bdff98f8b9be05b3758def51ff47b6e1ac143d1a7075697d794654d6b05a26a4

Analysis

max time kernel
125s
max time network
153s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
25/03/2025, 22:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bdff98f8b9be05b3758def51ff47b6e1ac143d1a7075697d794654d6b05a26a4.apk
Size

1.7MB
MD5

74bfa9aaaf5709b767cfe8aea7f3327f
SHA1

d2e951ce7a8704e68abdbd343bc23770df73464d
SHA256

bdff98f8b9be05b3758def51ff47b6e1ac143d1a7075697d794654d6b05a26a4
SHA512

ced5ed5f6387d3d780e9fb99a6455bad6a9fe47fa1ce81cc8412be68eb6b4a6306c083ba7f6750743c5ba9209faa752676238dde43d21a3f62a8cac2747efd30
SSDEEP

24576:zY1Qu+EBpFKMfAH54N7PXiz69AE7uTFdgqzajFxDGrvr+YH+pyydaLZessBXyT:zY1nBpgMNq69AE7uReq+L0T+1ST

Score

7^/10

collection credential_access defense_evasion

Malware Config

Signatures

Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	org.zzzz.aaa
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	org.zzzz.aaa

org.zzzz.aaa
1⤵
- Makes use of the framework's Accessibility service
PID:5124

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/org.zzzz.aaa/files/profileInstalled

Filesize
24B

MD5
cea5071b6b166cfdd1556669b779ceee

SHA1
567fbb888fe49de0119d27a249c920a90b8ae89c

SHA256
ff0926bc07b2633ca1df32cb64bfefcd16d6164eb56f7660f2d4e347e4ec84a1

SHA512
d40c3e7c6c727f053d0a1976e89539613b56d0a9fdda146cc28d02a6bc9c26b35e50a0d139ff3e51f697b4422628b1b976b4146b19bd27265335211e359fa7d2

Download Submit
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
02454fca7deca8be140ca415aeb50cf0

SHA1
d600b99816e53240c21b0b3b82b4e90ab949be6e

SHA256
afea79970d01876cfd4c70aca48cbe5973f7abccb50923cbb61f2a81ce710973

SHA512
1ec96ea2944b00e5e6c7848759fd71ab8b22f5a072d04b95e5c3bda21ee676262d414dcb25621523526de0de0a38e3ecbe57e3f0523af57a2ec3abffe1a77038

Download Submit
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof

Filesize
1KB

MD5
fe86cf3c2a692144aba796cf655dff2c

SHA1
e102efd60b9aeb1c2ac7302c17a8413fec315b05

SHA256
f04d231f41ddefd63faf8e607966ff5573b0336d28f1be131cbab4222db39b54

SHA512
263fcff4d7c2277b66fb352151b6c500e73400a4c5e41594b00616515c91ff339cdd1ac635b38bb5d177c1cca45adcaf53ae178895249317a000ece4119fb325

Download Submit
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof

Filesize
2KB

MD5
0b7092afc1c3a4f908d6488c84047d6f

SHA1
ce21c736dcb7f06765639056eab63aa57641fa18

SHA256
1d766989a01bc98b6d27ba1929e44ac0601a210fcb95dc7efea482ef2f56afca

SHA512
fa2def008f8ee7a0cc65d965f865db5bce3720ed7fade131015b8b6c45eaecdebd67b80cb4a006b3ffb54b34ec8938d47a4481bb9110c8a0642784f2839d5e43

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads