Resubmissions
11/03/2025, 05:19
250311-fz4hbasqx8 1011/03/2025, 05:17
250311-fyy67stvew 1011/03/2025, 05:15
250311-fxq47sspz6 1010/03/2025, 22:02
250310-1xw1nsz1av 10Analysis
-
max time kernel
17s -
max time network
93s -
platform
android-9_x86 -
resource
android-x86-arm-20240910-en -
resource tags
arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system -
submitted
11/03/2025, 05:15
Behavioral task
behavioral1
Sample
cde634ac2435441a5bef4befaf4b4acc68393bf02380ac0cdebd5104be99cf31.apk
Resource
android-x86-arm-20240910-en
General
-
Target
cde634ac2435441a5bef4befaf4b4acc68393bf02380ac0cdebd5104be99cf31.apk
-
Size
4.4MB
-
MD5
a993c52e3f70025fe896428a4b43d9a6
-
SHA1
4a156e2db4319c3e20a1678277237e323a0c963c
-
SHA256
cde634ac2435441a5bef4befaf4b4acc68393bf02380ac0cdebd5104be99cf31
-
SHA512
056515f44cca830987d41aa1d5f932f5bb5920556b9cfbaa405da28459d18362eff714852f5912122ded92b4d89b653abf37b0a60a9d68b75688706d4e54a590
-
SSDEEP
98304:pdDPNsl3JKkr5J+ZGdAt1sFIPp00HcKhQcfLTbBFjOj6rH:fDPNa5KklgodFiG0JQcfL3Lb
Malware Config
Signatures
-
pid Process 4381 com.tencent.mm -
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.tencent.mm Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.tencent.mm Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText com.tencent.mm -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
description ioc Process Framework service call android.accounts.IAccountManager.getAccounts com.tencent.mm -
Reads the contacts stored on the device. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://com.android.contacts/data/phones com.tencent.mm -
Reads the content of the calendar entry data. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://com.android.calendar/events com.tencent.mm -
Reads the content of the call log. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://call_log/calls com.tencent.mm -
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.tencent.mm -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.tencent.mm -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.tencent.mm -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.tencent.mm -
Reads information about phone network operator. 1 TTPs
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
description ioc Process Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS com.tencent.mm -
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener com.tencent.mm -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.tencent.mm
Processes
-
com.tencent.mm1⤵
- Removes its main activity from the application launcher
- Makes use of the framework's Accessibility service
- Queries account information for other applications stored on the device
- Reads the contacts stored on the device.
- Reads the content of the calendar entry data.
- Reads the content of the call log.
- Requests cell location
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about the current Wi-Fi connection
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4381
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Execution Guardrails
1Geofencing
1Foreground Persistence
1Hide Artifacts
3Suppress Application Icon
1User Evasion
2Input Injection
1Discovery
Location Tracking
1Software Discovery
1Security Software Discovery
1System Network Configuration Discovery
1System Network Connections Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
512B
MD5106dd2621103a93a920ecf85c1691a3f
SHA1df2d7ff9f16f897f21877b8cd7829b5391c46fc3
SHA25603c5c1a227dde98c7fb13dc973f9e8463a5bc463f87eeed1f003097e51d3d675
SHA512cb22b1f6406653b41bbf419d502a416359d83ade1decd956d6489a2ebc46967a1b4f146f0bf8bd8e343f6bda32f0f069d5663c620904ae6d41f4f4cde6ae7d0e
-
Filesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
Filesize
60KB
MD5769c1c96a832a5b14adfa8843dda3b96
SHA12b77abf9538d52552c5b9c878c96cc5885b405a2
SHA25683d65eca4df627593438dc7b454388a73695dfdeb6072e97b1935dcc3dcc4b2a
SHA512e58bd28fae1782adb3762fe93a06ec696b3bbdaac373985491e77f9985d6a162cf30433af3bc6af21cf238615306ceb8062451f57aea91c248bae337024c7780
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5eb66786d79dd51cebe815b1bfa5d4870
SHA1898161e5603e5e359ed8056d107fcc947ca8ba33
SHA256de970c4220a9f0b6c74a92bdfbfd0afa6a07e6d06ac86ba693dc66e3a565c835
SHA512ee8b845146ddb792c408a3daa3bff809ef3c6cef4a364ac2909df8509159ccbeba7f151e9650894f797db4544fd27564f43fcd9cea63174f0cbf6f3cebe2026a
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
32KB
MD5f8d6d0f85ca1f9214c5d34f35e97408d
SHA1ae697e112d9cdb53241a4817efaefe4f5320699a
SHA256008512774667b1e33a7131096bf5aaf1d1c12925f123c61a246e38e30779d028
SHA512333ebd42baf55469aa80b2d9a295176a71a86463ff4f2fc5da90812a30b3b4b0b47752e27c580e677670ca9ccc95a413fdfefb879549c98047f8c64aa0cde096
-
Filesize
3B
MD558e0494c51d30eb3494f7c9198986bb9
SHA1cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d
SHA25637517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570
SHA512b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4
-
Filesize
116B
MD585f177325d01b9160c8cfdf315e005ef
SHA19aa539c193b2caa95b91f44532a4e637a05bc2c4
SHA25607eb0c2597bdaa201a722be9355f55670b688d41b626ffb626736d87b311ce13
SHA5125fa1577917102f63b56a0bb30b1bb62025c20d77143c4fcf9ec7b96b6e3723e0d0de344b9c3c53d908662399ea64766477a90353fc5fbdfdf5cb27272aba43b8
-
Filesize
126B
MD5840945a54d3b701a65f0fd38a6d425f0
SHA18dc8e2763712b90b1a7c4f7d18c5739a052fe77a
SHA2561502fddb23c5438d9582074a2d6c9443d6db939602e2044707afd39aab78c154
SHA5123cad7fe9f326681d35b458c863a93f55c33e455823fbb301ac785d3a519efec460e1e78f2268eb6b9b64caee4420871150fceafde307a34feeda66ddfae1c345
-
Filesize
430B
MD5de0b1803d93562deb0297728c8a07e53
SHA189a1b7b16c116d665ee45a0f840003a6e7461e8f
SHA2561f6fdc7f91ec9125c16ea5033069fd2d7b6e60dfec86fa1d8959c3098f92e7ec
SHA512566f8397fafd18071b03fdfaeddebd20d05dc7be314aea45778c62b266aec8cbc816c5d3b19bac82099505c90da797d060f0218134995e051b4068d0b9357fa5
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
609B
MD58ce2dafa6b254ec7a008ae872b9f0c24
SHA1d7fa90f70ac66589bcc36f2a2d22a3d07d3e6119
SHA256ee80efe7a69ae2b95f2e17e3ed3f8b90b3788efc47e3521efd874399e7dcfca8
SHA5129241ecf135f9aa94323b1e309b6c4db9e9db8e0fb868480fbe066770cedc375a6541ce3dccc316e58dc8054d3693bb308b0a45c7c9345de5a663816890e15b2e
-
Filesize
609B
MD595cd022fba5de4adea04ebea09e0e902
SHA1966d0ccf856b736200f99606e233aa5a1b6002e0
SHA256e29b70ccd244a93c700a5937d13733ff7640000b80b60202ace1aa984a4a3f93
SHA512edfd610106316388ad87e0306ec85017cb846beef21c2fc840519052df9d216af9e9fc9c4608c1186367574c741b73e2465f7eb15bd44d2561f0a7de002032ec
-
Filesize
5KB
MD59857c0caa99fde5d0bf47c0ee0fd821b
SHA1ef4629899e6ebbdbaf45ca4885f5b960da25538f
SHA256d68311a5561ada62ee327cda3a9b29c41ed0d7bc16586f9af6d5595a96d497a8
SHA512312c11c7b41384fd5a7ef466f06813c09f6c661ade0ed4ffe6e8e88969f2ba31257a90333b13ce8d4b2ab0692318b638f06aecfea11aeb2df3739580e635a148
-
Filesize
267B
MD52fea6fcd7b73787ea80ce21066f22bb5
SHA1c31ad28bebaa4436e3f66b518e708fd60f145164
SHA256917032a07f9e4b0e36b58f89001e310b87d6a3b8ba3b9249014026a0ff8d2113
SHA5129cf2f442ea6a7b6057a7cf51c1546671e873c6c3bcdb5796e35aa66fed2c791de375ceb594abb83620c0c8a98ae5c6cf6d399e0647191aa7ab8a897d0e737af6
-
Filesize
12B
MD5a9256f55737b655c8cff95418411997c
SHA1d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24
SHA256bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412
SHA51210d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574
-
Filesize
12B
MD5e48057c3603c907cacbe1568a7dbfc41
SHA16e100086b53e20e499a9be069aa1b452faf82ba3
SHA2564b36685dbf772b2de007f4c98f824966f4f3a132075692d3d3d8f11e84e5468e
SHA512787e1140832e8c308039f0287ee801c00040544d5241425b0c0c8e8dc19ecf3feefa50706723f7a21be209c13b24ab3dbe0691ec42118fdfe18611b13155fb9a