Overview

overview

10

Static

static

10

ee20d6abcf...f3.apk

android-9-x86

8

ee20d6abcf...f3.apk

android-10-x64

8

ee20d6abcf...f3.apk

android-11-x64

8

Analysis

  • max time kernel
    147s
  • max time network
    156s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    27/03/2025, 15:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ee20d6abcf80df3a02c99b977ae6c948d2449f573daa9204ccc9fab6825883f3.apk

  • Size

    1.9MB

  • MD5

    44405c5d83122d34d6d8cd8be926e4ac

  • SHA1

    dfdcc3747ea7c93e289bcf83c341e65de15fca27

  • SHA256

    ee20d6abcf80df3a02c99b977ae6c948d2449f573daa9204ccc9fab6825883f3

  • SHA512

    b3e33d0fe710e8f7fa736f43601ad624826fee2a5dc4c1696e024d71cfe54aa8dce03bb6331a6349a863e63373fbfc3b2b9c426028f554b4b97bcf16257649b6

  • SSDEEP

    49152:C4z7QDP2llZWltfrb6zYAVEOADgWDHfrFSXT:pUMlZUtfDOE3HfrFSXT

Score
8/10
bankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactstealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Performs UI accessibility actions on behalf of the user 1 TTPs 8 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
    collectioncredential_access
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    defense_evasion
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.example.autoclicker
    1⤵
    • Removes its main activity from the application launcher
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Performs UI accessibility actions on behalf of the user
    • Queries information about active data network
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Checks CPU information
    • Checks memory information
    PID:4797

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

2
T1628

Suppress Application Icon

1
T1628.001

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.example.autoclicker/cache/volley/-13880353731616627628
    Filesize

    1KB

    MD5

    9755efe8c93afd31ea4cd6441134bcf3

    SHA1

    d54adfa3322a5de53e3b928c0df70b89facee02b

    SHA256

    6694b1fa76b99e3546f2767ec426e0ca5b31736cc992548a36ed5f18f63f246d

    SHA512

    6b55b45f1063e98129d2c8ef2e315d74d75192f96f5a2bf7e27c88efb5b4f39a62ca3d7e86a734cf80c6e8122ca7ff53ac97442f9f2b8b208566e58e67b56970

    Download Submit

  • /data/data/com.example.autoclicker/cache/volley/-13880353731616627628
    Filesize

    1KB

    MD5

    f9b5847c84885cf82cfe94d390fbbd50

    SHA1

    78368b27a40cc33d78f8d0c1d626a9ca7af58f2b

    SHA256

    6b3e815cc0db9b3dcb1e8bc4a632869c9fcae1d08d9275ff492da2dde4ab23ad

    SHA512

    06a3b6c7b7919c82858172ee230964aa687076fe8e9b7b844386795b0d867ca16b98cd039db97dae4b36da8bdd6a8e61c017adac118a7dcd84934d26909dc156

    Download Submit

  • /data/data/com.example.autoclicker/cache/volley/940463526-598879448
    Filesize

    861B

    MD5

    7f8d44d7445074911840b8afda183159

    SHA1

    a3327d898f5552a94f9e3252e624f0717a055887

    SHA256

    4d8d2fcb6bf58d8a4929e0f1268fa3e009a1dc574ea59c53dd66b2905414fa5b

    SHA512

    3dd561b06235d06efd57b6b4fd82ed82f7c11a5cfaebb1888789a584a2e2054ae13262e733a5c3c19bfc1c52bc1869ad7d0149ffd1ffc5c1ac1e2213642684e5

    Download Submit

  • /data/data/com.example.autoclicker/cache/volley/940463526-598879448
    Filesize

    861B

    MD5

    7d931dc5d2cfa4e79559dcc5c3b3ccee

    SHA1

    3c34ae320f371b6b63ffc0713ac0d3c82d1a50fa

    SHA256

    2681f1e9ad48421c42eb451455db525e22f29dac7d2be464eb4312733a03f49e

    SHA512

    364ccd07fc42909b7df2d3da6c8d6fe5b257962948a42fa2fc9abff0326f46233a672729a56fcb66abcfea0e906147356f6eff2af7dda40b88663c484a63a4ae

    Download Submit

  • /data/data/com.example.autoclicker/cache/volley/940463526-598879448
    Filesize

    861B

    MD5

    56045d2ce7dca9af16180149cc95d3cf

    SHA1

    9ed72c08dbd88da46bda2dc2bf78f48d963ea99d

    SHA256

    ac9be6cebcdcc58475401fc04f182f3b644b0e0d6e3aa53a6b0a9498c23d62d3

    SHA512

    83005d71b8c9c22059237896c601fcb50594d59ecbed14c76539f5775365310970abcb9eec5364d39825caaaf9edb188051c9ab70517478c811e698505d72ca7

    Download Submit

  • /data/data/com.example.autoclicker/cache/volley/940463526-598879448
    Filesize

    861B

    MD5

    ec24328ce312b2d2323f16f616800ad5

    SHA1

    3d81940bb7ea39f6442e922f444da4b4c366e5e4

    SHA256

    e5c342f093092cf363f4577d713fb5e0ac4bbd8cd48405cb901a516dee498d06

    SHA512

    87d4dceb20b22f2a570c5218e8c8a2291c94a20cb8ab9fc3cb6b8255a7a5544118bb05406102a60734f9f1af132542651efdf0205435a9f86d078fc491ec7207

    Download Submit

  • /data/data/com.example.autoclicker/cache/volley/940463526-598879448
    Filesize

    861B

    MD5

    67622031163a2a8b3ed3365d253066be

    SHA1

    16d3bad91746ddb84db50f658071716c24a10a05

    SHA256

    e8c7f6bf7f0912ee0d58d66261989fa1f7ce82a7867d0d3b4fdfd6591f557942

    SHA512

    cb3dbb463537aa991e64b2df0f0b04ce130487d63f37fa7fa499562d86c570c8c1ca6d58090af0050a66a1846185c6fa35b7c25507b175af55199c118581c7eb

    Download Submit

  • /data/data/com.example.autoclicker/cache/volley/940463526-598879448
    Filesize

    861B

    MD5

    e28b088c5aef59ff7a4e7ee56ae08ef7

    SHA1

    d72bab4803ac1cb2109ba1961d641955dc852111

    SHA256

    ccfb33d8eb22d33674dea52584218280ddf227c192e6de4ce16a1e713afdeb72

    SHA512

    8222ac5402a13dc69ede9d859caa9bd20b33fddf30dc4db4a0985d091799ba588fe80aca7b1c4e40663817e4eb6ccd53a65b9a332cad3099ab52035e6f800b9a

    Download Submit