Overview

overview

7

Static

static

6

797f4340d0...79.apk

android-9-x86

7

797f4340d0...79.apk

android-10-x64

7

797f4340d0...79.apk

android-11-x64

7

Analysis

  • max time kernel
    177s
  • max time network
    186s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    29-06-2024 22:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    797f4340d0cff673693df9ed9fee921a85422bc62f2028a1551ea34075c82779.apk

  • Size

    653KB

  • MD5

    1b9d0c6eb6ad774cfb23635454c4ac0e

  • SHA1

    7408ff38f55312df7a53f8471290a60b0993b2fb

  • SHA256

    797f4340d0cff673693df9ed9fee921a85422bc62f2028a1551ea34075c82779

  • SHA512

    18091f4256ec8be0140728290267f81c3822f2fba5b384bcd7c430f09e0fc8e5b437404ab503c4e2e7614762f04dcb2b3e0522ccf0105ebf9e7894f323af144b

  • SSDEEP

    12288:4m/KI9py44zzt3czvA4lhjEjdU+L94mXu1vU8+t1:P/p9k4kxMzn1EjHGmXQvt+t1

Score
7/10
collectioncredential_accessdiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 6 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.spacex.mmobile
    1⤵
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:4982

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.spacex.mmobile/files/profileInstalled
    Filesize

    24B

    MD5

    444d6d8f05ba632bd797c8fb41ae2f0f

    SHA1

    755c3f55515b333422cd95778aae6398a0ebf02b

    SHA256

    847bc963038ae89db9ffbb4f8011007c3eef745e20ba129dd55c95f16ee8caa8

    SHA512

    6a82fd1d6d2d09ef35852321ef3b6a50781c08334aaa03a293e4747fbc9e3a4ecd10a5c800fb658423878996e9ff9ca45f2c9e5f0047607f1a5a78fe6c1a88d3

    Download Submit
  • /data/data/com.spacex.mmobile/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
    Filesize

    8B

    MD5

    c0922e27aaabe9775c96d30da9a0492d

    SHA1

    3ad68196c1ee06b4fdec0b3dde9747363022891f

    SHA256

    b83ab22ef2cd6008e8518734746d988254e3f94210f587bd26bedf1c3dccc37a

    SHA512

    89b4790e63dd30162579989e2164ac30174bd2e3cbd712cc589c84bfde1139bce3a76112c1d549e8e65b04cf7253b8f418ffe663e5e8e678d49cc2bf982aa87d

    Download Submit
  • /data/misc/profiles/cur/0/com.spacex.mmobile/primary.prof
    Filesize

    511B

    MD5

    040b1f999b0ba1f02280b98813cbf3b1

    SHA1

    14805f6b39d603573b8dcdb817055b3bb491d5d4

    SHA256

    92ab69e1f7c582953c12af0cb7bf8d347e559d08a3ad000c6471ad5966a47001

    SHA512

    ffdf8851a36fb7288625e80f5d9223d58a745358ca7fbd68eb041ed06497ed84d7fa9dfb73b7dff7a1ef749aa68d7dfe1714191ac7361c0eb217e066dac921a0

    Download Submit
  • /data/misc/profiles/cur/0/com.spacex.mmobile/primary.prof
    Filesize

    1KB

    MD5

    8ca1f7fbd9a53cbb095d4a43c7ee7df1

    SHA1

    3596d4e9bfa5b78b9e64d6ed5de707e9c34014d6

    SHA256

    f815269081aba7d155c8d757a65b9def20f346747e2d26779a25f54aa7c0dd68

    SHA512

    8cee7647d0fbb27ffaeb200f2308176b1c0b0edebad132d6b125b2bc98baf1a60085e6bc1ec842021850ecbc81216b4880e87f32d24cfa33200b421516fc6012

    Download Submit
  • /data/misc/profiles/cur/0/com.spacex.mmobile/primary.prof
    Filesize

    1KB

    MD5

    2b554e2857746d238213d8ed97b8b1b6

    SHA1

    7ac8ab68181842000f5052f49e4962377121b237

    SHA256

    99aaba6ed80a95dc680f7f3c830cbdd4ea9c390d4a8e72f3c863afea15fea44e

    SHA512

    3c0a81d32d82419c1aa898f072a134ef4df5b898f05c58afda11fc25fb4270a5cd9cb684d7abefe4c6056603f9bce088aac7c18e32d939a9ce2ab52286f5af42

    Download Submit