Analysis
-
max time kernel
138s -
max time network
154s -
platform
android-13_x64 -
resource
android-33-x64-arm64-20240910-en -
resource tags
-
submitted
28/03/2025, 22:03
General
-
Target
db44a4ae419c639b5df217a0409d166ab2cd30b5285577815c5cb9f4fdca4704.apk
-
Size
3.2MB
-
MD5
bad2ce50e2b1f3b021d3c9c26f0c6fac
-
SHA1
0d219dab5fe997d48d122741ea8795226c185715
-
SHA256
db44a4ae419c639b5df217a0409d166ab2cd30b5285577815c5cb9f4fdca4704
-
SHA512
003a0e8e398572b7fea4125f0ee2a05f33710b1d55ffc4a496f379659905486b8414ed5586edf83f052cb6162284633d257572601e8f3c4a429b9c4152f8d581
-
SSDEEP
98304:zvfWauQvPPsowBF7LLuDv+TMGyKoJX+QMDH82C4mbgjFfyaO:zGauQv2XiDAShv
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs
Application may abuse the accessibility service to prevent their removal.
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.absurd.obscure1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Performs UI accessibility actions on behalf of the user
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD5a384aceafc32d4711757b443eee02295
SHA12d282b3ab78d787888c702368902ad5667c29ddc
SHA256948c4fa73a5e7ba8ea0a282adb62638168a3bc84b1d7643b30560cdf7e8a8418
SHA51201854ac06597508e47500e54021e240cbd78a93f5e2ebddc8ef7f599f60852798393efd0b61cdea7b21ac80b9b94f52e96362d05464e095089874b063af0aefc
-
Filesize
316KB
MD5eb1abb6935f5a4d6b2072639452f69e9
SHA10c17be34448a35bc7fefbac758077cbe93c03321
SHA2568208e733bc4e721f3e7e0352ade44c19d0fdbd9add48fdaa9bd5014013288312
SHA51298fbdf9ff39fbf53ff3975944047d6d4b6259d277767e17c6c5b659a1ed13f4b37076dd7b2918701170717c3fd36104a16a0dfb4b5587b1b000818fca577ebaf
-
Filesize
316KB
MD59cb6179ead9d59818349149a9c4953a1
SHA15fbb98d57466c56586eb8145d9cd0e6862949b03
SHA256b6ca35fe9768361b5c9cf36da8fc5f827d07330ef0f72d11fbee79b945a46291
SHA5123cf7a11ab520a5daaa24ed7855872a4e519929253fbb9da3899cbca488802e762a2faae6293283bfa439a9b3b9a5b9d5d7880a11ced5fe908a1134fe362c68a4
-
Filesize
623KB
MD568bb413af94442f24515ba659ffe7f48
SHA1f9dbd05d4ec36febaf1ac84bda63f5cf77b42606
SHA256cf05f425bd8d02c2f829c5849257dfc6151c66782984136c3f69babf8880f8c5
SHA5125fb9ba804b61df42f252d7b21e76fe83491f6209e1edf240409348f585e3c91b3fc902f16e515bf42b94f892d8bd3877f86c19ca4f7baedae0820e578c51d88b