Overview

overview

10

Static

static

10

785d81c36b...67.apk

android-9-x86

8

785d81c36b...67.apk

android-10-x64

8

785d81c36b...67.apk

android-11-x64

8

Analysis

  • max time kernel
    21s
  • max time network
    151s
  • platform
    android-10_x64
  • resource
    android-x64-20240910-en
  • resource tags

    arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
  • submitted
    15/03/2025, 22:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    785d81c36bc52158b87bf1669cb4cc2e21e80d9632d5aa2233439f02f7dc0767.apk

  • Size

    4.4MB

  • MD5

    2828a62b52a3bdef1aebe4f01469e262

  • SHA1

    7a3423d01fc17327bb24330c3dbce80b31bf1c5e

  • SHA256

    785d81c36bc52158b87bf1669cb4cc2e21e80d9632d5aa2233439f02f7dc0767

  • SHA512

    fc4b751070854d7fdc3628c7889e2d2431b282270e518da570f1025505368016fc241ce653df19723fdabccef2cc80d61a90686800b13c2893b19972dacc4891

  • SSDEEP

    98304:1Hfrbzu92CPauj1JHUNtl0F6DJ6ktBknUKsmGqFf7oZ:892CTjzalZ6ktByUKRFTM

Score
8/10
bankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutionpersistencestealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 3 IoCs
    stealthtrojanevasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
    collection
  • Reads the content of the calendar entry data. 1 TTPs 1 IoCs
    collection
  • Reads the content of the call log. 1 TTPs 1 IoCs
    collection
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoverydefense_evasion
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    defense_evasionpersistence
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    defense_evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • com.tencent.mm
    1⤵
    • Removes its main activity from the application launcher
    • Makes use of the framework's Accessibility service
    • Queries account information for other applications stored on the device
    • Reads the contacts stored on the device.
    • Reads the content of the calendar entry data.
    • Reads the content of the call log.
    • Requests cell location
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:5068

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Execution Guardrails

1
T1627

Geofencing

1
T1627.001

Foreground Persistence

1
T1541

Hide Artifacts

2
T1628

Suppress Application Icon

1
T1628.001

User Evasion

1
T1628.002

Input Injection

1
T1516

Credential Access

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Location Tracking

1
T1430

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Network Configuration Discovery

1
T1422

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Location Tracking

1
T1430

Protected User Data

3
T1636

Calendar Entries

1
T1636.001

Call Log

1
T1636.002

Contact List

1
T1636.003

Screen Capture

1
T1513

Stored Application Data

1
T1409

Command and Control

Exfiltration

Impact

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tencent.mm/databases/Dname
    Filesize

    32KB

    MD5

    0ec8d5e24581e56eb01c45155efe2049

    SHA1

    4de2aebc5e22d0420e54cb553c2739e50481e50a

    SHA256

    5bb1fd7e82a28019975971aae5f49b0eb2ddef4a943663b654ede402d2f7f616

    SHA512

    23f87b81f1b49b80a88b1eab7d5e08e7001486b135bedc434601eed4ab74b72804ae4f907ede18213454dfa9da7058692b012861170306adbe6b12650dd51fd4

    Download Submit

  • /data/data/com.tencent.mm/databases/Dname-journal
    Filesize

    512B

    MD5

    c94fcf63ce1102e64d9a4f1620773588

    SHA1

    43e846cd4028b951eea4b1e8ec118bd19047a2e0

    SHA256

    90612afcd604ba2a5c145b0f65073cd558187c9a6d945996bddb5e7d0c4ec52a

    SHA512

    2836d094ea16dfa205d85588c6cb91956cbe8d224d8a22e1acf1557f7badbe8e95a519604881c0a5598752c2ce0b6eee292f7a7befd72c1e19df54297c6cbd03

    Download Submit

  • /data/data/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    8fb9e5a9ce5f569788db9ffcbccfd3c5

    SHA1

    df2b26aff8673c4948cfcf67fd78a5fcf3ed9a67

    SHA256

    43172d9dae0bda9f80099494c620e318a49e4000d2ecf05c72049a08cf14f4b3

    SHA512

    e1cfb7d63fa83bf9e12b07e689889c96cd2f31721f9808b64015a1a43e0c1a88b2aa4c734b6e67e2fe4d718393d252d0f837ca7e64a0159dabc1e982b3f66a57

    Download Submit

  • /data/data/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    56375ee564e823f0e28f12e2938d7cab

    SHA1

    fd0034f8827fb121a66d0664860b88e46fc16a9a

    SHA256

    323648d28fc97028b08501a8df6d662132d3bf39a21c84fca4b1d0805c56b50d

    SHA512

    43d2d1081374c8a646fb156c4204e669d53c173865c8322a68adb04c149fd3578784d424af17c65362a5a393ad4fd6bddff2f874f353fda3540ca7611592da11

    Download Submit

  • /data/data/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    4e52c7c24e1aeb8048bf2afffcfdee68

    SHA1

    0790378b22d4b869749f3dfe9b655599432f60a7

    SHA256

    b7831ae06fdf10e8881fd71923b215cbccdb8e1cb8f90133a91568c0bc998720

    SHA512

    d6eeaee636bfb813993783b622c574c1f2d20f9fe34945a1e2f5dd54c86058a3b8f7c40a9f36c544efebb9c9d421a1981e4869646b962bdd8abf1d4de71ef724

    Download Submit

  • /data/data/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    ba8933c3b855e62aa23af9858d5ec1c4

    SHA1

    90b635ac0913f560496a91ae8a23070be8d96772

    SHA256

    886d722b24e40541824723b473ad9ce9c652d929f91eebf95af08b85d950f01b

    SHA512

    7a09ade70036f1a301592c91a9e6f38664e6836a82ad2d6cb7f6c21159fa6f411fd9c322f785b5f6d79aa8976a112ba625a8b082ba9de8d5f828377eb97c8509

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db
    Filesize

    16KB

    MD5

    1f613452b1fefaa95061dfbcde102e28

    SHA1

    2b726e81966c3046f168f8dd8f1c55188874929e

    SHA256

    d2483b012ac665c636c79e839f01add41b88921cc388dd4328275541118b6f1e

    SHA512

    eb6a0f9b7c4df58ed6c0fa7e21327337cb2e8840047d9dcac22ab76e4cd10c1fd503739e04212ff5fdbf5c532df5607f220e19919f349fdb0c87c15a4bcc368b

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    512B

    MD5

    936fae0824b7fd32d1b201506317ba57

    SHA1

    38243b6c7cc53e193e26152080d551f189cfe8dd

    SHA256

    dc44df2e98ef71a02789f1405abd9a1e34a2212dab1097bc0472a502ae4ce12e

    SHA512

    a0b4068dfbacca00de751978e6940b8a72683f7282daec90f77d9c6e63f09ac993b699d76280c28be68bf4883497b89a4e407bc71c7eaf1a359c466e0319bc3a

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    c569c1eee7844bdfc09e4b032cc125a2

    SHA1

    805a31b4e4cca4195b602103265cecd9dd545713

    SHA256

    6318d0cd6a3092a95f2ecf3ea9de9192dc5bb029493164b140b59ebd4e1656b5

    SHA512

    ad2c59956b8e47842695eda7a31efcd79dd1ae2d064f6c3f4708eab2baad91dc00a6c900dd9e223bdf471739049afb4a7c06a7b2d0b69c90a6424fa12171dbca

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    5d0b3de1ee85c8304665527a000d976a

    SHA1

    bc3f1e4e3a9afdaccc78338b07378f3f0212dd79

    SHA256

    64dfcabf64c5dd2ec4f3983342044790d0dd75550228cd404e8facdadcf12712

    SHA512

    36cc5bb7e33752e5ffd9fcb20a3110a021032f19f0ec5d8836ff26143394bbc0d6f01fc2bcc585c6eade9b63dc40bf9e62e785dcb70310d8445aac85a82301f0

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    342d5fdc57b2e02d731520fc7f320ad9

    SHA1

    21d0e922f0c5d209e79c199205b861598d51c8fa

    SHA256

    a9b4a982e77dd23e6b442d683629ff5fd7e6181ed6f5a08347c0fd58bff37c3d

    SHA512

    ee6ef722bbacc1e474ff9df1bd7479b73859e5e94a216fd51fec1cad2a59a837bbfd67c5286fbabf3e5b6481f00d51bb5e8e7ee125845c3998be8750513a132b

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    709d04d3bbb66b282babb56848c31d8f

    SHA1

    7b241f18a02a9ff832ed984b91645e1471207f8e

    SHA256

    bd77d93993dffd6a3d9b1c640c5335ab812d75f560dae2c761c11c449d9d3560

    SHA512

    4125046c64c78391a9a5b0877d2f1006d0dde10a26a330964fb822f18261d949a1cbc4941ec434b6fadbd9eddaf465fd34e8b7d07d95e9599fce3d87045a910c

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    4fdc0071ca9e7ec52a7c3f5e4622911f

    SHA1

    233a292b0ab2e594be40d2612c4b52d682740c0b

    SHA256

    16692ccf5b20e4ff3d3a0dfa56216398c63e12ada1de6c393bdfdd767466c7f2

    SHA512

    aa3ff690f265c33ba27b3a4741700e228ea32b44fd35cdbaf5f042170543aeb162eb7439236ca1a93d2c51371f0c3fd724b0b247f642f77ce5fe9b2d97818ea0

    Download Submit

  • /data/data/com.tencent.mm/files/CallLogs.txt
    Filesize

    3B

    MD5

    58e0494c51d30eb3494f7c9198986bb9

    SHA1

    cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d

    SHA256

    37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570

    SHA512

    b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

    Download Submit

  • /data/data/com.tencent.mm/files/GP.txt
    Filesize

    108B

    MD5

    f09920fc925388cb604f74174d919067

    SHA1

    5e0c7d9241f1b7eb15085fa4361f057fce03a03a

    SHA256

    ebdb2b6c7e4f57f313911098f7f4ebd047d0be983aa3153325e0c508a73e5824

    SHA512

    d7c951020604590a229a31769d7a7955c9d6f4cda1d177963207a3a275087ac66e257826537e3aacaa6f5289aec6e14df939e29c161ec75ffafd2c3b55e3f430

    Download Submit

  • /data/data/com.tencent.mm/files/GP.txt
    Filesize

    126B

    MD5

    eb1c859817a8680707f405a8eda84e43

    SHA1

    c3b72ae80ea07662570e695a5f8040464e6fe6b2

    SHA256

    7019644c40f48bcfe132fc325278964f98ef5cafa82299c530c1c87fe87f06e0

    SHA512

    d97ef3d7a5355283955a3cb30f7426f086179a56ce80bbb10dfcc057866dedd6a972f173e90cba6d937a6fc5d554ab4a1bec1ca284dad6ef7335e46d72af644d

    Download Submit

  • /data/data/com.tencent.mm/files/Tree.txt
    Filesize

    515B

    MD5

    69e82e1484a68d4f2c43ef460ca289d7

    SHA1

    c99c247612c47f7712c773ce9415b8bb9cc8ec10

    SHA256

    fd9ac7f97e8a56fcad29cc17ba1a09a7162fd391e946efa912218e799add99e9

    SHA512

    422ff6be9c297e9ac5980bd8a268cbbedf9066da21fc0cfc37b1f126dd2adeb162b3261ff651d280fe6cbbf6bbaa86934098ec6abdb9a943df5b215ca2735341

    Download Submit

  • /data/data/com.tencent.mm/files/accounts.txt
    Filesize

    2B

    MD5

    d751713988987e9331980363e24189ce

    SHA1

    97d170e1550eee4afc0af065b78cda302a97674c

    SHA256

    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

    SHA512

    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

    Download Submit

  • /data/data/com.tencent.mm/files/netinfo.txt
    Filesize

    827B

    MD5

    25970b2bf58f21d1cd7d8146908a1b0f

    SHA1

    6a1b454cd5dae7231808f8393c9101b9bf9ec2e4

    SHA256

    10e13cc6f362cfe1f8b9a313b434119b790a8f0294d346645d11c223e0de4034

    SHA512

    8f9d86ea4d5808f07290b09eba6ac99545221127b23fe59eaee5b446603c776011c86a5e5839ccf411c770392cbfd8511d081d3d92a27187d6050006a002bedc

    Download Submit

  • /data/data/com.tencent.mm/files/netinfo.txt
    Filesize

    827B

    MD5

    a44339d34cf7562f07168d06a603ff09

    SHA1

    ca8d65f160d9d50cfbe7239589a4c2114c8d14db

    SHA256

    3e5069853a5aebd34ea9879541393d5e20066f9d4c4ff531b22cc6d67f08a02f

    SHA512

    165e04e962700c32e97ddaf33185188caf6add31e7861a685234e05e3edd009ef23d39e082717fa8aafe485e4d19b83578cc8903e8dda5d0d2f2f08570126a82

    Download Submit

  • /data/data/com.tencent.mm/files/pkinfo.txt
    Filesize

    9KB

    MD5

    de42df6381f44c0dc45891054c656259

    SHA1

    5a76c1ad2ff42094034a18774912bfaa79489c29

    SHA256

    51c06cbd2eee387145a0eac5b55b387f2da3797cfb737cbb151aacc1b145e747

    SHA512

    700f8a3e85a7ea4f1d15aa3046d6c96ef898ac628b797616f94737570b802ee22db555e4d81c3fe91a90c3c92e9bc45aa940d55dc2c876a6488387743eabc037

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2025-03-15.txt
    Filesize

    12B

    MD5

    e48057c3603c907cacbe1568a7dbfc41

    SHA1

    6e100086b53e20e499a9be069aa1b452faf82ba3

    SHA256

    4b36685dbf772b2de007f4c98f824966f4f3a132075692d3d3d8f11e84e5468e

    SHA512

    787e1140832e8c308039f0287ee801c00040544d5241425b0c0c8e8dc19ecf3feefa50706723f7a21be209c13b24ab3dbe0691ec42118fdfe18611b13155fb9a

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2025-03-15.txt
    Filesize

    267B

    MD5

    ca83936d0c0ffdb4a991046e32ccc956

    SHA1

    6d34827e6fd5b8f716cc5f7d7843b581713aeab3

    SHA256

    b50da55ec1fcb8d0589b49d5b3dfef915d77f3dbb24416bb1305441f81c507d2

    SHA512

    61bb1d4d033b0ddfa7ae802d5732c00af6db3aa5bcfbda0c60a0f12bd9fbbbd03123990c55d5abbd3d6e967471101b82e409f1620a73a3cf8c627452f61440d4

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2025-03-15.txt
    Filesize

    12B

    MD5

    a9256f55737b655c8cff95418411997c

    SHA1

    d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24

    SHA256

    bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412

    SHA512

    10d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574

    Download Submit