e70e9e17f4083ab8a8620a9eed08ec1b06b598db1a8d3711992cfd219bf65afb

Analysis

max time kernel
146s
max time network
150s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
27/03/2025, 14:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ee20d6abcf80df3a02c99b977ae6c948d2449f573daa9204ccc9fab6825883f3.apk
Size

1.9MB
MD5

44405c5d83122d34d6d8cd8be926e4ac
SHA1

dfdcc3747ea7c93e289bcf83c341e65de15fca27
SHA256

ee20d6abcf80df3a02c99b977ae6c948d2449f573daa9204ccc9fab6825883f3
SHA512

b3e33d0fe710e8f7fa736f43601ad624826fee2a5dc4c1696e024d71cfe54aa8dce03bb6331a6349a863e63373fbfc3b2b9c426028f554b4b97bcf16257649b6
SSDEEP

49152:C4z7QDP2llZWltfrb6zYAVEOADgWDHfrFSXT:pUMlZUtfDOE3HfrFSXT

Score

8^/10

banker collection credential_access defense_evasion discovery evasion impact stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4763	com.example.autoclicker

Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.example.autoclicker
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.example.autoclicker

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.example.autoclicker

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
21	myexternalip.com
22	myexternalip.com
33	myexternalip.com

Performs UI accessibility actions on behalf of the user 1 TTPs 8 IoCs

Application may abuse the accessibility service to prevent their removal.

evasion

Prevent Application Removal

T1629.001

ioc	Process
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.example.autoclicker
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.example.autoclicker
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.example.autoclicker
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.example.autoclicker
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.example.autoclicker
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.example.autoclicker
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.example.autoclicker
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.example.autoclicker

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.example.autoclicker

Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs

collection credential_access

Access Notifications

T1517

description	ioc	Process
Intent action	android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS	com.example.autoclicker

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.example.autoclicker

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.example.autoclicker

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.example.autoclicker

com.example.autoclicker
1⤵
- Removes its main activity from the application launcher
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Performs UI accessibility actions on behalf of the user
- Queries information about active data network
- Requests accessing notifications (often used to intercept notifications before users become aware).
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Checks CPU information
- Checks memory information
PID:4763

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

User Evasion

T1628.002

Impair Defenses

T1629

Prevent Application Removal

T1629.001

Input Injection

T1516

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Access Notifications

T1517

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Access Notifications

T1517

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.example.autoclicker/cache/volley/-13880353731616627628

Filesize
1KB

MD5
ec3c375d1dc47918149f9565dc4d1fd7

SHA1
52d93d7a885e50104ae0aed92f4b73143eaa9281

SHA256
dcb92fd77ad1063325461e274de5b24d3859b2dab61c37a2a5757a21efdd18bc

SHA512
8d93aafe4c294751557b3d046e039c06187654550c705fb6afa866fd561eefba59ad969a808abb293a34d00eccc94204614c2d38926b206e0b8d017b180d9eee

Download Submit
/data/data/com.example.autoclicker/cache/volley/-13880353731616627628

Filesize
1KB

MD5
b132a48bf03b8518b278466c15c3c364

SHA1
5863676fa645dd272e65e6d3100d620dc3fda334

SHA256
4e7f5d47774f9fbed99afad39b95c4c31ab070c9f737576de48a913a32126c42

SHA512
64add8ce579d7ce8a69b7044370f7176225b15f805a0f06363f2390fac5659b8d62b09f9b5da0f7402a69701e97de6f12171d03d6ba1a6a81c48b52ff1aa8644

Download Submit
/data/data/com.example.autoclicker/cache/volley/-13880353731616627628

Filesize
1KB

MD5
618c02376155f8709085b935399c28c1

SHA1
a3f11001bffc093eaaf9798c36b95bc20b78bd45

SHA256
79ad5fadf2d0cc77b5e7623b6a335b9e6712bc9ceb33ca594d39a45971a0df5c

SHA512
3c0f21e86fa786ffe479e8fe9b61eac908781df3a55803e6170cd51bb3750613479e0f30ec1e45241e50192a814eab7fc99056121b866f798e2851c85a04562a

Download Submit
/data/data/com.example.autoclicker/cache/volley/940463526-598879448

Filesize
861B

MD5
e21a2da3cb1d4420ae220bbd7308a0df

SHA1
4b76ab9641a05d1b972f5c7789c5692b26ccb256

SHA256
7b3aa9459aa9ff8da7f9e7ce9e26f5db3962900843e5e3199240be1ba3f479dd

SHA512
1db0fe813a46827a210a327517d706cc29b843efd5cf1a74c18af92618413851b6598e555eddacae309497ad089a7cbafd8d752a2899d2d6b638f397ae7615b5

Download Submit
/data/data/com.example.autoclicker/cache/volley/940463526-598879448

Filesize
861B

MD5
011e88aec73ba5508426a08292a88fe4

SHA1
8af6df07913885e070583e3ad481ab146406dc9c

SHA256
42a29a49918b275380b650f696762f0af516e39b0eed105f6adfeca73cfd0dc1

SHA512
20cd84d5c5ab7c2e37c190b2d90be90df133d8fc3f6a7e20159fcd1d7957375681fcd290b81f21f2424725d07444e67b8bdd31a0d59b553ffc630b1cf79e2fe9

Download Submit
/data/data/com.example.autoclicker/cache/volley/940463526-598879448

Filesize
861B

MD5
50fcd0faed13d5f7b41aa0364323cf10

SHA1
81e3d709f5e013f931eab6ffa68c27dd6656975a

SHA256
635c7f71d3f19167ba8a4ab44d5a5fc650911eb6243658e8e17557c31a0f1d53

SHA512
021cf9e0b804960f8975f5a9e240ff5f27f402eb3b790db8ef2a39f5a0a9c2fa46607da406d78a7dc8f8cc2b7aa878abeab35623b6e96093eb22c66673964019

Download Submit
/data/data/com.example.autoclicker/cache/volley/940463526-598879448

Filesize
861B

MD5
57573f9a890b73c057256942105f998c

SHA1
11e807269a5a5c256e9452e7ce59fdebb820736f

SHA256
5670a0d0ae87025d43cd28f3aad0be0e8b02ec2512c146ebefc6042be7483534

SHA512
c38d9451eccc913d5879d3c3cd2092cc83f34eee948103283e6bb4ce97347e6905be5da4702c03e445af9d353b52461114133f3f3ec23f6123ef1ca424883316

Download Submit
/data/data/com.example.autoclicker/cache/volley/940463526-598879448

Filesize
861B

MD5
e76aaa4a34552a6011b4869c9d675386

SHA1
76b9863008c0f106eb284aa695fcfd486c7edf4f

SHA256
94963748c53fe1f376abd23e2bf0ae2c9ee2b66c1f3ed91a4f30a73def64dc2c

SHA512
817e6c6a305be6a91d874a72cd3bf0c0a0b28780dda62fe605403c9d7fd30e103266801582c94f058e3f3f4449382ae8556feb34943d3e7bb3ed1cfc3b8ee6b1

Download Submit
/data/data/com.example.autoclicker/cache/volley/940463526-598879448

Filesize
861B

MD5
3726289079d41f4b52fedfaf2c2a0e8d

SHA1
1c1b1cf38d7e062664b49fb3b2fe77f531d83558

SHA256
00df9b454b12344c03f7eaf6daf2eb66f10437869fb307114a9505102c70982f

SHA512
dee4a9044304531c90129bd997ef12ca15a9e1d421a0df424f927a617e0b56d85bbe1a20dff8daa790109fd587bc1c423bd8d0d7fb684d3cf9751e862fe8ffdf

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads