Overview

overview

7

Static

static

6

65400ac3a1...df.apk

android-9-x86

7

65400ac3a1...df.apk

android-10-x64

7

65400ac3a1...df.apk

android-11-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    165s
  • platform
    android-10_x64
  • resource
    android-x64-20240910-en
  • resource tags

    arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
  • submitted
    28/03/2025, 22:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    65400ac3a1022ec6abc081714cfac746c6e2258cad3677886c3de83e94a22edf.apk

  • Size

    181KB

  • MD5

    2420de50566946286c16158f52e22175

  • SHA1

    bb6829705bdd5ee8779f320b6b03435d9e6cbeea

  • SHA256

    65400ac3a1022ec6abc081714cfac746c6e2258cad3677886c3de83e94a22edf

  • SHA512

    503a4bb3fb879b2e01a3be7452dff68bca425760c03a8e2c4b60eba422a055a044c32ab3cbead69f09b1f708401a592363946e5a6e3a242b675b774a1ac75c39

  • SSDEEP

    3072:Vw5f3dS5kbM599UB2xzkNG1HQLHxVzLU1hyxCreG0FffoXxLe6m8pGEm9Hm4SM4y:Vw5lS5koW2xG0wLRVkMCvXxa63Dm04SY

Score
7/10
collectioncredential_accessdefense_evasionevasionpersistence

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    defense_evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence

Processes

  • com.kecyz.whyp
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:5061

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.instagram.lite/files/Factory/Plugins/oat/classes.dex.cur.prof
    Filesize

    185B

    MD5

    d5fa0640bd1314216fe8e2090bf218b5

    SHA1

    ede08a7c93dffffc94517b946f36bdcd18dea5ca

    SHA256

    824c433247e90b0ee832df423db2274b4b464013a6e09f979520a513067f54e2

    SHA512

    324dd95574ea2cb5fb19def1e8f6f5f58009e56c5d776aff9a19e54186f978df48fa393dc57e22c0e63b6a5036a7900e9ba20d469f51b49a8a95e55238680bac

    Download Submit

  • /data/data/com.instagram.lite/oat/x86_64/[email protected]
    Filesize

    158B

    MD5

    f0b8c41be6b4ab367cf1eb99ebda4970

    SHA1

    0adf2efcac02d7176db7ebe778a7bfc26f1fc25e

    SHA256

    689a2f1462acb33f04a8a98373775f5973e1f1161255818a9c13f52140a813b8

    SHA512

    be70dcc12b477df6df00c5dabacc9fe1257e23a3fc1ec447d2f3ecc630c8ddf2d0a0ef148468915049ab1c0d66eac62865754209f45404d29026c1dd1254c12d

    Download Submit

  • /data/user/0/com.instagram.lite/[email protected]
    Filesize

    185KB

    MD5

    d5d995e1b2989b6aa86da9d4b225ea2d

    SHA1

    de49c4087a3c93309bae0dac3372584c820245f7

    SHA256

    f9f65f6add9c8c6d7f79152a7a18ce634ea7b725a53d818ee515b93f3d71e00d

    SHA512

    a01bcfff8a054d1c43826ce5409c1e2ba41ff8596429d3a07af457f0d4c11f067b78d0b35f50bbcad24d8607afcd39ce438e44ab49d9d351f6fed66b484a0daa

    Download Submit