e70e9e17f4083ab8a8620a9eed08ec1b06b598db1a8d3711992cfd219bf65afb

Analysis

max time kernel
146s
max time network
150s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
27/03/2025, 14:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ee20d6abcf80df3a02c99b977ae6c948d2449f573daa9204ccc9fab6825883f3.apk
Size

1.9MB
MD5

44405c5d83122d34d6d8cd8be926e4ac
SHA1

dfdcc3747ea7c93e289bcf83c341e65de15fca27
SHA256

ee20d6abcf80df3a02c99b977ae6c948d2449f573daa9204ccc9fab6825883f3
SHA512

b3e33d0fe710e8f7fa736f43601ad624826fee2a5dc4c1696e024d71cfe54aa8dce03bb6331a6349a863e63373fbfc3b2b9c426028f554b4b97bcf16257649b6
SSDEEP

49152:C4z7QDP2llZWltfrb6zYAVEOADgWDHfrFSXT:pUMlZUtfDOE3HfrFSXT

Score

8^/10

banker collection credential_access defense_evasion discovery evasion impact persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
5070	com.example.autoclicker

Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.example.autoclicker
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.example.autoclicker

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.example.autoclicker

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
6	myexternalip.com
7	myexternalip.com
26	myexternalip.com

Performs UI accessibility actions on behalf of the user 1 TTPs 8 IoCs

Application may abuse the accessibility service to prevent their removal.

evasion

Prevent Application Removal

T1629.001

ioc	Process
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.example.autoclicker
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.example.autoclicker
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.example.autoclicker
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.example.autoclicker
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.example.autoclicker
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.example.autoclicker
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.example.autoclicker
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.example.autoclicker

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.example.autoclicker

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.example.autoclicker

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.example.autoclicker

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.example.autoclicker

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.example.autoclicker

com.example.autoclicker
1⤵
- Removes its main activity from the application launcher
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Performs UI accessibility actions on behalf of the user
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:5070

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Impair Defenses

T1629

Prevent Application Removal

T1629.001

Input Injection

T1516

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.example.autoclicker/cache/volley/-13880353731616627628

Filesize
1KB

MD5
72fed11714c1c3b1b1c6de77db9e8735

SHA1
c4285a2523272c8d1d2e5e41b270d28cab6f3914

SHA256
d1499ba70f140e6ae554abab8ab8b151a2173a10834cf626d1e8005c286ef82a

SHA512
9ff0663d359db6e85c4dcc788ee7c91e4f0cf5967e762cf9d09831f7a64bd7f299d2f851fd37682d924a41c7b6390032e8fda7357b501213f77e5c902d8198c0

Download Submit
/data/data/com.example.autoclicker/cache/volley/-13880353731616627628

Filesize
1KB

MD5
21d8a5049e42ebb39c1ebb0a88134be6

SHA1
a097b09ba65c71f56e41f0d038ec4a2601cfd76e

SHA256
7bde331406792ff5f4bbfa7dbd3e4eb4133c6a19c38b6cdb1205f09f8931c31c

SHA512
883b15f23b3f3ddb87cef7341006cad38307236d99e4e1ad2d2321dea4e3fc6f81e0bb1291d9b0b965a314719375d1c2c712320f39eb335fc0ca0c7c9b4305f3

Download Submit
/data/data/com.example.autoclicker/cache/volley/-13880353731616627628

Filesize
1KB

MD5
a196bcf19e8768e17fbb754f70c149b6

SHA1
ac62d4913cb0e0a6b3d9268e420c978e16d8fa23

SHA256
c38ca637a0638cf636cb56a2662d8d5de9d32405b1fd209986e0b4f55c50f51a

SHA512
c218da4a2af8c5f7bf0f10f2b9f525a8c5e76d3e3ae6ffed53fcc00e30f6ad5c6a553b2db92672d7fe06e18fa5844f70fe8464ec61c4dcf81eaadb4a79c1a650

Download Submit
/data/data/com.example.autoclicker/cache/volley/940463526-598879448

Filesize
861B

MD5
237cf3f9b3052cf4af1ec1ae8ba3ef8b

SHA1
769bd1c6a38f81075c1d92c8d09211e2d64d79a4

SHA256
6ed3d06a9ea5c9a7b35b5e8d19f04ab669b45b211c617bbf12f044feec671c84

SHA512
dc440a6ed9773d1624aab4b9b5c721acfb72ff30e30edbcb7aeb8824f3763680ea206180293a167204e4bdd33251dd3bcc903f76da14e3ef6b346bded5d8c295

Download Submit
/data/data/com.example.autoclicker/cache/volley/940463526-598879448

Filesize
861B

MD5
e25e306331451426712237158dbacc6a

SHA1
9faa36e383bb8ced8bb2c4b72ddaa181d1224ade

SHA256
878fde34514ac8f789d96b7f84653bd0b25b4f8dbe714522e8fac53aa51f1adf

SHA512
9f2384ef50e2c586df761ded6d4b8f72b9c99795ad38b12f872af8f39d485945c1f5918325b68d1d318064fd079efa9dbc905ea91f1f3860b12a474cb96131c1

Download Submit
/data/data/com.example.autoclicker/cache/volley/940463526-598879448

Filesize
861B

MD5
ec6c19069ed9d2229e7e6f159913a7cb

SHA1
63c98950b72206b86e14bd148703a67ac035e7b6

SHA256
250b45e90ee672f90452a8ad1c206d02949262c0b75542ffdfea47568fd8f736

SHA512
350d6ab78b2cd083fb87b845e02570545c0e6891a5eb1db2c4f6d7cfb34ca4017dbd92a7c8db02639b047a9ed943f10a33a72f9941af35bed1b9ee3294cb2def

Download Submit
/data/data/com.example.autoclicker/cache/volley/940463526-598879448

Filesize
861B

MD5
d48b38967368ae3d401cc69550f95468

SHA1
9fedf75b1f600cef1e5c4fc69151323ca89a937b

SHA256
01c5a1a2265ed4044a98e03bcabca5c16353fc18ef7557af71aa510163d2ec35

SHA512
b560a2b191d08da9e976eb193df736b8f171a887c1128da79a3be8d27d4712b4aa882f8efbe9d89c6a7ae3f841b21c70cec69cd699d9bdc961b8acfd498c7946

Download Submit
/data/data/com.example.autoclicker/cache/volley/940463526-598879448

Filesize
861B

MD5
a5226f6f30f7b35d3dc52c76a8e3b0fd

SHA1
09b66560e7746898624f96f6066c7183aaf03667

SHA256
7492a70f50a74f6d0058049c077e067c1d72da0e9a0c276ea36ec2ddd7738ca9

SHA512
ad7e88aa95b5dd8163cbad9814c363382057e2d2701c8b83d847d1f23992aa79a44bb16f61f1d0d9493705b52b4a2aedd812569a60a08519784efb82a621355b

Download Submit
/data/data/com.example.autoclicker/cache/volley/940463526-598879448

Filesize
861B

MD5
34d3811a59896091f582aa21f7b9df7a

SHA1
eb9bb0224aa09d86df4c8f122ac1a992187d8116

SHA256
9893086c59829c79366edc94c827ebad2b7925b5f278af54273a275696ea6855

SHA512
4e63d6c0448a8f9b8f5bdd4efea3d2521df634ffc6988177d04bbd5f1769b436e3b6a23e6cf77d3c96d77034aa44a3c369d1eca13537e3b01eb235b26699f425

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads