Overview

overview

8

Static

static

6

c7d855979c...37.apk

android-9-x86

8

c7d855979c...37.apk

android-10-x64

8

c7d855979c...37.apk

android-11-x64

8

Analysis

  • max time kernel
    138s
  • max time network
    150s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    27/03/2025, 04:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c7d855979c61bafc116d1c0bfe6d87a1683bea96eecca3820bf0be954b80a237.apk

  • Size

    1.6MB

  • MD5

    cca20d1e7f3f55f29010317fa987e485

  • SHA1

    a3ba674cc763ee71723c64aba0c642ae21038e4f

  • SHA256

    c7d855979c61bafc116d1c0bfe6d87a1683bea96eecca3820bf0be954b80a237

  • SHA512

    82a8571f3af0f21f6bcb4035e4ff933956972555928b4e241e4f18282bd10e7986eb97f693edcf64d2c8914a414d1ff4cd77b49aaff88ed96faac151e988b235

  • SSDEEP

    24576:fbPk8jfSS5uBxAoPusA58aUhpB4qzWtSgw15od04B7S1zD0gBn0B5JbzfSaLx9:A8fSu+7pB4KkS+d04RSWq0B5J3t

Score
8/10
bankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutionimpactpersistencestealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 4 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    defense_evasion
  • Requests enabling of the accessibility settings. 1 IoCs
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
    impact

Processes

  • yjxq.ysrxjzb.pmnfcfhcqmc
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Queries account information for other applications stored on the device
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Requests enabling of the accessibility settings.
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4760
  • yjxq.ysrxjzb.pmnfcfhcqmc:cproc
    1⤵
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Queries information about active data network
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4933

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/yjxq.ysrxjzb.pmnfcfhcqmc/app_DynamicOptDex/UblsZT.json
    Filesize

    578KB

    MD5

    2b15bfe77412a422e39679952104b9a6

    SHA1

    8cce2265153b4dd61aa77b4759717e70498906fa

    SHA256

    923518ed279338a2137eb02100ae28b188bbec759f37b373b7a4a0d499637b62

    SHA512

    504deeffad11f18c247e3301e63bced4340899f7b002fc5b9c386ac252bbbce75a6ef4bbf414acf9759bf08b71c2270ca32f2cbbbb7a684a588d05acdb4c650c

    Download Submit

  • /data/user/0/yjxq.ysrxjzb.pmnfcfhcqmc/app_DynamicOptDex/UblsZT.json
    Filesize

    578KB

    MD5

    e20bcb07956b38e04defaeab904877d9

    SHA1

    eb70b01eb2c5ed71bfb9d115f1ba8ab49951e0e9

    SHA256

    c80e5a40fe077210ced3f672e424eebb8c8771b4a3bad6cea933213c9ee7f3ec

    SHA512

    b1146c7a1c5e05a5979be43a90cfdf8881921e2f44a5d91f70092b87aa5eb2ce9b8d4e1bc54077615053ce8e01bbad5406cc3426fcfb5ce5ede435bc82a008b3

    Download Submit

  • /storage/emulated/0/notif.txt
    Filesize

    3B

    MD5

    9b5ce67bb2a183c3d5120ca1a59247a4

    SHA1

    6d0b039fbb61e01b8b6f428973e3636643fe8041

    SHA256

    2be5b899a1b7fe4a747baeb088f0b554b89c67772af1a62dbb8b6b890e5e85aa

    SHA512

    f52849197c2c3b828db4dc9c0cdcd3d6d57e712ebe0c46511ff4c2d423593138a1c7c788f3a315af0e9bc0cc211c2ab81f125d219f1164ba8e615e6dca67507b

    Download Submit