Overview

overview

10

Static

static

10

3d0b116b42...62.apk

android-9-x86

8

3d0b116b42...62.apk

android-10-x64

8

3d0b116b42...62.apk

android-11-x64

8

Analysis

  • max time kernel
    18s
  • max time network
    162s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    31/03/2025, 22:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3d0b116b42347ab9b5bc72f04bff4b565a37834c6543d2abdffb99155a58d162.apk

  • Size

    4.6MB

  • MD5

    876bb65bc6fe889a09720344549bc468

  • SHA1

    71ccb192c70fcd1cdc33f0d9e697a984f9e2995f

  • SHA256

    3d0b116b42347ab9b5bc72f04bff4b565a37834c6543d2abdffb99155a58d162

  • SHA512

    3de1bf3122405e971b23609d3cb43ad64b03e238015eb725e80280fc3f49934fcbe35ed6680403b8afeb125c9dd749dd56e4531e28176116a65f5b468fa38efa

  • SSDEEP

    98304:J0OZrX8fITxvMCMJsSm3lCEXhQ2mV28iT1Zu1D0/cnmYLhGIHfrbmZFOrB:JTZT2CMJsSXEBC28ujmg0mYLhGBOF

Score
8/10
bankercollectioncredential_accessdefense_evasiondiscoveryevasionpersistencestealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
    collection
  • Reads the content of the calendar entry data. 1 TTPs 1 IoCs
    collection
  • Reads the content of the call log. 1 TTPs 1 IoCs
    collection
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoverydefense_evasion
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    defense_evasionpersistence
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    defense_evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    defense_evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence

Processes

  • com.tencent.mm
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Queries account information for other applications stored on the device
    • Reads the contacts stored on the device.
    • Reads the content of the calendar entry data.
    • Reads the content of the call log.
    • Requests cell location
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4217

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Execution Guardrails

1
T1627

Geofencing

1
T1627.001

Foreground Persistence

1
T1541

Hide Artifacts

3
T1628

Suppress Application Icon

1
T1628.001

User Evasion

2
T1628.002

Input Injection

1
T1516

Credential Access

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Location Tracking

1
T1430

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Location Tracking

1
T1430

Protected User Data

3
T1636

Calendar Entries

1
T1636.001

Call Log

1
T1636.002

Contact List

1
T1636.003

Screen Capture

1
T1513

Stored Application Data

1
T1409

Command and Control

Exfiltration

Impact

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tencent.mm/databases/Dname-journal
    Filesize

    512B

    MD5

    a2578bc52857d8dea3ba39c99b9248f3

    SHA1

    ae8c4712f66867697d03a24b2e86b40756176e59

    SHA256

    5177f9f8871df7b8e00f9fd8b896cc28eaf722ce6db79060d364dc50bb26d514

    SHA512

    1ee83dff4f5d6d8231195a9e66598ea2619a1d9555dfe11210b0329609444431501bf54999e748ed9ef425892b749107fded9b9d99c45fe1e7baee3a0fbfd3f0

    Download Submit

  • /data/data/com.tencent.mm/databases/Dname-wal
    Filesize

    60KB

    MD5

    8f8e373ab6a1d67c3e007365455a34f5

    SHA1

    9aec46604cc25484935e67158cf2b517dfc91b6f

    SHA256

    f9170e9a04605bbf2b7c6a35e126ab5f0a6d9af0f94293b64499ab4dd84ff1b3

    SHA512

    a58ff501566b56d64cb49a41a75a3d3e4ba4643030f9d6cf9543a397bee296fae490e1bd317835c3d72fb077170b940fd2c6da9e50cc654404c39d5c14926983

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    512B

    MD5

    b8c013fca8a6bd242d5d6b2589ea9d81

    SHA1

    c6919296643ff186c82b4db8ad6ea1bb38ab99f0

    SHA256

    c6b21a6fda82373b6408fbfc1cdff28a31143072a1102691383fcb8dc2680c99

    SHA512

    5661f5aab6bab180fc56aa342a34b46eafb9d01f80934461cc4c4a86a12cb44170aa376a794abd0a700a32063affd56d1544601d52f0438929cedba21e0339f8

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-wal
    Filesize

    32KB

    MD5

    57b6e8a85b5389680b3d89083dfd7ebd

    SHA1

    86c52c4be74bc09c8be922ad1d51a2c000ec6b52

    SHA256

    fe1bcb44b878d139bb6293317c4d4d36d29670786add7abb2319629268cd7cf2

    SHA512

    ef43823197f72816a06a6f250f5dad66ca49a2b88b49ff21327504984cc68a0994723bd59a786b45851112abd6ddf492181edaf683759a6b67a52d97069844b8

    Download Submit

  • /data/data/com.tencent.mm/files/CallLogs.txt
    Filesize

    3B

    MD5

    58e0494c51d30eb3494f7c9198986bb9

    SHA1

    cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d

    SHA256

    37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570

    SHA512

    b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

    Download Submit

  • /data/data/com.tencent.mm/files/GP.txt
    Filesize

    116B

    MD5

    18c2ccd7cdc41621137eff6079abc278

    SHA1

    2ba91cec9de0aefba6f1726781fb64293e4f262d

    SHA256

    2bab63b4aa451ebd1a574509d90828619914feb7ff33365b087be498c8f518b8

    SHA512

    0029ef8d9ccd5f6dbdc9c1a6297b67bbd1df220d9d5ac305ee933d0dbf47da5cd61d604ba6e0bda27c7d614714abdf70c7c90f93e599976733089de7ee6e9e2a

    Download Submit

  • /data/data/com.tencent.mm/files/GP.txt
    Filesize

    126B

    MD5

    ee282e0b8f81c571ef2dd22467356c56

    SHA1

    3b81d3c6288f3cd35660cf946a94dc5a4b07c10f

    SHA256

    db0e3ad9aee2c973bc20e46d17ecb87bfcfffafa1f7b1efe231822c9605968a5

    SHA512

    fc3a9c5555e31f9346d99f1e354e62ca81e32968ff1138b09b39b7ae1da3866277ed50329f89e701b17ae4ffb940ee5106d6045f112a581c15089a3101958bc7

    Download Submit

  • /data/data/com.tencent.mm/files/Tree.txt
    Filesize

    282B

    MD5

    b3f6898d5216d2954ee54680faf08486

    SHA1

    cc6c2ccab0b8fa9c2fe3e2669e54010b5ba83e59

    SHA256

    2ff7d7471165290330bfb80baf088887e2eeb1ff9b6b7ea4259661d688d7877e

    SHA512

    b50e8831742d97e7b1135e6a8d63a905633f5dfdbf5168dde8ce7fdc677a4496c9ae58e17fbf811eb51625815e6cc6ee6e141f1d4e0d224af21d031147efe9f3

    Download Submit

  • /data/data/com.tencent.mm/files/accounts.txt
    Filesize

    2B

    MD5

    d751713988987e9331980363e24189ce

    SHA1

    97d170e1550eee4afc0af065b78cda302a97674c

    SHA256

    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

    SHA512

    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

    Download Submit

  • /data/data/com.tencent.mm/files/netinfo.txt
    Filesize

    609B

    MD5

    91becd6867267482ffb6f8a6360310b1

    SHA1

    1cc7c28b0fa71239fabbb08fdffe6e9a2f0105c6

    SHA256

    f54510a43f798147e4575d62fe1eac95aa8a4ff45a3ba93908fc48200fcc71d6

    SHA512

    15645291f4479e7086be7e3cb19e88e8be04f4c42a53c372c2d03665d80fe97d2f9391b647ab17675195893de6cdd0560c302f0b01af3fa2f07ef9bbf23d5b06

    Download Submit

  • /data/data/com.tencent.mm/files/netinfo.txt
    Filesize

    609B

    MD5

    eb3349745bb5f93594fe3c24d3684c49

    SHA1

    d6290a55e8e9371309eb9361c76610878629a802

    SHA256

    8c604b543d3004979d171fd60fe4f2e8d672eb86c6973f6990d4649385f4c457

    SHA512

    7962b915b88eb417f8ed62c91c8c652e2dac58629173b89213ebc0839e254490da648e42a6494be06ec5f173ce30b3e5c4471885e63bfa8524058416bfc92eb0

    Download Submit

  • /data/data/com.tencent.mm/files/pkinfo.txt
    Filesize

    5KB

    MD5

    9857c0caa99fde5d0bf47c0ee0fd821b

    SHA1

    ef4629899e6ebbdbaf45ca4885f5b960da25538f

    SHA256

    d68311a5561ada62ee327cda3a9b29c41ed0d7bc16586f9af6d5595a96d497a8

    SHA512

    312c11c7b41384fd5a7ef466f06813c09f6c661ade0ed4ffe6e8e88969f2ba31257a90333b13ce8d4b2ab0692318b638f06aecfea11aeb2df3739580e635a148

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2025-03-31.txt
    Filesize

    267B

    MD5

    2fea6fcd7b73787ea80ce21066f22bb5

    SHA1

    c31ad28bebaa4436e3f66b518e708fd60f145164

    SHA256

    917032a07f9e4b0e36b58f89001e310b87d6a3b8ba3b9249014026a0ff8d2113

    SHA512

    9cf2f442ea6a7b6057a7cf51c1546671e873c6c3bcdb5796e35aa66fed2c791de375ceb594abb83620c0c8a98ae5c6cf6d399e0647191aa7ab8a897d0e737af6

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2025-03-31.txt
    Filesize

    12B

    MD5

    e48057c3603c907cacbe1568a7dbfc41

    SHA1

    6e100086b53e20e499a9be069aa1b452faf82ba3

    SHA256

    4b36685dbf772b2de007f4c98f824966f4f3a132075692d3d3d8f11e84e5468e

    SHA512

    787e1140832e8c308039f0287ee801c00040544d5241425b0c0c8e8dc19ecf3feefa50706723f7a21be209c13b24ab3dbe0691ec42118fdfe18611b13155fb9a

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2025-03-31.txt
    Filesize

    12B

    MD5

    a9256f55737b655c8cff95418411997c

    SHA1

    d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24

    SHA256

    bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412

    SHA512

    10d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574

    Download Submit

  • /storage/emulated/0/sysdata/sysinfo0
    Filesize

    4KB

    MD5

    3748dfbaeae0d43d38471f14e4321dcd

    SHA1

    a5a6dcb2e325479cb25a44cb66216e09a843666c

    SHA256

    4830f1d48d41c7725686901a2d4f93a8ea722f6160dfecc6815ac85598e361db

    SHA512

    bde4b86489abafb3a5aff955ce232367044b6fdf106ea02847c3dbd78e49a02dd7c63bf82c26a3b630962aad16a877ece85af74608909a37a89b0591e012625c

    Download Submit

  • /storage/emulated/0/sysdata/sysinfo0
    Filesize

    3KB

    MD5

    514d884ca8bb12d1b8f440f3e64c3f9f

    SHA1

    6242b72c85ce2a287e95fb2522afe1f559b277aa

    SHA256

    5a9b87d66daf4ad4791d980d9c3270c7806bc18c89e323472a500fb8ebfefc5e

    SHA512

    c18018ecb5742753f72dbe369c6f21b391b514a3d0dda2ef404cd53be299c42f3c774c7bec085d7c5713d42cf0fdb2f9e629d6cf5d635d3ca9271147e8420ac2

    Download Submit

  • /storage/emulated/0/sysdata/sysinfo1
    Filesize

    7KB

    MD5

    effbc10b41f027e5c2130835d524c99d

    SHA1

    affb65361d7a36d00e402ad869696578b5ac3259

    SHA256

    566fb91b6bf186c05c4ec051aa2e2802961cbb158df24a8fecaa0678febece84

    SHA512

    b2ddd0142a80663097e9b71d8d654d88382ef8f765c92f0c8fbf600f1174cb1b1e9e61088f954e609e6d2402fd4750b88945af7c1080018b991f2e6e6d9ad52a

    Download Submit