e5af56ef129ed8a1d89be249b135ec33db32f019399eb05c64c2c0c57d04e1d0

Analysis

max time kernel
149s
max time network
155s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
23/03/2025, 18:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

childapp.apk
Size

4.4MB
MD5

8e22828a63f574113c52c779ee12e6ea
SHA1

6d034ae5412ab94dce5a7c13b1803bfedc430268
SHA256

9dfc67ae5ad93b5f224186aa433db28af7ff20b671ce1db5c779183335d69479
SHA512

a2d4ca8dd112e8b15c499f438494d2df8ae4af8bcb74c2c8038aec37b69c96447767bcdd44116e1da3cbee3fbf45881e3b1aba8db3c9313078e7ace55d339962
SSDEEP

98304:NfrGwTVxBeIn91DzNvrV5g2ZkiivCE2mz7zBjTl0tA0O5o:NZHBF7PNvppkiF0zl6n5

Score

7^/10

banker collection credential_access defense_evasion discovery execution persistence

Malware Config

Signatures

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.expensive.financial

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.expensive.financial

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.expensive.financial

com.expensive.financial
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Schedules tasks to execute at a specified time
PID:4786

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/Config/sys/apps/log/log-2025-03-23.txt

Filesize
13B

MD5
de2c41a51ee9246eb1708f65b511add0

SHA1
2f442d634c8a18760a232c8829d4b5d74a52f074

SHA256
ad2d914ca347cd1930e32f21c6d5448c34104bea181b93abc85ec518985653ab

SHA512
7cdfbd001594503644e9ed80ae852f90ef9e841a8382e2eec6979e149a2c400a3b83055d205b4d1d66e1600e5127482932d5127eb5800d35a4ee5673fe34d84a

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2025-03-23.txt

Filesize
21B

MD5
7c92e024aa43d3c250643463dcfa2dff

SHA1
c75c4ea51520f967a269e0cc94a6aed75fd8737b

SHA256
d4e6ea6de80c909fe8619339f4611c51a680e51d341f795255c87f41e4efbc2a

SHA512
6e75cdaff8cb9a03aec9b06ca39ba0e11946b2a7e10f9164b65e94f0afb28939e4631b3dc36d32b8b6056cedae697ba6f097cb4207114d4c05b247b534acdfc2

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2025-03-23.txt

Filesize
25B

MD5
bdb821a955117250611e94cd23842584

SHA1
81edcea1b44f94cfc140710c8410d0696b760c67

SHA256
076eb89055ff3d929eb732e1002a0105652e628682a741151388ce1df3b6ec9d

SHA512
e52ffed4ee84acc414c530c239c8876d9e99c1f2b2c7626c0ed7fbe0c59b9cb8f8a5e9e983541bea3dfdb849dd3b9593df054c2482ed8bcda7c70ebd960ca268

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads