Analysis
-
max time kernel
149s -
max time network
151s -
platform
android-9_x86 -
resource
android-x86-arm-20240910-en -
resource tags
arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system -
submitted
27/03/2025, 14:58
Behavioral task
behavioral1
Sample
ee20d6abcf80df3a02c99b977ae6c948d2449f573daa9204ccc9fab6825883f3.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
ee20d6abcf80df3a02c99b977ae6c948d2449f573daa9204ccc9fab6825883f3.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral3
Sample
ee20d6abcf80df3a02c99b977ae6c948d2449f573daa9204ccc9fab6825883f3.apk
Resource
android-x64-arm64-20240910-en
General
-
Target
ee20d6abcf80df3a02c99b977ae6c948d2449f573daa9204ccc9fab6825883f3.apk
-
Size
1.9MB
-
MD5
44405c5d83122d34d6d8cd8be926e4ac
-
SHA1
dfdcc3747ea7c93e289bcf83c341e65de15fca27
-
SHA256
ee20d6abcf80df3a02c99b977ae6c948d2449f573daa9204ccc9fab6825883f3
-
SHA512
b3e33d0fe710e8f7fa736f43601ad624826fee2a5dc4c1696e024d71cfe54aa8dce03bb6331a6349a863e63373fbfc3b2b9c426028f554b4b97bcf16257649b6
-
SSDEEP
49152:C4z7QDP2llZWltfrb6zYAVEOADgWDHfrFSXT:pUMlZUtfDOE3HfrFSXT
Malware Config
Signatures
-
pid Process 4345 com.example.autoclicker -
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.example.autoclicker Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText com.example.autoclicker -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.example.autoclicker -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Looks up external IP address via web service 3 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 6 myexternalip.com 26 myexternalip.com 5 myexternalip.com -
Performs UI accessibility actions on behalf of the user 1 TTPs 8 IoCs
Application may abuse the accessibility service to prevent their removal.
ioc Process android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.example.autoclicker android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.example.autoclicker android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.example.autoclicker android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.example.autoclicker android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.example.autoclicker android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.example.autoclicker android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.example.autoclicker android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.example.autoclicker -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.example.autoclicker -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.example.autoclicker -
Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
description ioc Process Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS com.example.autoclicker -
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
description ioc Process Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS com.example.autoclicker -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.example.autoclicker -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.example.autoclicker -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.example.autoclicker
Processes
-
com.example.autoclicker1⤵
- Removes its main activity from the application launcher
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Performs UI accessibility actions on behalf of the user
- Queries information about active data network
- Queries the mobile country code (MCC)
- Requests accessing notifications (often used to intercept notifications before users become aware).
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4345
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Hide Artifacts
2Suppress Application Icon
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Access Notifications
1Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
Software Discovery
1Security Software Discovery
1System Information Discovery
2System Network Configuration Discovery
1System Network Connections Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5e10a0f35380584a7a815d98389ed336b
SHA1342e982de3fee82f51811adf395c19c41a8c567a
SHA256d45e4a4afed8317183bba315b4c25b9aa0a17b5536485402155edb82dbd3cf9c
SHA512d7452e076684b9a4538c81abd235b497ad6b9742566d014897a59f6f5378ef0537d7ca01715e4547c83442ba7d35943a78a5b3350a12371acc73c1f88cdedb19
-
Filesize
1KB
MD5d4da833228eeccfc715cad29e56cb114
SHA165ee8653eb73f29ae0513316ca48a9f580650876
SHA256ac458bc624e917a8ee700d9bf83182a9bb05bf342e6bf00a50f50d59543f1d0b
SHA512e3e2f6525a8e697297a3998cfb34a4039e83280df1b381bc1069aa5bd2500104d56a888b520945c774928c3463f35411c5fbacaa99b9b44ff1c8a90a288e8cd3
-
Filesize
1KB
MD5c369d4f94c61b7467065dca5aeb6f6dd
SHA1cce0322a6810285aba030133f7184d80173e4ed2
SHA256b8f9c803b02a4eac1d05b5dc8bc4f45b6abf94d0181ec8882540fbc530cb4f98
SHA5120326776b07fac43bfbc162e6b66f2022fe593680b40c024c6aaa0a0993a2b54e46c5eea83810412fdb00b5e495570dba3c0acd2428bfeeb375cb5f1b9401b60e
-
Filesize
861B
MD597d06bed294e25f2d8240cf405de97b7
SHA15d7d83683222a649ec55a92baadea133d3e4b784
SHA25642b3352dc3bdff37ecfe8f19ec2a2673a4627c864e08753ce36cc24ac6e7e5a1
SHA512e31a3cacef524c8e2c2def0648b709adea760229649df4c8591b81d59614194cbf125d713cfc804e038bc0385a4b5eeac5f4a0359e1ed41f1add2c43a78e33e1
-
Filesize
861B
MD57692f2906348b834456f8fb2ed69c6b0
SHA1c8b2e30734e8f318b1347541a0669b19bfa164af
SHA25690f83a509a9b6c2e065c040724fdd49b9ae8d7b3785704dc8f248148025fa823
SHA512ba84d0dff52cb2a64c39be6b1a5a3f2e1bf17a924dc44e99a18f1809fff897af1c4d03f3f58bd375a4998fe5afcdfaa5707c17c2cf70e3cf808c73321cce4ff8
-
Filesize
861B
MD51f03840cba4cad6cb1353eaa1ba55c5e
SHA112f7371e502e55580dbf1dd067c253f4619b6660
SHA256c1dbbf56348295575db99ddb83af053690d40c25b7ff79b0322e5b8de72d6fa2
SHA5125da68904123698b31b3d0cf516f020e581000974812ab1449e67b0ce2a0dcefae408b9b4e5b5ec2ef3b255e5d4da3dc9bece549048e235ea89826411d29ab7ca
-
Filesize
861B
MD53926384875e29a0e7b6e7a153aec99d4
SHA1a2fd2e702c3b741191888287ccb6cea5dff304d6
SHA25683b996bf4502e6be5dcc1bb2f34479a90f15785571bdcf879bf44adc38327116
SHA5129edb16ce5271bbfa28e0c193403fdb1889e86e57221bc3b187824988e18d9e4698818579731e4d665ac61513bce2d871ca4f5075c659b2ff9153f90ee8b8abc8
-
Filesize
861B
MD5eac48f0be383a3848665dc5dcd19bd33
SHA165c5472060c59a06f2d8c35216c158ef1d576063
SHA256b0d0cc6748fc3e04ff46154ce658f99fd2978abadced48f3cad9b10ebaff20b7
SHA512da0ee32be6318df44900d5d02296f2a5d195b4c1c69edbf2936c3dd8e254f17905ca93e321905f7e68618267fff2e695a1bf2de1ff67708c248fcbf1b68b1431
-
Filesize
861B
MD568b525004030f3acf0aa12e5736f617e
SHA1881a337861faed3d3deec65abbdaafc619e83a67
SHA2562797cc75ef0fa4fab500ec83526cfc814c62770047eb0d417d8e3fcecc30df66
SHA512eb3b837361b45dc8fcf26fae888c3e14a7bafecd36b8a6135696ec5c82f2f2fd4708e8b8d85a31b5a9bcc8b6de063ac15c3318980c9dc207ec9ae6430ff3e170