cde634ac2435441a5bef4befaf4b4acc68393bf02380ac0cdebd5104be99cf31

Resubmissions

11/03/2025, 05:19

250311-fz4hbasqx8 10

11/03/2025, 05:17

250311-fyy67stvew 10

11/03/2025, 05:15

250311-fxq47sspz6 10

10/03/2025, 22:02

250310-1xw1nsz1av 10

Analysis

max time kernel
17s
max time network
93s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
11/03/2025, 05:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cde634ac2435441a5bef4befaf4b4acc68393bf02380ac0cdebd5104be99cf31.apk
Size

4.4MB
MD5

a993c52e3f70025fe896428a4b43d9a6
SHA1

4a156e2db4319c3e20a1678277237e323a0c963c
SHA256

cde634ac2435441a5bef4befaf4b4acc68393bf02380ac0cdebd5104be99cf31
SHA512

056515f44cca830987d41aa1d5f932f5bb5920556b9cfbaa405da28459d18362eff714852f5912122ded92b4d89b653abf37b0a60a9d68b75688706d4e54a590
SSDEEP

98304:pdDPNsl3JKkr5J+ZGdAt1sFIPp00HcKhQcfLTbBFjOj6rH:fDPNa5KklgodFiG0JQcfL3Lb

Score

8^/10

banker collection credential_access defense_evasion discovery evasion persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4381	com.tencent.mm

Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.tencent.mm

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries account information for other applications stored on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect account information stored on the device.

collection

Stored Application Data

T1409

description	ioc	Process
Framework service call	android.accounts.IAccountManager.getAccounts	com.tencent.mm

Reads the contacts stored on the device. 1 TTPs 1 IoCs

collection

Contact List

T1636.003

description	ioc	Process
URI accessed for read	content://com.android.contacts/data/phones	com.tencent.mm

Reads the content of the calendar entry data. 1 TTPs 1 IoCs

collection

Calendar Entries

T1636.001

description	ioc	Process
URI accessed for read	content://com.android.calendar/events	com.tencent.mm

Reads the content of the call log. 1 TTPs 1 IoCs

collection

Call Log

T1636.002

description	ioc	Process
URI accessed for read	content://call_log/calls	com.tencent.mm

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery defense_evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.tencent.mm

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.tencent.mm

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

defense_evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.tencent.mm

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.tencent.mm

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.tencent.mm

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.tencent.mm

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.tencent.mm

com.tencent.mm
1⤵
- Removes its main activity from the application launcher
- Makes use of the framework's Accessibility service
- Queries account information for other applications stored on the device
- Reads the contacts stored on the device.
- Reads the content of the calendar entry data.
- Reads the content of the call log.
- Requests cell location
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about the current Wi-Fi connection
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4381

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Foreground Persistence

T1541

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

User Evasion

T1628.002

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Location Tracking

T1430

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Location Tracking

T1430

Protected User Data

T1636

Calendar Entries

T1636.001

Call Log

T1636.002

Contact List

T1636.003

Screen Capture

T1513

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.tencent.mm/databases/Dname-journal

Filesize
512B

MD5
106dd2621103a93a920ecf85c1691a3f

SHA1
df2d7ff9f16f897f21877b8cd7829b5391c46fc3

SHA256
03c5c1a227dde98c7fb13dc973f9e8463a5bc463f87eeed1f003097e51d3d675

SHA512
cb22b1f6406653b41bbf419d502a416359d83ade1decd956d6489a2ebc46967a1b4f146f0bf8bd8e343f6bda32f0f069d5663c620904ae6d41f4f4cde6ae7d0e

Download Submit
/data/data/com.tencent.mm/databases/Dname-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.tencent.mm/databases/Dname-wal

Filesize
60KB

MD5
769c1c96a832a5b14adfa8843dda3b96

SHA1
2b77abf9538d52552c5b9c878c96cc5885b405a2

SHA256
83d65eca4df627593438dc7b454388a73695dfdeb6072e97b1935dcc3dcc4b2a

SHA512
e58bd28fae1782adb3762fe93a06ec696b3bbdaac373985491e77f9985d6a162cf30433af3bc6af21cf238615306ceb8062451f57aea91c248bae337024c7780

Download Submit
/data/data/com.tencent.mm/databases/evernote_jobs.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.tencent.mm/databases/evernote_jobs.db-journal

Filesize
512B

MD5
eb66786d79dd51cebe815b1bfa5d4870

SHA1
898161e5603e5e359ed8056d107fcc947ca8ba33

SHA256
de970c4220a9f0b6c74a92bdfbfd0afa6a07e6d06ac86ba693dc66e3a565c835

SHA512
ee8b845146ddb792c408a3daa3bff809ef3c6cef4a364ac2909df8509159ccbeba7f151e9650894f797db4544fd27564f43fcd9cea63174f0cbf6f3cebe2026a

Download Submit
/data/data/com.tencent.mm/databases/evernote_jobs.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.tencent.mm/databases/evernote_jobs.db-wal

Filesize
32KB

MD5
f8d6d0f85ca1f9214c5d34f35e97408d

SHA1
ae697e112d9cdb53241a4817efaefe4f5320699a

SHA256
008512774667b1e33a7131096bf5aaf1d1c12925f123c61a246e38e30779d028

SHA512
333ebd42baf55469aa80b2d9a295176a71a86463ff4f2fc5da90812a30b3b4b0b47752e27c580e677670ca9ccc95a413fdfefb879549c98047f8c64aa0cde096

Download Submit
/data/data/com.tencent.mm/files/CallLogs.txt

Filesize
3B

MD5
58e0494c51d30eb3494f7c9198986bb9

SHA1
cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d

SHA256
37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570

SHA512
b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

Download Submit
/data/data/com.tencent.mm/files/GP.txt

Filesize
116B

MD5
85f177325d01b9160c8cfdf315e005ef

SHA1
9aa539c193b2caa95b91f44532a4e637a05bc2c4

SHA256
07eb0c2597bdaa201a722be9355f55670b688d41b626ffb626736d87b311ce13

SHA512
5fa1577917102f63b56a0bb30b1bb62025c20d77143c4fcf9ec7b96b6e3723e0d0de344b9c3c53d908662399ea64766477a90353fc5fbdfdf5cb27272aba43b8

Download Submit
/data/data/com.tencent.mm/files/GP.txt

Filesize
126B

MD5
840945a54d3b701a65f0fd38a6d425f0

SHA1
8dc8e2763712b90b1a7c4f7d18c5739a052fe77a

SHA256
1502fddb23c5438d9582074a2d6c9443d6db939602e2044707afd39aab78c154

SHA512
3cad7fe9f326681d35b458c863a93f55c33e455823fbb301ac785d3a519efec460e1e78f2268eb6b9b64caee4420871150fceafde307a34feeda66ddfae1c345

Download Submit
/data/data/com.tencent.mm/files/Tree.txt

Filesize
430B

MD5
de0b1803d93562deb0297728c8a07e53

SHA1
89a1b7b16c116d665ee45a0f840003a6e7461e8f

SHA256
1f6fdc7f91ec9125c16ea5033069fd2d7b6e60dfec86fa1d8959c3098f92e7ec

SHA512
566f8397fafd18071b03fdfaeddebd20d05dc7be314aea45778c62b266aec8cbc816c5d3b19bac82099505c90da797d060f0218134995e051b4068d0b9357fa5

Download Submit
/data/data/com.tencent.mm/files/accounts.txt

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
/data/data/com.tencent.mm/files/netinfo.txt

Filesize
609B

MD5
8ce2dafa6b254ec7a008ae872b9f0c24

SHA1
d7fa90f70ac66589bcc36f2a2d22a3d07d3e6119

SHA256
ee80efe7a69ae2b95f2e17e3ed3f8b90b3788efc47e3521efd874399e7dcfca8

SHA512
9241ecf135f9aa94323b1e309b6c4db9e9db8e0fb868480fbe066770cedc375a6541ce3dccc316e58dc8054d3693bb308b0a45c7c9345de5a663816890e15b2e

Download Submit
/data/data/com.tencent.mm/files/netinfo.txt

Filesize
609B

MD5
95cd022fba5de4adea04ebea09e0e902

SHA1
966d0ccf856b736200f99606e233aa5a1b6002e0

SHA256
e29b70ccd244a93c700a5937d13733ff7640000b80b60202ace1aa984a4a3f93

SHA512
edfd610106316388ad87e0306ec85017cb846beef21c2fc840519052df9d216af9e9fc9c4608c1186367574c741b73e2465f7eb15bd44d2561f0a7de002032ec

Download Submit
/data/data/com.tencent.mm/files/pkinfo.txt

Filesize
5KB

MD5
9857c0caa99fde5d0bf47c0ee0fd821b

SHA1
ef4629899e6ebbdbaf45ca4885f5b960da25538f

SHA256
d68311a5561ada62ee327cda3a9b29c41ed0d7bc16586f9af6d5595a96d497a8

SHA512
312c11c7b41384fd5a7ef466f06813c09f6c661ade0ed4ffe6e8e88969f2ba31257a90333b13ce8d4b2ab0692318b638f06aecfea11aeb2df3739580e635a148

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2025-03-11.txt

Filesize
267B

MD5
2fea6fcd7b73787ea80ce21066f22bb5

SHA1
c31ad28bebaa4436e3f66b518e708fd60f145164

SHA256
917032a07f9e4b0e36b58f89001e310b87d6a3b8ba3b9249014026a0ff8d2113

SHA512
9cf2f442ea6a7b6057a7cf51c1546671e873c6c3bcdb5796e35aa66fed2c791de375ceb594abb83620c0c8a98ae5c6cf6d399e0647191aa7ab8a897d0e737af6

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2025-03-11.txt

Filesize
12B

MD5
a9256f55737b655c8cff95418411997c

SHA1
d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24

SHA256
bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412

SHA512
10d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2025-03-11.txt

Filesize
12B

MD5
e48057c3603c907cacbe1568a7dbfc41

SHA1
6e100086b53e20e499a9be069aa1b452faf82ba3

SHA256
4b36685dbf772b2de007f4c98f824966f4f3a132075692d3d3d8f11e84e5468e

SHA512
787e1140832e8c308039f0287ee801c00040544d5241425b0c0c8e8dc19ecf3feefa50706723f7a21be209c13b24ab3dbe0691ec42118fdfe18611b13155fb9a

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads