Analysis
-
max time kernel
22s -
max time network
152s -
platform
android-11_x64 -
resource
android-x64-arm64-20240910-en -
resource tags
arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system -
submitted
15/03/2025, 22:06
Behavioral task
behavioral1
Sample
785d81c36bc52158b87bf1669cb4cc2e21e80d9632d5aa2233439f02f7dc0767.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
785d81c36bc52158b87bf1669cb4cc2e21e80d9632d5aa2233439f02f7dc0767.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral3
Sample
785d81c36bc52158b87bf1669cb4cc2e21e80d9632d5aa2233439f02f7dc0767.apk
Resource
android-x64-arm64-20240910-en
General
-
Target
785d81c36bc52158b87bf1669cb4cc2e21e80d9632d5aa2233439f02f7dc0767.apk
-
Size
4.4MB
-
MD5
2828a62b52a3bdef1aebe4f01469e262
-
SHA1
7a3423d01fc17327bb24330c3dbce80b31bf1c5e
-
SHA256
785d81c36bc52158b87bf1669cb4cc2e21e80d9632d5aa2233439f02f7dc0767
-
SHA512
fc4b751070854d7fdc3628c7889e2d2431b282270e518da570f1025505368016fc241ce653df19723fdabccef2cc80d61a90686800b13c2893b19972dacc4891
-
SSDEEP
98304:1Hfrbzu92CPauj1JHUNtl0F6DJ6ktBknUKsmGqFf7oZ:892CTjzalZ6ktByUKRFTM
Malware Config
Signatures
-
pid Process 4799 com.tencent.mm 4799 com.tencent.mm 4799 com.tencent.mm -
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.tencent.mm Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.tencent.mm Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText com.tencent.mm -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
description ioc Process Framework service call android.accounts.IAccountManager.getAccountsAsUser com.tencent.mm -
Reads the contacts stored on the device. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://com.android.contacts/data/phones com.tencent.mm -
Reads the content of the calendar entry data. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://com.android.calendar/events com.tencent.mm -
Reads the content of the call log. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://call_log/calls com.tencent.mm -
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.tencent.mm -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.tencent.mm -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.tencent.mm -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.tencent.mm -
Reads information about phone network operator. 1 TTPs
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
description ioc Process Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS com.tencent.mm -
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener com.tencent.mm -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule com.tencent.mm
Processes
-
com.tencent.mm1⤵
- Removes its main activity from the application launcher
- Makes use of the framework's Accessibility service
- Queries account information for other applications stored on the device
- Reads the contacts stored on the device.
- Reads the content of the calendar entry data.
- Reads the content of the call log.
- Requests cell location
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about the current Wi-Fi connection
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Listens for changes in the sensor environment (might be used to detect emulation)
- Schedules tasks to execute at a specified time
PID:4799
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Foreground Persistence
1Hide Artifacts
3Suppress Application Icon
1User Evasion
2Input Injection
1Discovery
Location Tracking
1Software Discovery
1Security Software Discovery
1System Network Configuration Discovery
1System Network Connections Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
32KB
MD51854505a3f6d683ed7eb81612934370c
SHA14f710add9a652d2fb92b7ce45589e27bf03f0b2a
SHA2568100330a266f3027b929ea1bde99440ce4a544c9d9a0abb2ef0d1a73aa4cd9a4
SHA512104a6e9c840b1fddd22ae579624a549c911abfbb48dc4454d3d231619c41a9abbf22f0dc5362a80c8c8245cc18566661f3645ac48c61259132886d4bf4678962
-
Filesize
512B
MD5374adc9a1927e40d5c68085dbb96ccaf
SHA123f8abb8d2b8fe87fc2465463acf62e49cf34895
SHA2561f78456921feb2adb2402a64b26742e44f9030af9dc9c9e26faf3bfa3e9d6b39
SHA512bf01c823c8566771c427c923d6eea558c7014b4243f8207b8619a553261ba0ffac85676aaa73b562b15237365bff086e386d218ab4942c62687a3a08af76abb5
-
Filesize
8KB
MD52f582dca2da4bded67082797ab101807
SHA17f3ddffeb3016322893e2bc25d45736e36163a33
SHA2564b9dd1b6a70fc2d67729076e0f19408cce476de56d96b1c6d3f51799a7e2cd6f
SHA512580f4a978832221dfa3c2e6e4cb2fec5c62d72a9e08cc4fb5053da9b99101a3dcfb107c2c599fc0fc208578083ff2f8764024bf1e71c69c5ccc685444c935996
-
Filesize
8KB
MD58476980a4785c3ad26f3ba3abb76a299
SHA1946ae329f6cc6560baf3058ee018e64035032530
SHA256b443cc6be5b7bc284f598a2afc6a5f1d58e8f5df58b525252f4bc1be98a76e9c
SHA51213fa70ff4c7692fc368e59fbddfe1eb27e23a03619b207d209f7745f2e8bfeda605a598eea1b308bbd3326e7d381e5c51d29e315a48147381f68738b23345026
-
Filesize
8KB
MD564797c85ad1b21aec0d0d1a3ca3928b1
SHA131fab52388bad4e0b9b31140feef1bfba28edf6c
SHA2565117b30412e2a424455cb999356fb1dd45fa5adb728091eb7889d91bc8d5f503
SHA51245109fd5bb8f5257bf1c49a923700eba492b784520a802759a78caf2357afca9a2c202d6480c7988f926a535aec6614e1ec10ca5c1b1eb85938260f0dd1625a5
-
Filesize
8KB
MD53fcaafc570e2f76c49fa5650f6a6f575
SHA12b7e86ef5ee609000a1c34669f25879a3a09ec56
SHA256d327e62d967784f1df93ce7762bc6ef0d9b4a525c9eaabcf687b1e47c77939c7
SHA512657de3adf8c793152986e786f7c7dfcbe0a2632092f7b1e5d0ec9b8c8768975305a3a13526880dad06fd16577c01d55b05c9a8e02385a2f9827c6fdda3416208
-
Filesize
16KB
MD53d9da61731a90f2c8cc061f74b1aa4b0
SHA149ea7d7fd4563ab6ec4ba55bd049d043285b516f
SHA2562dd29aedd4c9b4fb4f0b8ee5de4a96356e82b7f71730392893c077b078b6fee2
SHA5122423f0e1cc7298ebf118c2aec7fc2a34c50e561c69d94f2fadaa66d3b7f8486e43433e0cb594507acafab772ed7932f2b1a5a272775c01534e87d4840fa0ff17
-
Filesize
512B
MD567a043ffc49e930da4a7d406ed8eeee5
SHA1df9d4883c259f8183206bcf3aac72029b5949a9a
SHA256b32b01e72129f5d3df298d5e8565000539372ad822f3592fd21b08efcead7c52
SHA512a28fec935ee9861a0ccd552b6a9e1398728a03e98607b995602c13dbb095c42ad530d7815e8b23d0cfafbc8b244b0989e7bdc6d531226a2609e7b7794785dd2d
-
Filesize
8KB
MD51ab5f560155f4eda20c47934f57f0832
SHA186a072e10fae35e1fe9d95b2431e2055be4330ac
SHA256f38ac3f6f3b0ef73898bc866d1a3eae66be21bac5075731f97f6c51baafe290f
SHA512d44010b83e20dcc2be09da673d54aa53a4e4ec6676b5241205f851bda29cd909ab3e75b1263f1a1ac0bc0128e538c25daede5039e7c5f50668b1e666e4569abd
-
Filesize
8KB
MD560ba994cfca5354dde4e36dcd7247fd3
SHA1894a864fd9af04c9c59152683f8d0c24ae4790e7
SHA2567471224653cb91a8c5b57b45dcc07eeaed8b6f9d6e7c6efd8c6759ba95dbf329
SHA51270996da5bdecb47858ee18b4ee95527ebfb9f7894812147a5213e4d27fffef8997a7375c396ca1a703398e373f9158261243890fd20dbf4ed9811dcce2a7fb9c
-
Filesize
8KB
MD59f738f01c4c26c1a1aca3ab161fb8a8a
SHA1d9a7f1a784feb2c8fc54d496bc2798a181dda983
SHA2566381a07015126ebc8fbf62be139581c4f67dacf7c6b9a8f4d439c4bec863d0f6
SHA5125a061c644bb942bae4fa3b2f159def204eeac3f90257b968d6e1af1e7e067498b85deee28ec6fb513d14f063747e4ce3df99f205c19ef221d0f400206706bf57
-
Filesize
8KB
MD55eaf9807f670e26c8602d99380c47ba7
SHA1b5e9aaaf3716915a4c3933ce37b8698b27825f42
SHA256fdb23f023b70f83223898d55052a71ddae5a1f05094dc0ae31d8364edd35f9bd
SHA512de34d80e4e9fa13e103f3149ce83508b3566854c111e1db4199d653599c24febbc50a872e60665436c266fa74fd5bed7b652365348d28e04907ab33993cfbcfa
-
Filesize
8KB
MD5db2e5578f602b1d18e89563e51453103
SHA1cde0091e0f594049536529810f6adf3de9967733
SHA2567b070d8b4427009f5001277b2263088c0009513933ef20883f728ad78953f878
SHA512d4b0e6473a959fba5b84f12280cc6bb2e37779d5ffad3098675e83c4ea5d22bcc8b40a413c58a8674a1594bac1fb1dbef06b88dbe82f5b758e25a43d80e7b2b6
-
Filesize
3B
MD558e0494c51d30eb3494f7c9198986bb9
SHA1cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d
SHA25637517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570
SHA512b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4
-
Filesize
108B
MD5e0efe9431a4d24d709fbba29201ad08f
SHA185d4578db91a2f444cf63b8f166585ebde18046c
SHA256ef133cc3e38d38d58bdd6e61b350b3e52814820b6046845f11334d2be599c247
SHA512492e21b89c336734ea97939be2a3531bc44693ff954eb1febb454c8b6bd41565056a8c507ceadfaf468b557e3bc4a07759f315f36ceab9138c24318f53cb2270
-
Filesize
566B
MD5d7df970c5ed9201b9fd34b62087e0c99
SHA19512e98dd491f80eebec4e411c41f70b275f4b16
SHA25627f2656925c31227fcab8942ee4736a1410b7eec72bef71f54a988f75fc2f9a5
SHA512c0e836ff463b6778a03984a495cc1f25d3fd326bcda5f69baa64cea1c4a33be5b168f4e943ff5bdad727ca320475d04db141653521220206721945baa3299d2f
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
854B
MD563ce3e90511cdb8d157223a752318f1a
SHA18e9857d47574b3c8c2ac9a3b050c65db9a15f89f
SHA256c82fc3bf5a6120a3ebcdbe45ebc322f53797861e88b0a8fb5879ad4c3dbc2daa
SHA512c34ff015e29fdd57bc30abaf4cc3fcc14b4f79232a75567755bff70964123b82fe0edccf021ec111ddb208b67aa13cbdb1ce870f70b599e0a775817763667e33
-
Filesize
854B
MD5ab7fc286c306a02365e0ea1b94694b37
SHA1d05efd915eb9073c19c8ad062a57375e2c098d02
SHA25650d5a57ca62260fb5bf0b9fb041880c4564fabc2d967d717b16b1b9edc968ee3
SHA51262ac6ea0254473aa940bff9ee84d04bd4e9f7eaafb57db9e870f25aea3cfc1a2140686f1330bcee5f08a74e3b7ea05b708c05108e0e50c832a8606d0d13c1232
-
Filesize
10KB
MD5b593d0594fc2e98f60b0288475ba950b
SHA11c10ef393a2666d7640ca45e663321019a5675fb
SHA25649e287b4855336cc22b24d4f912538f43d226ddca9b322d769fb3ef0306d9411
SHA5127ba2ceeddfbc8efee39b6a5d9f81001cca3e07d6d6311ae16e0eff38fd395567fa3236aa7f7b59def32a5a7ed27d24cd852b3936d32bd05b467dbd1ed8dcd40b
-
Filesize
12B
MD5e48057c3603c907cacbe1568a7dbfc41
SHA16e100086b53e20e499a9be069aa1b452faf82ba3
SHA2564b36685dbf772b2de007f4c98f824966f4f3a132075692d3d3d8f11e84e5468e
SHA512787e1140832e8c308039f0287ee801c00040544d5241425b0c0c8e8dc19ecf3feefa50706723f7a21be209c13b24ab3dbe0691ec42118fdfe18611b13155fb9a
-
Filesize
267B
MD58dd2d88d2e878742f2265fbd96beb74e
SHA128fa0207e799473ae9d3727ad3f2bd64ccaac225
SHA2563e213568449f8eb9888efc4a14d637eb38791bc5344e414020c1aa75ba5f8340
SHA5125d9062b45bc973f4a4b3523ace17b6ae3314d4881bfea4050c6477a75f930a89020db4942c6bc207baaad9d9625f7340f0db87694e639bb1f39a021086af511e
-
Filesize
12B
MD5a9256f55737b655c8cff95418411997c
SHA1d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24
SHA256bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412
SHA51210d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574