Overview

overview

10

Static

static

10

ee20d6abcf...f3.apk

android-9-x86

8

ee20d6abcf...f3.apk

android-10-x64

8

ee20d6abcf...f3.apk

android-11-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    27/03/2025, 14:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ee20d6abcf80df3a02c99b977ae6c948d2449f573daa9204ccc9fab6825883f3.apk

  • Size

    1.9MB

  • MD5

    44405c5d83122d34d6d8cd8be926e4ac

  • SHA1

    dfdcc3747ea7c93e289bcf83c341e65de15fca27

  • SHA256

    ee20d6abcf80df3a02c99b977ae6c948d2449f573daa9204ccc9fab6825883f3

  • SHA512

    b3e33d0fe710e8f7fa736f43601ad624826fee2a5dc4c1696e024d71cfe54aa8dce03bb6331a6349a863e63373fbfc3b2b9c426028f554b4b97bcf16257649b6

  • SSDEEP

    49152:C4z7QDP2llZWltfrb6zYAVEOADgWDHfrFSXT:pUMlZUtfDOE3HfrFSXT

Score
8/10
bankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactpersistencestealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Looks up external IP address via web service 3 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Performs UI accessibility actions on behalf of the user 1 TTPs 8 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
    collectioncredential_access
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    defense_evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.example.autoclicker
    1⤵
    • Removes its main activity from the application launcher
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Performs UI accessibility actions on behalf of the user
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:4345

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

2
T1628

Suppress Application Icon

1
T1628.001

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

1
T1422

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.example.autoclicker/cache/volley/-13880353731616627628
    Filesize

    1KB

    MD5

    e10a0f35380584a7a815d98389ed336b

    SHA1

    342e982de3fee82f51811adf395c19c41a8c567a

    SHA256

    d45e4a4afed8317183bba315b4c25b9aa0a17b5536485402155edb82dbd3cf9c

    SHA512

    d7452e076684b9a4538c81abd235b497ad6b9742566d014897a59f6f5378ef0537d7ca01715e4547c83442ba7d35943a78a5b3350a12371acc73c1f88cdedb19

    Download Submit

  • /data/data/com.example.autoclicker/cache/volley/-13880353731616627628
    Filesize

    1KB

    MD5

    d4da833228eeccfc715cad29e56cb114

    SHA1

    65ee8653eb73f29ae0513316ca48a9f580650876

    SHA256

    ac458bc624e917a8ee700d9bf83182a9bb05bf342e6bf00a50f50d59543f1d0b

    SHA512

    e3e2f6525a8e697297a3998cfb34a4039e83280df1b381bc1069aa5bd2500104d56a888b520945c774928c3463f35411c5fbacaa99b9b44ff1c8a90a288e8cd3

    Download Submit

  • /data/data/com.example.autoclicker/cache/volley/-13880353731616627628
    Filesize

    1KB

    MD5

    c369d4f94c61b7467065dca5aeb6f6dd

    SHA1

    cce0322a6810285aba030133f7184d80173e4ed2

    SHA256

    b8f9c803b02a4eac1d05b5dc8bc4f45b6abf94d0181ec8882540fbc530cb4f98

    SHA512

    0326776b07fac43bfbc162e6b66f2022fe593680b40c024c6aaa0a0993a2b54e46c5eea83810412fdb00b5e495570dba3c0acd2428bfeeb375cb5f1b9401b60e

    Download Submit

  • /data/data/com.example.autoclicker/cache/volley/940463526-598879448
    Filesize

    861B

    MD5

    97d06bed294e25f2d8240cf405de97b7

    SHA1

    5d7d83683222a649ec55a92baadea133d3e4b784

    SHA256

    42b3352dc3bdff37ecfe8f19ec2a2673a4627c864e08753ce36cc24ac6e7e5a1

    SHA512

    e31a3cacef524c8e2c2def0648b709adea760229649df4c8591b81d59614194cbf125d713cfc804e038bc0385a4b5eeac5f4a0359e1ed41f1add2c43a78e33e1

    Download Submit

  • /data/data/com.example.autoclicker/cache/volley/940463526-598879448
    Filesize

    861B

    MD5

    7692f2906348b834456f8fb2ed69c6b0

    SHA1

    c8b2e30734e8f318b1347541a0669b19bfa164af

    SHA256

    90f83a509a9b6c2e065c040724fdd49b9ae8d7b3785704dc8f248148025fa823

    SHA512

    ba84d0dff52cb2a64c39be6b1a5a3f2e1bf17a924dc44e99a18f1809fff897af1c4d03f3f58bd375a4998fe5afcdfaa5707c17c2cf70e3cf808c73321cce4ff8

    Download Submit

  • /data/data/com.example.autoclicker/cache/volley/940463526-598879448
    Filesize

    861B

    MD5

    1f03840cba4cad6cb1353eaa1ba55c5e

    SHA1

    12f7371e502e55580dbf1dd067c253f4619b6660

    SHA256

    c1dbbf56348295575db99ddb83af053690d40c25b7ff79b0322e5b8de72d6fa2

    SHA512

    5da68904123698b31b3d0cf516f020e581000974812ab1449e67b0ce2a0dcefae408b9b4e5b5ec2ef3b255e5d4da3dc9bece549048e235ea89826411d29ab7ca

    Download Submit

  • /data/data/com.example.autoclicker/cache/volley/940463526-598879448
    Filesize

    861B

    MD5

    3926384875e29a0e7b6e7a153aec99d4

    SHA1

    a2fd2e702c3b741191888287ccb6cea5dff304d6

    SHA256

    83b996bf4502e6be5dcc1bb2f34479a90f15785571bdcf879bf44adc38327116

    SHA512

    9edb16ce5271bbfa28e0c193403fdb1889e86e57221bc3b187824988e18d9e4698818579731e4d665ac61513bce2d871ca4f5075c659b2ff9153f90ee8b8abc8

    Download Submit

  • /data/data/com.example.autoclicker/cache/volley/940463526-598879448
    Filesize

    861B

    MD5

    eac48f0be383a3848665dc5dcd19bd33

    SHA1

    65c5472060c59a06f2d8c35216c158ef1d576063

    SHA256

    b0d0cc6748fc3e04ff46154ce658f99fd2978abadced48f3cad9b10ebaff20b7

    SHA512

    da0ee32be6318df44900d5d02296f2a5d195b4c1c69edbf2936c3dd8e254f17905ca93e321905f7e68618267fff2e695a1bf2de1ff67708c248fcbf1b68b1431

    Download Submit

  • /data/data/com.example.autoclicker/cache/volley/940463526-598879448
    Filesize

    861B

    MD5

    68b525004030f3acf0aa12e5736f617e

    SHA1

    881a337861faed3d3deec65abbdaafc619e83a67

    SHA256

    2797cc75ef0fa4fab500ec83526cfc814c62770047eb0d417d8e3fcecc30df66

    SHA512

    eb3b837361b45dc8fcf26fae888c3e14a7bafecd36b8a6135696ec5c82f2f2fd4708e8b8d85a31b5a9bcc8b6de063ac15c3318980c9dc207ec9ae6430ff3e170

    Download Submit