Overview

overview

10

Static

static

10

base.apk

android-9-x86

7

base.apk

android-10-x64

7

base.apk

android-11-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    155s
  • platform
    android-10_x64
  • resource
    android-x64-20240910-en
  • resource tags

    arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
  • submitted
    12/03/2025, 08:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    base.apk

  • Size

    7.1MB

  • MD5

    c4d801a4979e015b08a48c7e22ba4eeb

  • SHA1

    cf66de8057484e81cd16678d1c9dc743a4324b74

  • SHA256

    46e3af3e9d5d977f2fa1d4b1593fe89ab192fd33627295ecdab90e199ffc567a

  • SHA512

    46506b5d7c61f524a7af4e485914839936f85e51d19d7a19c410854b4aa3dd400d0c17a51db94c925d2ef28b810b2005ad00f2fefb0368ce5d5e2d7609727695

  • SSDEEP

    196608:QCHCzC6oCS32dw/Xsw0i8OyuCMCb8OMg4v+3X2rtxUtVedS3pPl:8k3j/aF8OMgwMosd

Score
7/10
bankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    defense_evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.tencent.mm
    1⤵
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:5106

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

1
T1541

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

1
T1422

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tencent.mm/files/db.db
    Filesize

    12KB

    MD5

    256df4f1f534234b1d510cd7ccd71dab

    SHA1

    b7d93f7875c80eb6d55ca84ed3def780b6a84759

    SHA256

    8aad7daf3faa9bce66f44dabe11613afeb8731704e93112d890573b9d909d5e3

    SHA512

    3768be2a2f53ce428473f1d92c55342240994ad92fe6af315ba9322239a267fc059c7f0dd8f156c395dcfa5841c257c5158c7fabd28b6ef342fcc2e01b709ffc

    Download Submit

  • /data/data/com.tencent.mm/files/loading.gif
    Filesize

    121KB

    MD5

    7b38720a0352dffa26411726c72dd2b0

    SHA1

    b15e687f42abcdc12427f146a3115ef2259211f8

    SHA256

    2013f490d45638cada331b3474ed65b9a43cec60da773accc98332e58c06336d

    SHA512

    0df28f87da4f9beb3ca8c108f54021a2a1a1434771abbb5ba67a2736097f2287b05e5220a33e92c42ee13ecae1144714a422b986763712794f69e65bc44c83e3

    Download Submit

  • /data/data/com.tencent.mm/files/txtscreensize.txt
    Filesize

    11B

    MD5

    1b65c10c6215685f9d621d797f911373

    SHA1

    cc50aaed5cd521a62ec8cf9fe0413153ec90f265

    SHA256

    2230c2b2787663a054c47450ecd1718f0296853ad768b8e5d306ecb912685e89

    SHA512

    5a9139f295dbe384b1584eff5c11f3f86759232f7b661b75f27fe92b996b4cdc0552e315f79b26f5f2c1f91756d9ae04cf0c3675b6172e91a3d373b9b314496f

    Download Submit