fDPNa5KklgodFiG0JQcfL3Lb

Score

8^/10

banker collection credential_access defense_evasion discovery evasion execution persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 2 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4768	com.tencent.mm
4768	com.tencent.mm

Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.tencent.mm

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries account information for other applications stored on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect account information stored on the device.

collection

Stored Application Data

T1409

description	ioc	Process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	com.tencent.mm

Reads the contacts stored on the device. 1 TTPs 1 IoCs

collection

Contact List

T1636.003

description	ioc	Process
URI accessed for read	content://com.android.contacts/data/phones	com.tencent.mm

Reads the content of the calendar entry data. 1 TTPs 1 IoCs

collection

Calendar Entries

T1636.001

description	ioc	Process
URI accessed for read	content://com.android.calendar/events	com.tencent.mm

Reads the content of the call log. 1 TTPs 1 IoCs

collection

Call Log

T1636.002

description	ioc	Process
URI accessed for read	content://call_log/calls	com.tencent.mm

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery defense_evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.tencent.mm

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.tencent.mm

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

defense_evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.tencent.mm

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.tencent.mm

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.tencent.mm

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.tencent.mm

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.tencent.mm

com.tencent.mm
1⤵
- Removes its main activity from the application launcher
- Makes use of the framework's Accessibility service
- Queries account information for other applications stored on the device
- Reads the contacts stored on the device.
- Reads the content of the calendar entry data.
- Reads the content of the call log.
- Requests cell location
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about the current Wi-Fi connection
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Listens for changes in the sensor environment (might be used to detect emulation)
- Schedules tasks to execute at a specified time
PID:4768

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Foreground Persistence

T1541

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Foreground Persistence

T1541

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

User Evasion

T1628.002

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Location Tracking

T1430

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Location Tracking

T1430

Protected User Data

T1636

Calendar Entries

T1636.001

Call Log

T1636.002

Contact List

T1636.003

Screen Capture

T1513

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.tencent.mm/databases/Dname

Filesize
32KB

MD5
1854505a3f6d683ed7eb81612934370c

SHA1
4f710add9a652d2fb92b7ce45589e27bf03f0b2a

SHA256
8100330a266f3027b929ea1bde99440ce4a544c9d9a0abb2ef0d1a73aa4cd9a4

SHA512
104a6e9c840b1fddd22ae579624a549c911abfbb48dc4454d3d231619c41a9abbf22f0dc5362a80c8c8245cc18566661f3645ac48c61259132886d4bf4678962

Download Submit
/data/user/0/com.tencent.mm/databases/Dname-journal

Filesize
512B

MD5
a3be3d51e0ec0f85bba4d293751fffc4

SHA1
0167b5ac6f6a250c370d14306dbcdea0724a6fd4

SHA256
e5a00aaecdd987397c169a57456ae5040cfcf2e24f1bc2a6038fa43cec838c00

SHA512
b9324b08c954f56fa867cf9c3fdddaeb78cead5b352d44c0f24dbb396b4610e80c6330eb9dd1ee5cfc4cdc22aa8a030b9a2945fee1e64add8514df79b6533768

Download Submit
/data/user/0/com.tencent.mm/databases/Dname-journal

Filesize
8KB

MD5
2aa9d721c301dc833ef029b3478028e5

SHA1
912a570c2088554fd778b9fcc9947b6c30e4c352

SHA256
8139ec1084a075a4f8608718bc71ea37a5bb99297bad97b6458f16ec67c58c00

SHA512
2988611e47b283ad64a3ef22fe8083c08e42bda7fde1de4240a03f43f196e4fe5b6d1c7a00ba7675b39dc7ba9e6fc8ce5245ba7fc92bf047f8cf736398cf4a90

Download Submit
/data/user/0/com.tencent.mm/databases/Dname-journal

Filesize
8KB

MD5
9ccb76a81d8f0931dbe543a942ab4601

SHA1
98592c7bd9ebf7e1fd5d83accc320d75721d39c6

SHA256
33921bd77805ddec30fc481445a0915e96a45ac35f338952cbd4067c2934642d

SHA512
a4e5ad21f3a75bd5ca4960437a02867127cae1220ab4c40fff71fc3ba7e310ab57b02ce8bce96207397f58b52970faf4914235cb7b53c70faea178372920017a

Download Submit
/data/user/0/com.tencent.mm/databases/Dname-journal

Filesize
8KB

MD5
ab00c9f7cbcde9a29bf2236e02e2526f

SHA1
6e45ba59b929aea95ed434cb6d4cd85f191303fb

SHA256
a48a413bf3a4640afa0ef2551aec2bd32bd1af048d61d08b7dbb67d054ea724d

SHA512
cbd23fca54395032cc0b17289caced68f87f627e4c5d782da7c42cc74c3dba968b8c6e28b395c2ce86698a491d165a80b17dcdfef0ee50cc86dcd2aa6e8daefb

Download Submit
/data/user/0/com.tencent.mm/databases/Dname-journal

Filesize
8KB

MD5
9f98eb02b57b96a014918d28ee6dfd4b

SHA1
e0736dd29f83b847ad04645ab66f2de43b58ee73

SHA256
9a772761cfd30bb31cc07326b04699852a110dbd20177f1d8e165d2c09f4fcab

SHA512
99969fcf7842a7b8dac93c98bc69c2fa36e2c2a3e2d7ca47b5a4835bd7b3184c78630042aa9ab50ed3794fa488202cd6e59d673135ee4c6a58677825d4061ef0

Download Submit
/data/user/0/com.tencent.mm/databases/evernote_jobs.db

Filesize
16KB

MD5
9ef5042f8dd7e88b9ecb8c8cfed3922b

SHA1
22136c709385ca41c696f1595b10440cd9abb255

SHA256
5a373cdb81721c30a9422babf67d03186f0c009a6deb88c633402c4ae7ce8bd4

SHA512
b5257441ea68d62e8f6e63e539222cde857c9413e18efbf8ac374b6f22fa0e1a881eba614f0e82c4b614ad3272c4f8107eb0deb54245df2bef43c6cdc5d42104

Download Submit
/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

Filesize
512B

MD5
6cf5d196bff563c2c7306aafdc4fba84

SHA1
f3934bc93e713bd159bcefb7cd1726cc7d59f155

SHA256
32bdc19574952bd56afff8b1dd42db5917b6d7c266a1ec685cae816a9360dd03

SHA512
7100faeea8819e66493009c14be21bc39f74750b87427972a7fba58bde94662d0c2ae50113c6cb6f84e61ccf5e6a40ee23d50adb7079c9499b6e0839ce33d573

Download Submit
/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
4f2f2af1c63e8eac7b11a1b437dd0b54

SHA1
7072f84c30d7088b4fcb5184e5fd1303f9d0b75e

SHA256
d2d3147e68d5a2950f6a3636e588b214f2ae78c1b7f4d2065db34cc783954e00

SHA512
be05d85b394b7ee61954a2930b7f709692dc0d3609d2126466a6be98c7eae05cf5db78de77739b894e9ae2ccb45ab40c6461b14b00ed86d5e2e3b731c55853f5

Download Submit
/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
8a0fd3314508d9e2d5d0952ef96bf3bb

SHA1
377f5a57a8adaa48bd8312b70e7ba1abf4e5a3dd

SHA256
92bd01b60d1d907163f88402ee3e06b85eed63230e202961ffa78eddb662639a

SHA512
e6c92a92bfed679e928cc1af50dbeb8bc10e383e8391424587cf1034ac36ae2bb296602432f666291877c273d167ae5ffc889f32dfd32b26f7eb6ba5178955ca

Download Submit
/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
32644c723c5d3a349054e51527026796

SHA1
64c4b545561a9b03ebdf8823249af44d26f7d2c4

SHA256
2ac7a06abafbb46b793e8deebcbc8cae2b05a782bf548258ba6750819251fbf8

SHA512
98a0e22c36ef7c5c9129baac8f5e4250e19e36c47887debaf21a3d1ecc4921a0427451dc05a5e430c78b4a3dfb97d2f95eeaa4ca8f86c208b449a9e978e4a317

Download Submit
/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
a1913ffd332a0c9010135be5207cc712

SHA1
3c021382a5fec8fb8f6dd93b76d50b73476b29dc

SHA256
e7fbb2c0bad4f93a0ac86b19b236deb082a90c463cfbdd72b0156a3bbaaf7bb9

SHA512
115ddafc0d6630b10927f1dc44a2b29358748f4d444b3aefaf61f69627b25e5cc75cc7065b650483e6e84c67155654653e11d4d5da99759db25b4d97955b3843

Download Submit
/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
dcd4cd89f751d20ad6760277f5527817

SHA1
0900cc854a44ced59defdeb186c802cecca06a5d

SHA256
b5cffbe8b34b909f81c176c520cc77a269647e8b9cbff0a4687f323a5421c7a4

SHA512
2e9d0247a6d10adadfc16c0c7d8a9a29246afce7173ea3f06769c37d2d4c99b5bc092c88104055b4471025a25de6ca11ac440670f56eea89d0884b28be161a33

Download Submit
/data/user/0/com.tencent.mm/files/CallLogs.txt

Filesize
3B

MD5
58e0494c51d30eb3494f7c9198986bb9

SHA1
cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d

SHA256
37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570

SHA512
b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

Download Submit
/data/user/0/com.tencent.mm/files/GP.txt

Filesize
108B

MD5
9930259adbef7743854857dac791eb42

SHA1
2c97a0652727bea14654c4c6cca3145865b827cb

SHA256
493ce7879ef640e58a609a5fff6bb29bf3fff8956be60bd1c92745f5a7efd9ca

SHA512
480f3b3ee6fda3aa1adea2776e3ed0f1155dd36199a3987cf7b28047129c822ec0266d7c8a5fc45e121a4d735964ba440a0a8253e5383595e272a3df8526f9d1

Download Submit
/data/user/0/com.tencent.mm/files/Tree.txt

Filesize
566B

MD5
ac44a8bd1955b8154df49d2847eb2609

SHA1
767a8ca032f463224908e2d7f018d8849f96526a

SHA256
09f1933ce4390fb40d76636489241ca89d2ca0f6a3ea91448cb35c9c61734b76

SHA512
637f175d8d3ef9b1d2365724e4b8c84b3af944b3f76fdb863780464b2718a3a0ad549dad0b40302a5e564723130cc0897a5a66279757246b4dc728fd607fe09f

Download Submit
/data/user/0/com.tencent.mm/files/accounts.txt

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
/data/user/0/com.tencent.mm/files/netinfo.txt

Filesize
854B

MD5
82510b1b02c090ee36ca0f53f77cbd03

SHA1
5a7de58e0d3276e6f670562606a7e66121964624

SHA256
164d89bc800071a42f5b0bbc3462c8ad41b20e6c618cd03cd3f06fcb035300bd

SHA512
6a33d0e6d6f86308c628ffcbba1e377ccd9bb430cb16784d77e04c1f615299837c1ae05b72adf625bfdc296b00aae35f9ee62962766ed6a107009a9cec2369fa

Download Submit
/data/user/0/com.tencent.mm/files/netinfo.txt

Filesize
854B

MD5
8f6245269665e974c658d526d74a05f6

SHA1
da98862cc9853137828df0b2750e5ce426635132

SHA256
40b444e033c4683771eabc791b32f0f0399bbb307709ae1cd26c6aa0d9478be9

SHA512
25821d36a3684ca2121d39c304c50bb1ad211f7780af0fc61da8028e3722ef0186b2a3e28873f1cb2c9e44506a23fde04a032bccf9d934b0818013720f765c58

Download Submit
/data/user/0/com.tencent.mm/files/pkinfo.txt

Filesize
10KB

MD5
b593d0594fc2e98f60b0288475ba950b

SHA1
1c10ef393a2666d7640ca45e663321019a5675fb

SHA256
49e287b4855336cc22b24d4f912538f43d226ddca9b322d769fb3ef0306d9411

SHA512
7ba2ceeddfbc8efee39b6a5d9f81001cca3e07d6d6311ae16e0eff38fd395567fa3236aa7f7b59def32a5a7ed27d24cd852b3936d32bd05b467dbd1ed8dcd40b

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2025-03-10.txt

Filesize
267B

MD5
d2126d9fc9e1ee250e0272ee7d6775b4

SHA1
be81c76cb8c8cb20879582a38be90827feedcbee

SHA256
dc91ac84aa21024b24a9133c035f36c9d39497738cfdf067155c45b293dc8942

SHA512
3afa1210834d864df0fe48de8734f806c13b61c31824318377313c9bd69c84321fc0671c1ca29cf3b5971423c6457a50f9e80f4e008bcdd76c4ff73535aa5e70

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2025-03-10.txt

Filesize
12B

MD5
e48057c3603c907cacbe1568a7dbfc41

SHA1
6e100086b53e20e499a9be069aa1b452faf82ba3

SHA256
4b36685dbf772b2de007f4c98f824966f4f3a132075692d3d3d8f11e84e5468e

SHA512
787e1140832e8c308039f0287ee801c00040544d5241425b0c0c8e8dc19ecf3feefa50706723f7a21be209c13b24ab3dbe0691ec42118fdfe18611b13155fb9a

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2025-03-10.txt

Filesize
12B

MD5
a9256f55737b655c8cff95418411997c

SHA1
d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24

SHA256
bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412

SHA512
10d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads