bdff98f8b9be05b3758def51ff47b6e1ac143d1a7075697d794654d6b05a26a4

Analysis

max time kernel
125s
max time network
152s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
25/03/2025, 22:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bdff98f8b9be05b3758def51ff47b6e1ac143d1a7075697d794654d6b05a26a4.apk
Size

1.7MB
MD5

74bfa9aaaf5709b767cfe8aea7f3327f
SHA1

d2e951ce7a8704e68abdbd343bc23770df73464d
SHA256

bdff98f8b9be05b3758def51ff47b6e1ac143d1a7075697d794654d6b05a26a4
SHA512

ced5ed5f6387d3d780e9fb99a6455bad6a9fe47fa1ce81cc8412be68eb6b4a6306c083ba7f6750743c5ba9209faa752676238dde43d21a3f62a8cac2747efd30
SSDEEP

24576:zY1Qu+EBpFKMfAH54N7PXiz69AE7uTFdgqzajFxDGrvr+YH+pyydaLZessBXyT:zY1nBpgMNq69AE7uReq+L0T+1ST

Score

7^/10

collection credential_access defense_evasion

Malware Config

Signatures

Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	org.zzzz.aaa
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	org.zzzz.aaa

org.zzzz.aaa
1⤵
- Makes use of the framework's Accessibility service
PID:4304

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/org.zzzz.aaa/files/profileInstalled

Filesize
24B

MD5
8f4a51f98a65c130fa4d7cff9862ede2

SHA1
ae80db87bde3f83aac577b4474bf524db3777c7c

SHA256
ac4881c468c3d385411d2fb76cafbbd5e3b74b9c912767ac54ec719b7936af5c

SHA512
f224789fba6fab3f227f0f809efbe17c37086878bfad7098ef4fdc867b5a0090d6633b45e49be7ee2153f721c8180064409469983b5f7ef27e4d33c5f357be2d

Download Submit
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
759135706c4654b658658bd621746c85

SHA1
a97b8287dde4eef406c4e10eb67bd6a5ede80e0d

SHA256
372e214099d6444d72375ba7b7ec81ebd81103051a0100d708f3c7d3396781c0

SHA512
da6371f6205e78b74eb84321be4951bee7bb3097ff53be8e8017a02e2cd4da63772e333a1d268ac5533fd49967411af456018ea1e50d0232e48b9a2c7b30101b

Download Submit
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof

Filesize
1KB

MD5
fe86cf3c2a692144aba796cf655dff2c

SHA1
e102efd60b9aeb1c2ac7302c17a8413fec315b05

SHA256
f04d231f41ddefd63faf8e607966ff5573b0336d28f1be131cbab4222db39b54

SHA512
263fcff4d7c2277b66fb352151b6c500e73400a4c5e41594b00616515c91ff339cdd1ac635b38bb5d177c1cca45adcaf53ae178895249317a000ece4119fb325

Download Submit
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof

Filesize
2KB

MD5
a5d02c7bde9afebea3685da8ce8ea67d

SHA1
7925d78bc4dac8666a739901b5039c505be52177

SHA256
a839f6ef19cf4231ac40cf59df51b1ebb9a3140939c154fffd453e14ac5ee8e5

SHA512
61084db3ea215069c946789c3b8fd0f18ed07f3ac23f6806d2477adb08dbc51161d7cf3068d06581ac802432c72412b71f5a92045ce54befe2c5281899dfcd1d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads