Resubmissions
11/03/2025, 05:19
250311-fz4hbasqx8 1011/03/2025, 05:17
250311-fyy67stvew 1011/03/2025, 05:15
250311-fxq47sspz6 1010/03/2025, 22:02
250310-1xw1nsz1av 10Analysis
-
max time kernel
48s -
max time network
367s -
platform
android-9_x86 -
resource
android-x86-arm-20240910-en -
resource tags
arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system -
submitted
11/03/2025, 05:19
Behavioral task
behavioral1
Sample
cde634ac2435441a5bef4befaf4b4acc68393bf02380ac0cdebd5104be99cf31.apk
Resource
android-x86-arm-20240910-en
General
-
Target
cde634ac2435441a5bef4befaf4b4acc68393bf02380ac0cdebd5104be99cf31.apk
-
Size
4.4MB
-
MD5
a993c52e3f70025fe896428a4b43d9a6
-
SHA1
4a156e2db4319c3e20a1678277237e323a0c963c
-
SHA256
cde634ac2435441a5bef4befaf4b4acc68393bf02380ac0cdebd5104be99cf31
-
SHA512
056515f44cca830987d41aa1d5f932f5bb5920556b9cfbaa405da28459d18362eff714852f5912122ded92b4d89b653abf37b0a60a9d68b75688706d4e54a590
-
SSDEEP
98304:pdDPNsl3JKkr5J+ZGdAt1sFIPp00HcKhQcfLTbBFjOj6rH:fDPNa5KklgodFiG0JQcfL3Lb
Malware Config
Signatures
-
pid Process 4267 com.tencent.mm -
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.tencent.mm Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.tencent.mm Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText com.tencent.mm -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
description ioc Process Framework service call android.accounts.IAccountManager.getAccounts com.tencent.mm -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Reads the contacts stored on the device. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://com.android.contacts/data/phones com.tencent.mm -
Reads the content of the calendar entry data. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://com.android.calendar/events com.tencent.mm -
Reads the content of the call log. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://call_log/calls com.tencent.mm -
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.tencent.mm -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.tencent.mm -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.tencent.mm -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.tencent.mm -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.tencent.mm -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.tencent.mm -
Reads information about phone network operator. 1 TTPs
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
description ioc Process Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS com.tencent.mm -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.tencent.mm -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule com.tencent.mm
Processes
-
com.tencent.mm1⤵
- Removes its main activity from the application launcher
- Makes use of the framework's Accessibility service
- Queries account information for other applications stored on the device
- Reads the contacts stored on the device.
- Reads the content of the calendar entry data.
- Reads the content of the call log.
- Requests cell location
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:4267
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Execution Guardrails
1Geofencing
1Foreground Persistence
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Input Injection
1Discovery
Location Tracking
1Software Discovery
1Security Software Discovery
1System Network Configuration Discovery
3System Network Connections Discovery
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
512B
MD5d260eeb8a2a584299cf98606a3f1b3ae
SHA10ea0783a808dc131cb104638252c28c46618803b
SHA2564c75608e2448c78cb3641e77f03048cbdc9f183d51fb4762652a35a2d4a7287d
SHA5124d20b4cb58112a9b5141fb47b7312e74b3c010830f69df0e301e810a7f4935fed332cfb46eca6840b4ba593e1294b5e607c73fbe2ce697464c01e206a3355dfe
-
Filesize
60KB
MD5387e424569d25fa535e17a85de021931
SHA1b0b10a2035f5a7c2ff3ae9ae753764de59442132
SHA2562bdeb0216e2af5e44e677edf010e651da1f5d8915120b6cdb9b2bbf25b12a3bc
SHA512fbb6fb2cbaec0745a2445af05f0d14f0b3acf56f94605e7624a15f4d34e45b0e7cfa859fa50406cbf2f1b63532d7db27cfef37533dcd52c4fd3b793052b10020
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5d73d46b15551a955a653fd92133c478e
SHA1cebc10cb4093d0cb18ad75d51eeb7d9a05d15852
SHA256172d78263c67cee7dfe5dc4ce2002473281ba0a0a2e6e1e60bc06b645ee5d81e
SHA512783deaf33954c5b874dcd2e3ea66c051e42791d0b32ddfe73b807e334b1958cd6c02dbf82ab0849eac89bda701e63b8bc017cd877cbc60ec701ea0ab1694b6bb
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
56KB
MD50fd6f198dcc7a1adc8cae61b62218efc
SHA1848ad86c270af06c0b7d440b1fb6b34cdffb02ef
SHA2568f0577b50286936cd0c2d1f50e0a7c879136e1ea306b2524498176ad00985727
SHA512f0995cbfccd887eda451497526178bb029936e915b9973ee36ef7afd97fde993f0b8ef1077b11c04d851a0252c3e753e16f57a732a0f37146efbaffa1a12b006
-
Filesize
3B
MD558e0494c51d30eb3494f7c9198986bb9
SHA1cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d
SHA25637517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570
SHA512b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4
-
Filesize
116B
MD5f1b951869b6c11b2cd71c150abcdf424
SHA1c1b018206683a5c1d2569ded6df95bb752381717
SHA25622a59474170ee6a942d0de218b3b4d1a9e5d4e66be9746b0021657ec5049cafd
SHA51219a732d353e3edd852d5044ad986cb9a8ea12913eae1db7e6e15617f39c49b461b3c3b54d93dab8aba96660cbbabe93942f18735f8fc0eb13365e9c1ea615cdc
-
Filesize
126B
MD5cc200da8cf0e6a648f205744c18c6da0
SHA15c60ef7632036481b17b4d9db9716f0ba7a205a2
SHA25660480200ff7bc9df1a3ed9082ef9d3ea4497ad1076bb3bb54d0b44a810372640
SHA512c65fd19cdf4cd8ea5fa2b344bfc843dff9cae9465d4e1edb3a5a4f517deccfe9d6fff4b88a9bf5e91000d15a5b10020d64dcf9198ee90a7f4f071b1b90248b48
-
Filesize
116B
MD58a4b5e6b7cb049a09315666395ade794
SHA1be3afe16e99d034d64a055cab685fd58dda4a422
SHA256ce27d3bebb3182a823ee1b210480e5d7d8e675c5057d662224f6636a8c0f6149
SHA512644261818f94947e11661dd9ae3ca4df8118e0297c501fb38fd03b84d892c4478417e93241c582eb8939c92cdc6f6596d7721e0e98d109dcd89d8cb407de14c8
-
Filesize
126B
MD5ff820691c4407e94f0f51f63c158fb8c
SHA199679808ebd7a0d9d31c28d581167d6b7878b942
SHA256a876f75e19f4db95a25ba6733f908035cdc105308e73ec41c234bb3afbd41e5f
SHA5127999a6dd9aa867cc234b03d95ef4c84ccb99c46a3cd164656b9e97cac45646f16ca50f81ba634b1001f1e1cbac7c433da9de49e4615554f53629b15a2a38538d
-
Filesize
282B
MD53247ffccfeec093b9abca4abe6a7ee65
SHA13de1875305af4ce3b4480016066f88fc9ce30312
SHA25698cb8f445f3879d2acfd34d5383fa742c4c91f630b222f643ac0870b496cb722
SHA512fba2b7f3f8171e96513626e8b8db17ca924932430ad1901ee3f6827106eb007e79bda013279174fe300ff93dd034d2a434db6bc48bce9a8279c862425e3d3422
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
609B
MD54064935e40ab93d58975b53428b48038
SHA14acd792b7eebfe3fcc472ca5ba70522cd7955dd3
SHA256caff0f3b2c12b372e43d3e9e51b22baedfb511f1d9d923bfe9bb071ec0afa3ff
SHA512f722d89639416f35480920cca6ac2b9fd1e82f388767662979266aa8f83609ff6f7d88d1afd35745641d7f4c18778209822e2410c6c3560b82c65330131eb057
-
Filesize
609B
MD5429ea89352137768962dc8ec36b99e91
SHA1cdd022b79d5251f721bc1d12aec293ce6d1309b0
SHA25635c6140133380f5d33e7d160aa94c3e04a739d80689a11f1b3c10adadd4ee21a
SHA512c21f4c1675b7b0480dd7a11636360dba90a36bd4befb79f710e2e044e6984c3bc9036d26225c3af104147bfe5be5ecf79e9014396ac447a540b7bb8db7268684
-
Filesize
5KB
MD59857c0caa99fde5d0bf47c0ee0fd821b
SHA1ef4629899e6ebbdbaf45ca4885f5b960da25538f
SHA256d68311a5561ada62ee327cda3a9b29c41ed0d7bc16586f9af6d5595a96d497a8
SHA512312c11c7b41384fd5a7ef466f06813c09f6c661ade0ed4ffe6e8e88969f2ba31257a90333b13ce8d4b2ab0692318b638f06aecfea11aeb2df3739580e635a148
-
Filesize
267B
MD55fedf0a61e77a1d0f1403b327ef4517d
SHA1d43fdb67b775735e4f270574b578b0f0c5e24f18
SHA256dff0cbcc8d0cc662587055469b877c3a44d76315b76e16a69a87fadfd36371a2
SHA512a597c0abdf534ee3c5aa850a48bd0e1a16a509e74345b76261004411792db737175d143826dfe301e0645aec00bf267524657708a9f1c4bcacffbbfefb167bb7
-
Filesize
12B
MD5a9256f55737b655c8cff95418411997c
SHA1d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24
SHA256bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412
SHA51210d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574
-
Filesize
12B
MD5e48057c3603c907cacbe1568a7dbfc41
SHA16e100086b53e20e499a9be069aa1b452faf82ba3
SHA2564b36685dbf772b2de007f4c98f824966f4f3a132075692d3d3d8f11e84e5468e
SHA512787e1140832e8c308039f0287ee801c00040544d5241425b0c0c8e8dc19ecf3feefa50706723f7a21be209c13b24ab3dbe0691ec42118fdfe18611b13155fb9a
-
Filesize
24B
MD57099f4ee2f4da21cbdc88de0d1ee3d7e
SHA142e61998c15bd2924ae485d6525ae46e2380290a
SHA256ba606813d6c59c6ecaa8f2ff9ae1c31f9820d1526ded195f90ddf561eef0cb6d
SHA5128b8ab2a2b74a21ad29fbede7f385fcfe1500cc2bf4a720da8b689d081d8eb60602e8f999d6783744344cd3c0b980c9d6c206846cebed69f89d7e92f4c74d7d4c