Overview

overview

10

Static

static

10

2a0aa9a4d8...dc.apk

android-9-x86

7

2a0aa9a4d8...dc.apk

android-10-x64

7

2a0aa9a4d8...dc.apk

android-11-x64

10

Analysis

  • max time kernel
    86s
  • max time network
    150s
  • platform
    android-10_x64
  • resource
    android-x64-20240910-en
  • resource tags

    arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
  • submitted
    10/04/2025, 22:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2a0aa9a4d8c463263f1468d7c628f10bb88187bca9fe142a0ec46547e313b1dc.apk

  • Size

    3.5MB

  • MD5

    72269ae101634d02b44eb1e81e3909c1

  • SHA1

    684c6fa80328c7d2fb7973dcd3c41451f58d3a34

  • SHA256

    2a0aa9a4d8c463263f1468d7c628f10bb88187bca9fe142a0ec46547e313b1dc

  • SHA512

    acf489e5f464eae13f99a0b72ed8115b76ab08b67627b33a5463d4ae6619a31fe2f43a13dc844527804933a9793e8b471cdd201fdc97f40852ec55a27348ce8f

  • SSDEEP

    49152:8gW7Vs7LxArmZtTGbeLcqacA1u2p6sXETE7TJTOh+xoVECnJMzvvS9jz0o/6F:w67LxA+NGbeLn4pZz7ghIoVErLYjQN

Score
7/10
collectioncredential_accessdefense_evasiondiscoverypersistence

Malware Config

Signatures

  • Checks known Qemu pipes. 1 TTPs 14 IoCs

    Checks for known pipes used by the Android emulator to communicate with the host.

    defense_evasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Queries information about running processes on the device 1 TTPs 7 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Acquires the wake lock 3 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 3 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    defense_evasionpersistence
  • Reads information about phone network operator. 1 TTPs
    discovery

Processes

  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Queries information about running processes on the device
    PID:5092
  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Queries information about running processes on the device
    PID:5162
  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    PID:5232
  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Queries information about running processes on the device
    PID:5336
  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Makes use of the framework's Accessibility service
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    PID:5389
  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Queries information about running processes on the device
    PID:5466
  • com.example.mysoul
    1⤵
    • Checks known Qemu pipes.
    • Makes use of the framework's Accessibility service
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    PID:5518

Network

MITRE ATT&CK Mobile v16

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.example.mysoul/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.example.mysoul/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    abe7feb4be8dad174ee405ace27c8f6a

    SHA1

    bc21270cdf31dc680cc1b739299d7f1b1ea7ed4a

    SHA256

    c5139921f6c11bd993916b9e81ba9f6f6c73792d9634b7fa45fa3aa1524fbfe8

    SHA512

    ac23a5dbbc9e97328a1381a23867d555a07af51f7fccb552f1cd41865888d87f83baa442a20f7c3398398df71668608c3470b5825c49529910f1541f40bcf663

    Download Submit

  • /data/data/com.example.mysoul/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    7b7adbd7b1a7f09c07b118789eab882b

    SHA1

    af5520ae9214d84db92dfed39404e7011865e0a9

    SHA256

    30da0b23c2bb4d8f96893cbbc89680d387f6f25e8f8e8b7749cc6653cc7ac1d2

    SHA512

    06144a460994de71b2fff0607c34fceb37cc4b856532976a262bcc7a1ec528b22a39d4eba5e41fde270f618dd669f0e9be0041991371f20a4de18e87a9b86ba7

    Download Submit

  • /data/data/com.example.mysoul/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    a8b459ed3dd4f817284e8fa3f695bf71

    SHA1

    5cbb63af0aec52a8e82ab4abae2c93a4abe12030

    SHA256

    2f99be34d0079cdde64cf621240382c017e105b76ead998c6a31ae51e4248951

    SHA512

    ce32fdaaec36630df43399b254f6150df705181e66553eb2695162a577e63172dfd3fd61c608917fb327a441c183f6bc38b351cecbf939d15432cf397ede1efb

    Download Submit