Analysis
-
max time kernel
149s -
max time network
151s -
platform
android-11_x64 -
resource
android-x64-arm64-20240910-en -
resource tags
-
submitted
26/03/2025, 22:57
General
-
Target
19278db5549027a224f9436c45ffdf0a0dc5ac630335fb2d9ff9d44da0f267b0.apk
-
Size
3.9MB
-
MD5
9d6c50c4103251cd45f93b380bb48bd6
-
SHA1
1990d07867ec04fd0fb791bd347e2b410da5d114
-
SHA256
19278db5549027a224f9436c45ffdf0a0dc5ac630335fb2d9ff9d44da0f267b0
-
SHA512
35cad8d62c1d12bdfd499aa5720474df34d6ebf4bb577c5f5205c2e13012fb401c33605ae63119b5fff1bf86ce30e22faa9e038d06913a345831365b7bfc4c03
-
SSDEEP
98304:CVyFi2cpk0uuKmiiaiAOFO4O4sbrrLOrGvIej4OAizcP9mtz:syqH/apOFO4C2r1extcP9mtz
Malware Config
Signatures
-
Removes its main activity from the application launcher 1 TTPs 1 IoCs
-
Checks known Qemu pipes. 1 TTPs 2 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Acquires the wake lock 1 IoCs
-
Performs UI accessibility actions on behalf of the user 1 TTPs 3 IoCs
Application may abuse the accessibility service to prevent their removal.
-
Queries information about active data network 1 TTPs 1 IoCs
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Processes
-
com.xsyhwp1⤵
- Removes its main activity from the application launcher
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Performs UI accessibility actions on behalf of the user
- Queries information about active data network
- Queries the mobile country code (MCC)
- Checks CPU information
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1Suppress Application Icon
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Discovery
System Information Discovery
1System Network Configuration Discovery
2System Network Connections Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD5b8c58efcc0f014549c9986205dd34f36
SHA1280b118194ccb24ed0efe8b36edf95f2a43f2afa
SHA25664513e215e4d2de803840d3b0e54ba8b75f3b8c2df3ef7aa9c56e0d8204fd33a
SHA51278c982472e8da317f1d0177d462546197c58c39dc5d479db81dd3d912ea65757e4ffb6839d494e9c7d12fe6952de8c01b4a1936b8d928a4824a1bdc571b6f97b
-
Filesize
472KB
MD59f093ab21f4efa18069addd51279bd06
SHA1591062cbc092b10742e16f3451bae479679f27fe
SHA256a8b4c1ceb5f1a3de7c998c12b8bc26f9cbe2ee8bcac522b7c54e9d49505774d1
SHA5123da3ec9b7d5d00373894a198170fcdec9e80d25615677c24b6e57f79bda1a603db44ac875c59aa87aab67017d6da4c273bd65f62d3ee559d54b33bf4a8edbf74
-
Filesize
1.1MB
MD542bd2141a746ab06dcddcbc993b8a1c9
SHA11583c437e5aa6eb628f6afca10bddee38a501451
SHA2565e10c8dcba719cab710ec6d9c0626569af7664527247d50e29e1f758b745d1a8
SHA5122d946e368b008ed309481c78d802ba2c04b87e38c9b0506144e1b6212036617007d1adb180c590df178c91fdd74e4d3c1d713b3119ddd7f921352a81d44d4c56
-
Filesize
36B
MD544fee0fdbe71250c5202ba8f0ed86e4c
SHA115aeb61852c1bdb2212b6c41aa9289fbe649d1f7
SHA256a8c8bf00f7b101676335dd92a9cff4802e4118876845b3ef0e84225367b8cc60
SHA512f71d8854830098c06803af2ad92bfde75934ee57ad26a857407458ab31e2fbee334f61e51de9683b88a29918b411d155211e95762fa2c399a25da48382c74ef2