ajina | 3603f04cce819ccf8e78756712e92743707a8c902093b1ffd2719bfafdbf22e1

Analysis

max time kernel
134s
max time network
153s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
14/03/2025, 22:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3603f04cce819ccf8e78756712e92743707a8c902093b1ffd2719bfafdbf22e1.apk
Size

1.8MB
MD5

a4aa8da3c6054d73b9ffcfa2fd3bb16f
SHA1

6be81f1cd9442c53d01d5255798a0577d709f1a0
SHA256

3603f04cce819ccf8e78756712e92743707a8c902093b1ffd2719bfafdbf22e1
SHA512

7fca0119be5d4286e9b6630053da6470e78d280609bf2a5d3ad18236a21abdcc898b8666ed1326e6726d2a6f59b1bdc1d6b99f423077a65245ce270ab3a85957
SSDEEP

24576:pOY1iFoQstAKwR4afKfqufHb111Z1jRWjOkaQnx6AjpjjYHlV8DdtOjUSrVa1gOu:pOY1xkvbu/D1Z1NRQx6ApKQDdwZqo

Score

10^/10

ajina banker collection credential_access defense_evasion infostealer rat trojan

Malware Config

Signatures

Ajina
Ajina is an Android banking trojan first seen in November 2023.
banker trojan infostealer rat ajina
Ajina family
ajina

Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	org.zzzz.aaa
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	org.zzzz.aaa

org.zzzz.aaa
1⤵
- Makes use of the framework's Accessibility service
PID:4764

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
761d4d4d534fa51d45b7df860660f658

SHA1
6019220cfdb99dc5f51339174802811c5ee130ac

SHA256
59e839ba46cf4be6a5982c5cd225560de8b605369c37d64b8026d19dc0c8e0be

SHA512
7d67b68e4fd549165956f6a5b6a5e3c2cbf2eb2b1b740698141db7982e36256a7fa86adecd161e90b3e2e6812f2628b478dce4bbb3bc2f350270655889b07f6e

Download Submit
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof

Filesize
1KB

MD5
f19b52cffae9e6458bd6c49beb94ed32

SHA1
8ef29e8b0838cb18ddd31a194bb874e7d3d9e5a5

SHA256
0766e0573f2063b21643aa2529c45734f2b6477bd94f0654897a3a7c4160dedc

SHA512
342d2ac5654d17a88069c734e2a4e512869b1c1af273827249273448b7ade4de302a698b3f508d094a468ce4e5407d5af2b0c1c53ba17c87eeb06f7420a46871

Download Submit
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof

Filesize
2KB

MD5
10632711e6a9116152265d03b86c0a32

SHA1
edb06ceb2232a157011a6681dd039a388dff909c

SHA256
3660b25b5ec3488c7160c14e113482488dac3a23e7283c9387fecd753f1847ea

SHA512
c70c05bf4ea9c3c4bd2ea732a66b52dbaefb9974c163093fef17d9a22b999b976b928cf8ca14dfeba137b097a842a3facf31460bf5cb79bbb302f81edc4e010a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads