Overview

overview

10

Static

static

10

ee20d6abcf...f3.apk

android-9-x86

8

ee20d6abcf...f3.apk

android-10-x64

8

ee20d6abcf...f3.apk

android-11-x64

8

Analysis

  • max time kernel
    147s
  • max time network
    154s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    27/03/2025, 15:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ee20d6abcf80df3a02c99b977ae6c948d2449f573daa9204ccc9fab6825883f3.apk

  • Size

    1.9MB

  • MD5

    44405c5d83122d34d6d8cd8be926e4ac

  • SHA1

    dfdcc3747ea7c93e289bcf83c341e65de15fca27

  • SHA256

    ee20d6abcf80df3a02c99b977ae6c948d2449f573daa9204ccc9fab6825883f3

  • SHA512

    b3e33d0fe710e8f7fa736f43601ad624826fee2a5dc4c1696e024d71cfe54aa8dce03bb6331a6349a863e63373fbfc3b2b9c426028f554b4b97bcf16257649b6

  • SSDEEP

    49152:C4z7QDP2llZWltfrb6zYAVEOADgWDHfrFSXT:pUMlZUtfDOE3HfrFSXT

Score
8/10
bankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactpersistencestealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Looks up external IP address via web service 3 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Performs UI accessibility actions on behalf of the user 1 TTPs 8 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
    collectioncredential_access
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    defense_evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.example.autoclicker
    1⤵
    • Removes its main activity from the application launcher
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Performs UI accessibility actions on behalf of the user
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:4324

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

2
T1628

Suppress Application Icon

1
T1628.001

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

1
T1422

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.example.autoclicker/cache/volley/-13880353731616627628
    Filesize

    1KB

    MD5

    a7ff444c968918e55b12fa3aa34550cb

    SHA1

    f635be737ff97d9320746f8e7e825bca68df8a09

    SHA256

    ab06a098ecc3ddeb0e87c095f0166d03bb976889a1bc41ed8f719098e885af52

    SHA512

    7151a1a5b09893bda3329d2e491920395d8dbac2fe3c14dae58a35b3891b3ff953609b630ba22a7a9d6a723289e756ec1b7b429b083686a2ffc44269c5494fb4

    Download Submit

  • /data/data/com.example.autoclicker/cache/volley/-13880353731616627628
    Filesize

    1KB

    MD5

    630d5b7799b75b207355da57f1c154f5

    SHA1

    c6d92912602fe26885afa62c7d0d0b75c1507c42

    SHA256

    a49a04e9ed8594dda6e67462bbed0a3fa3d48c211545382fe44913b637685b44

    SHA512

    ce1cb2cd359d3e899e81a5dc76f82c9737b2307810203722ecc06b379c05aa36ae037d776c5844b67f8fd1ae53793b52bba5cc61db07d4637cef35456f5420c7

    Download Submit

  • /data/data/com.example.autoclicker/cache/volley/-13880353731616627628
    Filesize

    1KB

    MD5

    1e242d013d044d21509d9d15afa8425e

    SHA1

    fd66c108d3ca4cdc76e9d71f5f3f135af77a32ca

    SHA256

    82e7866bbae040a8d970812983448df9f0fdb6ec3804bb101bb82a421cf10bba

    SHA512

    1f1da87950ebbbd31b43e000823e5805dd283deb41bf06a81266a3655e81fcad6dc0edad002006aae6ed76e23bdf8c5db05722c4ca44e6c243d485e5d55ab3a6

    Download Submit

  • /data/data/com.example.autoclicker/cache/volley/940463526-598879448
    Filesize

    861B

    MD5

    97258458982b3d2e1fed91368aa6cdcd

    SHA1

    6ccbcbb139fa1fef324115890be4d0c198fba337

    SHA256

    7f8a82f99b5a2dbfbb42bd3176204d8f547984a3d18da6f896379d64607f695d

    SHA512

    8bd73e88673b8ab193e4c1213c173213df4e1b9a6fdeec37b1096dcb43b6b616f6b6dcc96ea6fe96c49d71a6360688f92562fa3276611c095afd3454dd34119e

    Download Submit

  • /data/data/com.example.autoclicker/cache/volley/940463526-598879448
    Filesize

    861B

    MD5

    d07411b1bc8149211fdc752d41ce6af0

    SHA1

    f9911e91d928d5e348d3f8bddcdb86ff2085d0bc

    SHA256

    b1c71a3a0dc15519b77802fec8898b9ad3e050e26306e8eeaf9ad5bb88f51dcb

    SHA512

    95895293d97c38a244e63ef9cae20d09c57ddf16740ab4af25c660ae271c1d62589b55e59d2b0705f51f94119344c80735d3a6443c6e46c1a200a5ca6f3ae2de

    Download Submit

  • /data/data/com.example.autoclicker/cache/volley/940463526-598879448
    Filesize

    861B

    MD5

    79482ff891d946df3b1763cc708678c0

    SHA1

    2055867a956ff16a91487529c4c9d1006f4d7e75

    SHA256

    d8af839e0b213c74dae8b2c70f8b318c460d30695988b542fdaab8e7294bf3da

    SHA512

    30f2be49befa74e0005fd53090e4283599b680bbefcf9329b5cfb784d040c518f6388dd308e8448f07ef53065b4b35c74602fa8028f69855b4d300bdc50c6ed1

    Download Submit

  • /data/data/com.example.autoclicker/cache/volley/940463526-598879448
    Filesize

    861B

    MD5

    61311346ed1033bd83454271276a8728

    SHA1

    3b372b42fd389d50a510a06b085547362aec24a5

    SHA256

    23e59c78eb43f694ef728c882b1120f0d5e0f2df9da841f030c2f7cc82bd61f7

    SHA512

    37ba465b701b13d969ebb941363f6967460c039a89126aa6a12c1aa28cc0742db850ddb97babb3aed1b9da68eb34a058784dc46887f67e80a68cf1d29d726a9a

    Download Submit

  • /data/data/com.example.autoclicker/cache/volley/940463526-598879448
    Filesize

    861B

    MD5

    c71d76f4144829ff9578e4a430a24f5c

    SHA1

    2206c1fa3e8fadd76d547e0fef50ba9c57dd8c1f

    SHA256

    823803fa4b5bdb887af181ef86fd7f5a68938d4757596ee9a8ce6e0e03ac6a4a

    SHA512

    b1113e6c6d6853875fc3b363e148cb09fd92fb3a4464dcb90f70fb7e22d1ff608132aa1e538fd8bbf4112da8e2ec220447ab0e765f98acdfbe7c750a7341f193

    Download Submit

  • /data/data/com.example.autoclicker/cache/volley/940463526-598879448
    Filesize

    861B

    MD5

    5bb020f3dfe8e3f657d3a80e5bb9694a

    SHA1

    22befc6fdac244f509e24cb401925fe9a4a12569

    SHA256

    5ed793100652b737c006ae98ffbbbd427d4b372aa8ab0ff333478e2feb4974c7

    SHA512

    9dac6d59ccae263e0a1d3ac7cdffe5318c6b9012925bbc2ceec9f4f6ec127c08d89a99a341021565034f51d9c6817c91dc72bb487264716b61f32c812603d04f

    Download Submit