Overview

overview

7

Static

static

6

65400ac3a1...df.apk

android-9-x86

7

65400ac3a1...df.apk

android-10-x64

7

65400ac3a1...df.apk

android-11-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    152s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    28/03/2025, 22:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    65400ac3a1022ec6abc081714cfac746c6e2258cad3677886c3de83e94a22edf.apk

  • Size

    181KB

  • MD5

    2420de50566946286c16158f52e22175

  • SHA1

    bb6829705bdd5ee8779f320b6b03435d9e6cbeea

  • SHA256

    65400ac3a1022ec6abc081714cfac746c6e2258cad3677886c3de83e94a22edf

  • SHA512

    503a4bb3fb879b2e01a3be7452dff68bca425760c03a8e2c4b60eba422a055a044c32ab3cbead69f09b1f708401a592363946e5a6e3a242b675b774a1ac75c39

  • SSDEEP

    3072:Vw5f3dS5kbM599UB2xzkNG1HQLHxVzLU1hyxCreG0FffoXxLe6m8pGEm9Hm4SM4y:Vw5lS5koW2xG0wLRVkMCvXxa63Dm04SY

Score
7/10
collectioncredential_accessdefense_evasionevasionpersistence

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    defense_evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Requests enabling of the accessibility settings. 1 IoCs

Processes

  • com.kecyz.whyp
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Requests enabling of the accessibility settings.
    PID:4806

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.instagram.lite/[email protected]
    Filesize

    185KB

    MD5

    d5d995e1b2989b6aa86da9d4b225ea2d

    SHA1

    de49c4087a3c93309bae0dac3372584c820245f7

    SHA256

    f9f65f6add9c8c6d7f79152a7a18ce634ea7b725a53d818ee515b93f3d71e00d

    SHA512

    a01bcfff8a054d1c43826ce5409c1e2ba41ff8596429d3a07af457f0d4c11f067b78d0b35f50bbcad24d8607afcd39ce438e44ab49d9d351f6fed66b484a0daa

    Download Submit

  • /data/user/0/com.instagram.lite/files/Factory/Plugins/oat/classes.dex.cur.prof
    Filesize

    202B

    MD5

    a7a447a15c8981a7c3ea97724e61993a

    SHA1

    ef2d9354e29cc4a088a80ca908ea52fc0b3c3320

    SHA256

    3cc1d4af8001310a98e0b0569db49f5fce413bc56d6f71cb07a760d7380061b0

    SHA512

    cbbdab8cad4dfde65c5432ed00df499b6234706492ffa2221f39133316163acf88e5ad80bda4ad343aada09d2148330b9313c829d2cac87058b0156a822ea6cd

    Download Submit

  • /data/user/0/com.instagram.lite/oat/x86_64/[email protected]
    Filesize

    399B

    MD5

    45f9a7445bc58f0a58512fb3a471bd0e

    SHA1

    9e76a3289e9b23316eacc0687c6afb5eb4034a68

    SHA256

    f010841eb01a34839a972d0b4e99c092780511634e366b03149914df7d43a518

    SHA512

    fdc8b8c6140c7ae34c3cd0d2b43ac84c95d608eb94b6116f5ef0a228259d0d2a0870c1231b17567fb4eed0ef0c6b8cb661e49f44f7c6f937ece604036309fcd9

    Download Submit