Analysis
-
max time kernel
149s -
max time network
160s -
platform
android-9_x86 -
resource
android-x86-arm-20240910-en -
resource tags
-
submitted
28/03/2025, 22:02
General
-
Target
65400ac3a1022ec6abc081714cfac746c6e2258cad3677886c3de83e94a22edf.apk
-
Size
181KB
-
MD5
2420de50566946286c16158f52e22175
-
SHA1
bb6829705bdd5ee8779f320b6b03435d9e6cbeea
-
SHA256
65400ac3a1022ec6abc081714cfac746c6e2258cad3677886c3de83e94a22edf
-
SHA512
503a4bb3fb879b2e01a3be7452dff68bca425760c03a8e2c4b60eba422a055a044c32ab3cbead69f09b1f708401a592363946e5a6e3a242b675b774a1ac75c39
-
SSDEEP
3072:Vw5f3dS5kbM599UB2xzkNG1HQLHxVzLU1hyxCreG0FffoXxLe6m8pGEm9Hm4SM4y:Vw5lS5koW2xG0wLRVkMCvXxa63Dm04SY
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 4 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Acquires the wake lock 1 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs
Application may abuse the accessibility service to prevent their removal.
-
Requests enabling of the accessibility settings. 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes
-
com.kecyz.whyp1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
- Requests enabling of the accessibility settings.
- Registers a broadcast receiver at runtime (usually for listening for system events)
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.instagram.lite/files/Factory/Plugins/classes.dex --output-vdex-fd=43 --oat-fd=44 --oat-location=/data/user/0/com.instagram.lite/files/Factory/Plugins/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
182B
MD5bf310c7db7b381baae19317cfb4018f7
SHA19ad71e2be5f523712424f68c4526d997ab619dbd
SHA256a52856e04681705a78f620b66c05caa5e9e3c10ddac2288f15d565ef0fdeb556
SHA51294809139a801c6e58345ffbc71677edf2d473764e94bc02e296e93b2e09ca25728224a2d7131ce201dbbf39e7b8d9f3c519bea2965bcf9a02789966cec9e1772
-
Filesize
185KB
MD5b07a367259479d1ca5f13306503ad418
SHA1e19f11b2408e8cd9debcc1e88ae5cbb16198cca6
SHA25654b91bab68cf774873ac9992aff206faf85e8ca2307c7945205ce5847d0e7506
SHA51296635d5434c05b426eb090ce20b03fec11e3c062bb4258119309fcaf11b0d4bd5e6817030d0dc08d5dddea6f931bb718756e2932cca983fe05f7a62a2ffb5fe7
-
Filesize
185KB
MD5d5d995e1b2989b6aa86da9d4b225ea2d
SHA1de49c4087a3c93309bae0dac3372584c820245f7
SHA256f9f65f6add9c8c6d7f79152a7a18ce634ea7b725a53d818ee515b93f3d71e00d
SHA512a01bcfff8a054d1c43826ce5409c1e2ba41ff8596429d3a07af457f0d4c11f067b78d0b35f50bbcad24d8607afcd39ce438e44ab49d9d351f6fed66b484a0daa