ajina | 3603f04cce819ccf8e78756712e92743707a8c902093b1ffd2719bfafdbf22e1

Analysis

max time kernel
125s
max time network
152s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
14/03/2025, 22:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3603f04cce819ccf8e78756712e92743707a8c902093b1ffd2719bfafdbf22e1.apk
Size

1.8MB
MD5

a4aa8da3c6054d73b9ffcfa2fd3bb16f
SHA1

6be81f1cd9442c53d01d5255798a0577d709f1a0
SHA256

3603f04cce819ccf8e78756712e92743707a8c902093b1ffd2719bfafdbf22e1
SHA512

7fca0119be5d4286e9b6630053da6470e78d280609bf2a5d3ad18236a21abdcc898b8666ed1326e6726d2a6f59b1bdc1d6b99f423077a65245ce270ab3a85957
SSDEEP

24576:pOY1iFoQstAKwR4afKfqufHb111Z1jRWjOkaQnx6AjpjjYHlV8DdtOjUSrVa1gOu:pOY1xkvbu/D1Z1NRQx6ApKQDdwZqo

Score

10^/10

ajina banker collection credential_access defense_evasion infostealer rat trojan

Malware Config

Signatures

Ajina
Ajina is an Android banking trojan first seen in November 2023.
banker trojan infostealer rat ajina
Ajina family
ajina

Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	org.zzzz.aaa
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	org.zzzz.aaa

org.zzzz.aaa
1⤵
- Makes use of the framework's Accessibility service
PID:5138

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/org.zzzz.aaa/files/profileInstalled

Filesize
24B

MD5
3aea6ff31f801a81cd1eb8f604a9e638

SHA1
bf8cbb65427d4c8a9f30245cba90fd39d1022a03

SHA256
6bb4aabe133d8028054e962c5ae7ad9928c1efd95e8afaebdbf813dd5ac68a63

SHA512
e114e5053b8f5789c5668b444974d9b1940791481d6d6a972e925d390b573276c4ac430b5e31be9f75369e44df42746473da04b5138dc588df8eac1e9a85180d

Download Submit
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
6cf0c718fd8e246841cfab0df3ef6b83

SHA1
18a822fe151d44ebb0d6006c5e237b179eb80ba2

SHA256
492fd04facca8619abb1f0c326a31870cb7af2f4fd2700bf764bad490776d538

SHA512
c81b76855747110d33ae81324e0a410e7fab4190bf9a62a2dd722ba7af3ebb78e03df6734ac564bde60b950fb32e099df9677b4a2d97e0effbed08d090445954

Download Submit
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof

Filesize
1KB

MD5
f19b52cffae9e6458bd6c49beb94ed32

SHA1
8ef29e8b0838cb18ddd31a194bb874e7d3d9e5a5

SHA256
0766e0573f2063b21643aa2529c45734f2b6477bd94f0654897a3a7c4160dedc

SHA512
342d2ac5654d17a88069c734e2a4e512869b1c1af273827249273448b7ade4de302a698b3f508d094a468ce4e5407d5af2b0c1c53ba17c87eeb06f7420a46871

Download Submit
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof

Filesize
2KB

MD5
8cdd298d021a2be1f2a503e7d3475565

SHA1
4ed300ee680497019466da390bd99999c08c2930

SHA256
13d5e65a8f810db7d675f16aab98984674c887049fa0640d0c3f4e8038005991

SHA512
fb537ec166712fb56e50a9b27972cb5cb5279715811d28687c367772e207c1d0a38c6c25ea5e12f639c732d41f5fb17a48294cfcf9ca32e9f54445b511b9618c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads