785d81c36bc52158b87bf1669cb4cc2e21e80d9632d5aa2233439f02f7dc0767

Analysis

max time kernel
17s
max time network
151s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
15/03/2025, 22:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

785d81c36bc52158b87bf1669cb4cc2e21e80d9632d5aa2233439f02f7dc0767.apk
Size

4.4MB
MD5

2828a62b52a3bdef1aebe4f01469e262
SHA1

7a3423d01fc17327bb24330c3dbce80b31bf1c5e
SHA256

785d81c36bc52158b87bf1669cb4cc2e21e80d9632d5aa2233439f02f7dc0767
SHA512

fc4b751070854d7fdc3628c7889e2d2431b282270e518da570f1025505368016fc241ce653df19723fdabccef2cc80d61a90686800b13c2893b19972dacc4891
SSDEEP

98304:1Hfrbzu92CPauj1JHUNtl0F6DJ6ktBknUKsmGqFf7oZ:892CTjzalZ6ktByUKRFTM

Score

8^/10

banker collection credential_access defense_evasion discovery evasion persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4269	com.tencent.mm

Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.tencent.mm

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries account information for other applications stored on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect account information stored on the device.

collection

Stored Application Data

T1409

description	ioc	Process
Framework service call	android.accounts.IAccountManager.getAccounts	com.tencent.mm

Reads the contacts stored on the device. 1 TTPs 1 IoCs

collection

Contact List

T1636.003

description	ioc	Process
URI accessed for read	content://com.android.contacts/data/phones	com.tencent.mm

Reads the content of the calendar entry data. 1 TTPs 1 IoCs

collection

Calendar Entries

T1636.001

description	ioc	Process
URI accessed for read	content://com.android.calendar/events	com.tencent.mm

Reads the content of the call log. 1 TTPs 1 IoCs

collection

Call Log

T1636.002

description	ioc	Process
URI accessed for read	content://call_log/calls	com.tencent.mm

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery defense_evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.tencent.mm

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.tencent.mm

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

defense_evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.tencent.mm

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.tencent.mm

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.tencent.mm

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.tencent.mm

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.tencent.mm

com.tencent.mm
1⤵
- Removes its main activity from the application launcher
- Makes use of the framework's Accessibility service
- Queries account information for other applications stored on the device
- Reads the contacts stored on the device.
- Reads the content of the calendar entry data.
- Reads the content of the call log.
- Requests cell location
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about the current Wi-Fi connection
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4269

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Foreground Persistence

T1541

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

User Evasion

T1628.002

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Location Tracking

T1430

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Location Tracking

T1430

Protected User Data

T1636

Calendar Entries

T1636.001

Call Log

T1636.002

Contact List

T1636.003

Screen Capture

T1513

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.tencent.mm/databases/Dname-journal

Filesize
512B

MD5
6a30e178354d47c454b1762f608c6a76

SHA1
87de8dd7d1bea6e16454f0295e33d763ce73d999

SHA256
ba0999d2b2284dd6978d012d1ee314969895f1e66b0b233307bd16f05852c2ff

SHA512
cec9f83925fe181116730c8f35198fc80d437ba2cb669bc02f48fc562c689131c9ea3c1447f37d34001c0102275e35c0dce61705f3d670cde9c0c0037f8f4f45

Download Submit
/data/data/com.tencent.mm/databases/Dname-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.tencent.mm/databases/Dname-wal

Filesize
60KB

MD5
e96b37a3a04919cd6ea14c406f893cf7

SHA1
d9f6726a0648d87fb44e5cdbd8f3491bc15acd8f

SHA256
74766a08f722ea9c42a7f9aa191e90300b0a573d4ea4d2c673c2385155bb4b1d

SHA512
3f0784bb36d8ee9b6dbe1f9b5eafaaac586dfeef498b504764ce7369e22b76e612ba4df2a8fa74ad2f1bd85e33a22d2c7c1a1402922420ae00ab82bdbfde5c0b

Download Submit
/data/data/com.tencent.mm/databases/evernote_jobs.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.tencent.mm/databases/evernote_jobs.db-journal

Filesize
512B

MD5
5a45a91510604e356433f0941d5a701c

SHA1
e07433a779420a066f6f5fe3430335ea30758627

SHA256
7099db3a1e4fde41ceb7b6e40b3727b029a8205d1ef0e0338082d2eebf217d0a

SHA512
e24db0b2cd64a1ced3a42b04c22989913449b56730d2418d8e14f64b6336b188bba044a0583e732439d9327a0bb80c2c2cbc679603e99077d883aaaa0aeecb21

Download Submit
/data/data/com.tencent.mm/databases/evernote_jobs.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.tencent.mm/databases/evernote_jobs.db-wal

Filesize
32KB

MD5
7d2cb323f35688770489645cd85b3f8d

SHA1
87edcac8b2abc117015d73c8f5b3d6cbc94c7d9c

SHA256
a4e254e86e25a4d3bc5bab254d936e9ff06b02531846a5fdcab7f7a704e3c35b

SHA512
97375d3eed2d9391b18b92d2f47e46f52a467e06be47d541a2c43f4a4efa110a799d610f0703933098eca67f2259c39640b8eec979cdff38a9d7ac0d23541f1a

Download Submit
/data/data/com.tencent.mm/files/CallLogs.txt

Filesize
3B

MD5
58e0494c51d30eb3494f7c9198986bb9

SHA1
cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d

SHA256
37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570

SHA512
b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

Download Submit
/data/data/com.tencent.mm/files/GP.txt

Filesize
116B

MD5
90780a0eb475b77b628c6970b8dddd70

SHA1
f7be8897f6965e430062d88e6ef698644f4034eb

SHA256
a5a892a8729770bc99f460e82f27b301e2edadac544e2b6339aab6b306f4698d

SHA512
2a4d746af5f8a4f214c74a6e785839265698d26b2b323fb2843a20e88af589bb022eff8a984704c0b5180b671cd621d6c15625f759fabccb6e9ff694d6246e95

Download Submit
/data/data/com.tencent.mm/files/GP.txt

Filesize
126B

MD5
b05fbf1d9a8db03cbb6aeae48c1de3d9

SHA1
20d66eee5d2eb334ce5e7f20f59b441158570cd2

SHA256
79c125d2c4e8c1a1aa02a7f3c65fda3da6ee8f78f9edf6c1e50c7489d99a8564

SHA512
729ad817e15e02ebfe646ce5ddef87b0aac18400f549a6b1f50cdb51086e2339f08a290f0785a74d4230ae0963c74c39fc805a8b39bbe80e3f66414e8a66156d

Download Submit
/data/data/com.tencent.mm/files/Tree.txt

Filesize
282B

MD5
73948740d6d254d171febd55c582d116

SHA1
c2ac8d17844f464c47d5b451df536678f6500bac

SHA256
f7059f0d7ff066024fe2f0d57c8fe9a93f2d92f65c6cb82b152dc7eb3e356516

SHA512
e74b1c17d201873252f9ff9447ad2a36be4b5805f3c30b2da091271c8aff219a3089fdd386dbe33810ff65d35b0ce733c12f4c51ca3061b112df49fff203916f

Download Submit
/data/data/com.tencent.mm/files/accounts.txt

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
/data/data/com.tencent.mm/files/netinfo.txt

Filesize
609B

MD5
f900f8eb760acd6fe268e02edf7cb2b0

SHA1
e248535aca46bb9a4de4d5acee9af9c46c4c0a0f

SHA256
03cac468577678828a2d091c78beea79f54fbffd28fb81e52306defa518c3cce

SHA512
e7a934d3453c3185792b3d42625153f98055a04d101fc5b09caabc8b6eb345ce2acc8b85f28fcc5522103e0e173b302d384e2364dcec87d84d43cde218cb22bf

Download Submit
/data/data/com.tencent.mm/files/netinfo.txt

Filesize
609B

MD5
79397f6867e4f545f49046ce325d049c

SHA1
29a1ee4458124ddf6a2adf0a944087be3d2c5bf9

SHA256
9e0264df7cc7c097674c0cd3a534a61eb4041773b0b1b74e80f25e01ea9b87eb

SHA512
06b21a3a9631c729a2f31a95368d5492203331f7176a0bc7c2219b32f6de054bc98d46dbf85d3c779f3b6d878f1ec4c55f2849217f2e7f71b2ece9327dbbfef9

Download Submit
/data/data/com.tencent.mm/files/pkinfo.txt

Filesize
5KB

MD5
9857c0caa99fde5d0bf47c0ee0fd821b

SHA1
ef4629899e6ebbdbaf45ca4885f5b960da25538f

SHA256
d68311a5561ada62ee327cda3a9b29c41ed0d7bc16586f9af6d5595a96d497a8

SHA512
312c11c7b41384fd5a7ef466f06813c09f6c661ade0ed4ffe6e8e88969f2ba31257a90333b13ce8d4b2ab0692318b638f06aecfea11aeb2df3739580e635a148

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2025-03-15.txt

Filesize
267B

MD5
2fea6fcd7b73787ea80ce21066f22bb5

SHA1
c31ad28bebaa4436e3f66b518e708fd60f145164

SHA256
917032a07f9e4b0e36b58f89001e310b87d6a3b8ba3b9249014026a0ff8d2113

SHA512
9cf2f442ea6a7b6057a7cf51c1546671e873c6c3bcdb5796e35aa66fed2c791de375ceb594abb83620c0c8a98ae5c6cf6d399e0647191aa7ab8a897d0e737af6

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2025-03-15.txt

Filesize
12B

MD5
a9256f55737b655c8cff95418411997c

SHA1
d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24

SHA256
bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412

SHA512
10d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2025-03-15.txt

Filesize
12B

MD5
e48057c3603c907cacbe1568a7dbfc41

SHA1
6e100086b53e20e499a9be069aa1b452faf82ba3

SHA256
4b36685dbf772b2de007f4c98f824966f4f3a132075692d3d3d8f11e84e5468e

SHA512
787e1140832e8c308039f0287ee801c00040544d5241425b0c0c8e8dc19ecf3feefa50706723f7a21be209c13b24ab3dbe0691ec42118fdfe18611b13155fb9a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads