785d81c36bc52158b87bf1669cb4cc2e21e80d9632d5aa2233439f02f7dc0767

Analysis

max time kernel
22s
max time network
152s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
15/03/2025, 22:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

785d81c36bc52158b87bf1669cb4cc2e21e80d9632d5aa2233439f02f7dc0767.apk
Size

4.4MB
MD5

2828a62b52a3bdef1aebe4f01469e262
SHA1

7a3423d01fc17327bb24330c3dbce80b31bf1c5e
SHA256

785d81c36bc52158b87bf1669cb4cc2e21e80d9632d5aa2233439f02f7dc0767
SHA512

fc4b751070854d7fdc3628c7889e2d2431b282270e518da570f1025505368016fc241ce653df19723fdabccef2cc80d61a90686800b13c2893b19972dacc4891
SSDEEP

98304:1Hfrbzu92CPauj1JHUNtl0F6DJ6ktBknUKsmGqFf7oZ:892CTjzalZ6ktByUKRFTM

Score

8^/10

banker collection credential_access defense_evasion discovery evasion execution persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 3 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4799	com.tencent.mm
4799	com.tencent.mm
4799	com.tencent.mm

Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.tencent.mm

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries account information for other applications stored on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect account information stored on the device.

collection

Stored Application Data

T1409

description	ioc	Process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	com.tencent.mm

Reads the contacts stored on the device. 1 TTPs 1 IoCs

collection

Contact List

T1636.003

description	ioc	Process
URI accessed for read	content://com.android.contacts/data/phones	com.tencent.mm

Reads the content of the calendar entry data. 1 TTPs 1 IoCs

collection

Calendar Entries

T1636.001

description	ioc	Process
URI accessed for read	content://com.android.calendar/events	com.tencent.mm

Reads the content of the call log. 1 TTPs 1 IoCs

collection

Call Log

T1636.002

description	ioc	Process
URI accessed for read	content://call_log/calls	com.tencent.mm

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery defense_evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.tencent.mm

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.tencent.mm

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

defense_evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.tencent.mm

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.tencent.mm

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.tencent.mm

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.tencent.mm

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.tencent.mm

com.tencent.mm
1⤵
- Removes its main activity from the application launcher
- Makes use of the framework's Accessibility service
- Queries account information for other applications stored on the device
- Reads the contacts stored on the device.
- Reads the content of the calendar entry data.
- Reads the content of the call log.
- Requests cell location
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about the current Wi-Fi connection
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Listens for changes in the sensor environment (might be used to detect emulation)
- Schedules tasks to execute at a specified time
PID:4799

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Foreground Persistence

T1541

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Foreground Persistence

T1541

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

User Evasion

T1628.002

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Location Tracking

T1430

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Location Tracking

T1430

Protected User Data

T1636

Calendar Entries

T1636.001

Call Log

T1636.002

Contact List

T1636.003

Screen Capture

T1513

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.tencent.mm/databases/Dname

Filesize
32KB

MD5
1854505a3f6d683ed7eb81612934370c

SHA1
4f710add9a652d2fb92b7ce45589e27bf03f0b2a

SHA256
8100330a266f3027b929ea1bde99440ce4a544c9d9a0abb2ef0d1a73aa4cd9a4

SHA512
104a6e9c840b1fddd22ae579624a549c911abfbb48dc4454d3d231619c41a9abbf22f0dc5362a80c8c8245cc18566661f3645ac48c61259132886d4bf4678962

Download Submit
/data/user/0/com.tencent.mm/databases/Dname-journal

Filesize
512B

MD5
374adc9a1927e40d5c68085dbb96ccaf

SHA1
23f8abb8d2b8fe87fc2465463acf62e49cf34895

SHA256
1f78456921feb2adb2402a64b26742e44f9030af9dc9c9e26faf3bfa3e9d6b39

SHA512
bf01c823c8566771c427c923d6eea558c7014b4243f8207b8619a553261ba0ffac85676aaa73b562b15237365bff086e386d218ab4942c62687a3a08af76abb5

Download Submit
/data/user/0/com.tencent.mm/databases/Dname-journal

Filesize
8KB

MD5
2f582dca2da4bded67082797ab101807

SHA1
7f3ddffeb3016322893e2bc25d45736e36163a33

SHA256
4b9dd1b6a70fc2d67729076e0f19408cce476de56d96b1c6d3f51799a7e2cd6f

SHA512
580f4a978832221dfa3c2e6e4cb2fec5c62d72a9e08cc4fb5053da9b99101a3dcfb107c2c599fc0fc208578083ff2f8764024bf1e71c69c5ccc685444c935996

Download Submit
/data/user/0/com.tencent.mm/databases/Dname-journal

Filesize
8KB

MD5
8476980a4785c3ad26f3ba3abb76a299

SHA1
946ae329f6cc6560baf3058ee018e64035032530

SHA256
b443cc6be5b7bc284f598a2afc6a5f1d58e8f5df58b525252f4bc1be98a76e9c

SHA512
13fa70ff4c7692fc368e59fbddfe1eb27e23a03619b207d209f7745f2e8bfeda605a598eea1b308bbd3326e7d381e5c51d29e315a48147381f68738b23345026

Download Submit
/data/user/0/com.tencent.mm/databases/Dname-journal

Filesize
8KB

MD5
64797c85ad1b21aec0d0d1a3ca3928b1

SHA1
31fab52388bad4e0b9b31140feef1bfba28edf6c

SHA256
5117b30412e2a424455cb999356fb1dd45fa5adb728091eb7889d91bc8d5f503

SHA512
45109fd5bb8f5257bf1c49a923700eba492b784520a802759a78caf2357afca9a2c202d6480c7988f926a535aec6614e1ec10ca5c1b1eb85938260f0dd1625a5

Download Submit
/data/user/0/com.tencent.mm/databases/Dname-journal

Filesize
8KB

MD5
3fcaafc570e2f76c49fa5650f6a6f575

SHA1
2b7e86ef5ee609000a1c34669f25879a3a09ec56

SHA256
d327e62d967784f1df93ce7762bc6ef0d9b4a525c9eaabcf687b1e47c77939c7

SHA512
657de3adf8c793152986e786f7c7dfcbe0a2632092f7b1e5d0ec9b8c8768975305a3a13526880dad06fd16577c01d55b05c9a8e02385a2f9827c6fdda3416208

Download Submit
/data/user/0/com.tencent.mm/databases/evernote_jobs.db

Filesize
16KB

MD5
3d9da61731a90f2c8cc061f74b1aa4b0

SHA1
49ea7d7fd4563ab6ec4ba55bd049d043285b516f

SHA256
2dd29aedd4c9b4fb4f0b8ee5de4a96356e82b7f71730392893c077b078b6fee2

SHA512
2423f0e1cc7298ebf118c2aec7fc2a34c50e561c69d94f2fadaa66d3b7f8486e43433e0cb594507acafab772ed7932f2b1a5a272775c01534e87d4840fa0ff17

Download Submit
/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

Filesize
512B

MD5
67a043ffc49e930da4a7d406ed8eeee5

SHA1
df9d4883c259f8183206bcf3aac72029b5949a9a

SHA256
b32b01e72129f5d3df298d5e8565000539372ad822f3592fd21b08efcead7c52

SHA512
a28fec935ee9861a0ccd552b6a9e1398728a03e98607b995602c13dbb095c42ad530d7815e8b23d0cfafbc8b244b0989e7bdc6d531226a2609e7b7794785dd2d

Download Submit
/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
1ab5f560155f4eda20c47934f57f0832

SHA1
86a072e10fae35e1fe9d95b2431e2055be4330ac

SHA256
f38ac3f6f3b0ef73898bc866d1a3eae66be21bac5075731f97f6c51baafe290f

SHA512
d44010b83e20dcc2be09da673d54aa53a4e4ec6676b5241205f851bda29cd909ab3e75b1263f1a1ac0bc0128e538c25daede5039e7c5f50668b1e666e4569abd

Download Submit
/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
60ba994cfca5354dde4e36dcd7247fd3

SHA1
894a864fd9af04c9c59152683f8d0c24ae4790e7

SHA256
7471224653cb91a8c5b57b45dcc07eeaed8b6f9d6e7c6efd8c6759ba95dbf329

SHA512
70996da5bdecb47858ee18b4ee95527ebfb9f7894812147a5213e4d27fffef8997a7375c396ca1a703398e373f9158261243890fd20dbf4ed9811dcce2a7fb9c

Download Submit
/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
9f738f01c4c26c1a1aca3ab161fb8a8a

SHA1
d9a7f1a784feb2c8fc54d496bc2798a181dda983

SHA256
6381a07015126ebc8fbf62be139581c4f67dacf7c6b9a8f4d439c4bec863d0f6

SHA512
5a061c644bb942bae4fa3b2f159def204eeac3f90257b968d6e1af1e7e067498b85deee28ec6fb513d14f063747e4ce3df99f205c19ef221d0f400206706bf57

Download Submit
/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
5eaf9807f670e26c8602d99380c47ba7

SHA1
b5e9aaaf3716915a4c3933ce37b8698b27825f42

SHA256
fdb23f023b70f83223898d55052a71ddae5a1f05094dc0ae31d8364edd35f9bd

SHA512
de34d80e4e9fa13e103f3149ce83508b3566854c111e1db4199d653599c24febbc50a872e60665436c266fa74fd5bed7b652365348d28e04907ab33993cfbcfa

Download Submit
/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
db2e5578f602b1d18e89563e51453103

SHA1
cde0091e0f594049536529810f6adf3de9967733

SHA256
7b070d8b4427009f5001277b2263088c0009513933ef20883f728ad78953f878

SHA512
d4b0e6473a959fba5b84f12280cc6bb2e37779d5ffad3098675e83c4ea5d22bcc8b40a413c58a8674a1594bac1fb1dbef06b88dbe82f5b758e25a43d80e7b2b6

Download Submit
/data/user/0/com.tencent.mm/files/CallLogs.txt

Filesize
3B

MD5
58e0494c51d30eb3494f7c9198986bb9

SHA1
cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d

SHA256
37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570

SHA512
b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

Download Submit
/data/user/0/com.tencent.mm/files/GP.txt

Filesize
108B

MD5
e0efe9431a4d24d709fbba29201ad08f

SHA1
85d4578db91a2f444cf63b8f166585ebde18046c

SHA256
ef133cc3e38d38d58bdd6e61b350b3e52814820b6046845f11334d2be599c247

SHA512
492e21b89c336734ea97939be2a3531bc44693ff954eb1febb454c8b6bd41565056a8c507ceadfaf468b557e3bc4a07759f315f36ceab9138c24318f53cb2270

Download Submit
/data/user/0/com.tencent.mm/files/Tree.txt

Filesize
566B

MD5
d7df970c5ed9201b9fd34b62087e0c99

SHA1
9512e98dd491f80eebec4e411c41f70b275f4b16

SHA256
27f2656925c31227fcab8942ee4736a1410b7eec72bef71f54a988f75fc2f9a5

SHA512
c0e836ff463b6778a03984a495cc1f25d3fd326bcda5f69baa64cea1c4a33be5b168f4e943ff5bdad727ca320475d04db141653521220206721945baa3299d2f

Download Submit
/data/user/0/com.tencent.mm/files/accounts.txt

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
/data/user/0/com.tencent.mm/files/netinfo.txt

Filesize
854B

MD5
63ce3e90511cdb8d157223a752318f1a

SHA1
8e9857d47574b3c8c2ac9a3b050c65db9a15f89f

SHA256
c82fc3bf5a6120a3ebcdbe45ebc322f53797861e88b0a8fb5879ad4c3dbc2daa

SHA512
c34ff015e29fdd57bc30abaf4cc3fcc14b4f79232a75567755bff70964123b82fe0edccf021ec111ddb208b67aa13cbdb1ce870f70b599e0a775817763667e33

Download Submit
/data/user/0/com.tencent.mm/files/netinfo.txt

Filesize
854B

MD5
ab7fc286c306a02365e0ea1b94694b37

SHA1
d05efd915eb9073c19c8ad062a57375e2c098d02

SHA256
50d5a57ca62260fb5bf0b9fb041880c4564fabc2d967d717b16b1b9edc968ee3

SHA512
62ac6ea0254473aa940bff9ee84d04bd4e9f7eaafb57db9e870f25aea3cfc1a2140686f1330bcee5f08a74e3b7ea05b708c05108e0e50c832a8606d0d13c1232

Download Submit
/data/user/0/com.tencent.mm/files/pkinfo.txt

Filesize
10KB

MD5
b593d0594fc2e98f60b0288475ba950b

SHA1
1c10ef393a2666d7640ca45e663321019a5675fb

SHA256
49e287b4855336cc22b24d4f912538f43d226ddca9b322d769fb3ef0306d9411

SHA512
7ba2ceeddfbc8efee39b6a5d9f81001cca3e07d6d6311ae16e0eff38fd395567fa3236aa7f7b59def32a5a7ed27d24cd852b3936d32bd05b467dbd1ed8dcd40b

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2025-03-15.txt

Filesize
12B

MD5
e48057c3603c907cacbe1568a7dbfc41

SHA1
6e100086b53e20e499a9be069aa1b452faf82ba3

SHA256
4b36685dbf772b2de007f4c98f824966f4f3a132075692d3d3d8f11e84e5468e

SHA512
787e1140832e8c308039f0287ee801c00040544d5241425b0c0c8e8dc19ecf3feefa50706723f7a21be209c13b24ab3dbe0691ec42118fdfe18611b13155fb9a

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2025-03-15.txt

Filesize
267B

MD5
8dd2d88d2e878742f2265fbd96beb74e

SHA1
28fa0207e799473ae9d3727ad3f2bd64ccaac225

SHA256
3e213568449f8eb9888efc4a14d637eb38791bc5344e414020c1aa75ba5f8340

SHA512
5d9062b45bc973f4a4b3523ace17b6ae3314d4881bfea4050c6477a75f930a89020db4942c6bc207baaad9d9625f7340f0db87694e639bb1f39a021086af511e

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2025-03-15.txt

Filesize
12B

MD5
a9256f55737b655c8cff95418411997c

SHA1
d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24

SHA256
bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412

SHA512
10d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads