Overview

overview

10

Static

static

10

ee20d6abcf...f3.apk

android-9-x86

8

ee20d6abcf...f3.apk

android-10-x64

8

ee20d6abcf...f3.apk

android-11-x64

8

Analysis

  • max time kernel
    146s
  • max time network
    152s
  • platform
    android-10_x64
  • resource
    android-x64-20240910-en
  • resource tags

    arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
  • submitted
    27/03/2025, 15:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ee20d6abcf80df3a02c99b977ae6c948d2449f573daa9204ccc9fab6825883f3.apk

  • Size

    1.9MB

  • MD5

    44405c5d83122d34d6d8cd8be926e4ac

  • SHA1

    dfdcc3747ea7c93e289bcf83c341e65de15fca27

  • SHA256

    ee20d6abcf80df3a02c99b977ae6c948d2449f573daa9204ccc9fab6825883f3

  • SHA512

    b3e33d0fe710e8f7fa736f43601ad624826fee2a5dc4c1696e024d71cfe54aa8dce03bb6331a6349a863e63373fbfc3b2b9c426028f554b4b97bcf16257649b6

  • SSDEEP

    49152:C4z7QDP2llZWltfrb6zYAVEOADgWDHfrFSXT:pUMlZUtfDOE3HfrFSXT

Score
8/10
bankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactpersistencestealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Looks up external IP address via web service 4 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Performs UI accessibility actions on behalf of the user 1 TTPs 8 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.example.autoclicker
    1⤵
    • Removes its main activity from the application launcher
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Performs UI accessibility actions on behalf of the user
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:5136

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

1
T1628

Suppress Application Icon

1
T1628.001

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

1
T1422

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.example.autoclicker/cache/volley/-13880353731616627628
    Filesize

    1KB

    MD5

    b630cc53dc8b87c1adc75f29869c789b

    SHA1

    e774c9616ab32b3d85a7d746a5d8b07cbb29bea4

    SHA256

    db632209f86707b88e17689a04e5ef74491bb9fe7eafb702543372793afda1f7

    SHA512

    ed1d147bbb055cd9bde19e2a0a3e152d72652b8f7ad926831d0f76ac2e58586011bcebc1fd851a477ab186fdedc8c4c06a94dbc9eca6ab297eb625fe7e03999f

    Download Submit

  • /data/data/com.example.autoclicker/cache/volley/-13880353731616627628
    Filesize

    1KB

    MD5

    6aba5654170d4ec211d65e35d30b53cb

    SHA1

    cf8df4ba968df0eb6524ebd4a98305700b9eea77

    SHA256

    46c1b46c3fc455fb5715ccdd660a6da88119bb67ee3f2688c6cd5900c03412e1

    SHA512

    1568cba1bf2f01a620163bea147a6812ec03acbd381803ac70d4ee06346cd4d933109dfde932f4a62c9a8b14f4ff3d64e458286d661273694890ec2e6980e16b

    Download Submit

  • /data/data/com.example.autoclicker/cache/volley/-13880353731616627628
    Filesize

    1KB

    MD5

    c30a91f0332320062fd60c23a47f006f

    SHA1

    cb0349690ff8b0c0ea320999d15902194ce4edc4

    SHA256

    02a6e97ee2af47a06c6c0e17687b8e7e6680991c7bf796a7f02b41a097028835

    SHA512

    5e33058f2f56ef4a04adff9c7cef5b2b24a7cdc9023c08a4c5cbb1160692f8c6c022685ba743557b9125d050bf164ab7de593afa578f5a944814188bc9ce7c99

    Download Submit

  • /data/data/com.example.autoclicker/cache/volley/940463526-598879448
    Filesize

    861B

    MD5

    1aeaf0b640653f6780e4553549a5af67

    SHA1

    82700096058d7cec5f18a26bd04705438ed95664

    SHA256

    f9a22d27f75354d4b774f4bf632d655ae05acb6ffeede7e0c67419cd857a57b6

    SHA512

    0d7b22fc7621313e3e2c8b4333523833317289f739835f5617832e50afc69b02317a3e4acd55ee2facd69d5e25dc909b63e74bce428f8e5c77f6f8cf14757f42

    Download Submit

  • /data/data/com.example.autoclicker/cache/volley/940463526-598879448
    Filesize

    861B

    MD5

    f417cdf7bf5c5389af2b626ff6466abf

    SHA1

    9996b109e334f1cf7af19b207bc02935c9219075

    SHA256

    206399b751f708d7ca2e6996a7a430dc20d9d23b65d279efabb35d2ff6ab47c2

    SHA512

    b1baf0065f9e4cf374b36bb3ed7d08529ad72c5a75756ffed9898b45f5e9d24436a8c32c8924c7ae652be18dc2029370ed80a4e69b2766f2f3417d92b331d394

    Download Submit

  • /data/data/com.example.autoclicker/cache/volley/940463526-598879448
    Filesize

    861B

    MD5

    7a4c54f1e7473c6901138c0f23093a4f

    SHA1

    c3c26827a86f56189eb76f88c55936caa03f981c

    SHA256

    b3c926138d0c10a02eca50f0575b6259f6d3fc809c7b2cd6713c3ec783d8c00e

    SHA512

    52c5513298d858af82424db152863795713efe77c3f28d1c3daf9c80f71378448ca75fb6415431006a94beeae9ea382026b08c02c8e9c92628b423b0002c2428

    Download Submit

  • /data/data/com.example.autoclicker/cache/volley/940463526-598879448
    Filesize

    861B

    MD5

    98a48ec0934c97bc36a582ef0ad7b7b9

    SHA1

    386258997368d8b8ba0a411f8f557c5a32f9d570

    SHA256

    058bb730f8ef34122c633ef993570b26ea4ddebbddefafbe4a81085b11da4694

    SHA512

    66774db364077c45ea43fb216154ba43b15c1909026c1d579414454f73a04cb3a89a06b9cc23c4383cb6ddf9d36f2f48fe9559354a6d1e6418df2beb531c16ab

    Download Submit

  • /data/data/com.example.autoclicker/cache/volley/940463526-598879448
    Filesize

    861B

    MD5

    553d5b1a9c387c07b15eb4da6c7a2dc9

    SHA1

    6afba098455a53decca2afc597c10cde573a3f9f

    SHA256

    b2804824ee67f53dfdcd73e5dc9b00090354e7ed4a64875b75292e4801cbd9e1

    SHA512

    c3cd7d9b89fa7c72d11af197684cc08a1fa752dfba7ee661ab88ed646ed89ed471012df9ba12339e69e74c2bff4c4100950c6aa00ec7c34d281b5a1c6e65edd0

    Download Submit

  • /data/data/com.example.autoclicker/cache/volley/940463526-598879448
    Filesize

    861B

    MD5

    c667ff43bc3c603a8fd4e4e2a333c300

    SHA1

    4cb9fe1fbbf8d2685820445c1a40d5308d068a11

    SHA256

    23fff5d3ab7e4df7074d5a2931f0debe154c7bb5b88a31264c4dda6a41f82847

    SHA512

    b4786aab7cba789a334342fdf0a8264d47dc1e8d2c9efdbabcebb711d519ebe4172563c55d0ec6ab9aba177301875d271b2a3df604e02eff09703fa2b4c82016

    Download Submit