Overview

overview

8

Static

static

6

d16a297b20...cf.apk

android-9-x86

8

d16a297b20...cf.apk

android-13-x64

7

Analysis

  • max time kernel
    105s
  • max time network
    152s
  • platform
    android-13_x64
  • resource
    android-33-x64-arm64-20240910-en
  • resource tags

    arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
  • submitted
    28/03/2025, 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d16a297b20a5a637bcba76aaddbb6359a0d7dfd53755d51b9fec327a33231ccf.apk

  • Size

    3.2MB

  • MD5

    8fdb3385a0725c192b85931cd5213b4c

  • SHA1

    4f8ee6473efcbe642786404184425ec5f21e4360

  • SHA256

    d16a297b20a5a637bcba76aaddbb6359a0d7dfd53755d51b9fec327a33231ccf

  • SHA512

    0558be5eafb0d9f0be231cc7377e032bc6660bdb8aba0c265ebfea7fca210b693f4ae7ae5dbade3e993949f7a1950fd1a205336ba3af8aca1d1e47eb99a967da

  • SSDEEP

    98304:R1BCeHq5Wp9OPui4HUk3GhDmdlhVm2wGMD7W2C4mbgjFfyQ+3CbfoB:R1ASgWpSkiDQlC2dIoB

Score
7/10
collectioncredential_accessdefense_evasionevasionexecutionimpactpersistence

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    defense_evasion
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.marriage.valve
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Performs UI accessibility actions on behalf of the user
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Schedules tasks to execute at a specified time
    • Checks CPU information
    • Checks memory information
    PID:4506

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.marriage.valve/app_DynamicOptDex/nSsqBoJ.json
    Filesize

    315KB

    MD5

    da6b44ae29049c9c56dd81168beeebac

    SHA1

    0d7481baa1665b1495ef5d04819bf8f0b9b33f3a

    SHA256

    2490e6d0c0fc709b585736bbb3db95b02bfcc094db2c82690dc29b1fe6d8d887

    SHA512

    cfc01f87c213dda9313a1498ff31bd72b76f764160c392056d1413fb631acb1492e81d15a9713785540ac85894cbd08f52cdc037fbc628139080a90a59fc6158

    Download Submit

  • /data/data/com.marriage.valve/app_DynamicOptDex/nSsqBoJ.json
    Filesize

    315KB

    MD5

    11ee4f621cd1de11d906dc0ee4921044

    SHA1

    5b4a8eccfdafc542615fd78e9f3df4e1359b45f8

    SHA256

    ec8b7a1ec69bbeed50bacdee1c8872c1bab0d79c769d9f7fe4ebb0e60acfe7f1

    SHA512

    4ff0e96b351b8519a652f124c788202f576b1ac0ab0eb981271296d1120e7db921122b8d2af2be6650d4d0bf2edd036b2482f6f2f94f7dd1d6e39c1f28d566ed

    Download Submit

  • /data/data/com.marriage.valve/app_DynamicOptDex/oat/x86_64/nSsqBoJ.vdex
    Filesize

    2KB

    MD5

    c7a946adff174ccab18a5c901c4f3004

    SHA1

    042e9719cf93c8b145576dc80edfd5f7f87480bf

    SHA256

    d80c1fdee8df7a03a66a123f4fe30fa256a815621eb21b40782bd3b249633246

    SHA512

    0282cfef430941508714d3940ff3ce9baaa6a5a6de07b8d4db047647cdfbaeea755e4f66e9d2d3cc0476bd15530f1833b217e722146d2d6cce61e98526924a32

    Download Submit

  • /data/user/0/com.marriage.valve/app_DynamicOptDex/nSsqBoJ.json
    Filesize

    623KB

    MD5

    939f228afb1269609c26a041af42d094

    SHA1

    e6c6b94e84ca012ba1e709764ee0f4ba7968ec47

    SHA256

    fb6003a45a5dcc9d1676745c0f09488f2d844f5ddfef510d44ccfaf7ad03363c

    SHA512

    a4e55fa7756f3efdc42be7e80f1d61568ad0f6e499444cf2ad0c937d3d808f78c7c22efb35d62be96fd3992238749bd675735c8624d65bc7b5dfe1ffc630cb26

    Download Submit