ajina | 3603f04cce819ccf8e78756712e92743707a8c902093b1ffd2719bfafdbf22e1

Analysis

max time kernel
94s
max time network
150s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
14/03/2025, 22:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3603f04cce819ccf8e78756712e92743707a8c902093b1ffd2719bfafdbf22e1.apk
Size

1.8MB
MD5

a4aa8da3c6054d73b9ffcfa2fd3bb16f
SHA1

6be81f1cd9442c53d01d5255798a0577d709f1a0
SHA256

3603f04cce819ccf8e78756712e92743707a8c902093b1ffd2719bfafdbf22e1
SHA512

7fca0119be5d4286e9b6630053da6470e78d280609bf2a5d3ad18236a21abdcc898b8666ed1326e6726d2a6f59b1bdc1d6b99f423077a65245ce270ab3a85957
SSDEEP

24576:pOY1iFoQstAKwR4afKfqufHb111Z1jRWjOkaQnx6AjpjjYHlV8DdtOjUSrVa1gOu:pOY1xkvbu/D1Z1NRQx6ApKQDdwZqo

Score

10^/10

ajina banker collection credential_access defense_evasion infostealer rat trojan

Malware Config

Signatures

Ajina
Ajina is an Android banking trojan first seen in November 2023.
banker trojan infostealer rat ajina
Ajina family
ajina

Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	org.zzzz.aaa
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	org.zzzz.aaa

org.zzzz.aaa
1⤵
- Makes use of the framework's Accessibility service
PID:4275

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/org.zzzz.aaa/files/profileInstalled

Filesize
24B

MD5
871512c0ebc812fe46e40dc62b33ed6c

SHA1
76cdd3ba37164f0762971f7d1185172fb4467747

SHA256
b611f5b294267624a4726214664255c87929fa72a5b4c4c0a5db065d5dec670b

SHA512
157fb9e80e3f3cdb70e7973d4567ada9f45b45e9a9abc99b15d5ddef58db8483e98743685530c35da0d1342819ad51a1c235fa9400a9bcd8c0ac5359060ddf71

Download Submit
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
bad57a6443417522ca36f78ab608a4f8

SHA1
4dccb09e54f7d7c3cbf1b60d896b5bd4c241a152

SHA256
3d867f92e896be011c9a363a4c581bcc00a39e51fbbf07e671a55d9cd71ef657

SHA512
fdfde80f273da9dac4a9d54095356cb677b0ea766cc914b3e4f25bd88598c44c1790209c68ad56088d3c3f8e4024dcd40560975ea6d4784d7af922fbd3625069

Download Submit
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof

Filesize
1KB

MD5
f19b52cffae9e6458bd6c49beb94ed32

SHA1
8ef29e8b0838cb18ddd31a194bb874e7d3d9e5a5

SHA256
0766e0573f2063b21643aa2529c45734f2b6477bd94f0654897a3a7c4160dedc

SHA512
342d2ac5654d17a88069c734e2a4e512869b1c1af273827249273448b7ade4de302a698b3f508d094a468ce4e5407d5af2b0c1c53ba17c87eeb06f7420a46871

Download Submit
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof

Filesize
2KB

MD5
b711a8c197b7aa8458a3c1d5bd86d528

SHA1
e54cd95ca4c58c9254ef0ac57c1f496cd620322f

SHA256
c24d66df0b39496befaf21f2467a51476faa09657d8cef2bdbc2d81ce7f045a5

SHA512
80523b95d79a3c4f830fd5969fb83ab44c01807b9b750e5c07a26847a7ecfbb7ff80bfe490c5fe625215a6c170fb3d442619bd4b4727b8788426fbd55dad1d88

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads