Analysis
-
max time kernel
177s -
max time network
186s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
29-06-2024 22:07
Static task
static1
Behavioral task
behavioral1
Sample
797f4340d0cff673693df9ed9fee921a85422bc62f2028a1551ea34075c82779.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
797f4340d0cff673693df9ed9fee921a85422bc62f2028a1551ea34075c82779.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
797f4340d0cff673693df9ed9fee921a85422bc62f2028a1551ea34075c82779.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
797f4340d0cff673693df9ed9fee921a85422bc62f2028a1551ea34075c82779.apk
-
Size
653KB
-
MD5
1b9d0c6eb6ad774cfb23635454c4ac0e
-
SHA1
7408ff38f55312df7a53f8471290a60b0993b2fb
-
SHA256
797f4340d0cff673693df9ed9fee921a85422bc62f2028a1551ea34075c82779
-
SHA512
18091f4256ec8be0140728290267f81c3822f2fba5b384bcd7c430f09e0fc8e5b437404ab503c4e2e7614762f04dcb2b3e0522ccf0105ebf9e7894f323af144b
-
SSDEEP
12288:4m/KI9py44zzt3czvA4lhjEjdU+L94mXu1vU8+t1:P/p9k4kxMzn1EjHGmXQvt+t1
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Acquires the wake lock 1 IoCs
Processes:
com.spacex.mmobiledescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.spacex.mmobile -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
com.spacex.mmobiledescription ioc process Framework service call android.app.IActivityManager.setServiceForeground com.spacex.mmobile -
Performs UI accessibility actions on behalf of the user 1 TTPs 6 IoCs
Application may abuse the accessibility service to prevent their removal.
Processes:
com.spacex.mmobileioc process android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.spacex.mmobile android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.spacex.mmobile android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.spacex.mmobile android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.spacex.mmobile android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.spacex.mmobile android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.spacex.mmobile -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.spacex.mmobiledescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.spacex.mmobile -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.spacex.mmobiledescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.spacex.mmobile -
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.spacex.mmobile1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.spacex.mmobile/files/profileInstalledFilesize
24B
MD5444d6d8f05ba632bd797c8fb41ae2f0f
SHA1755c3f55515b333422cd95778aae6398a0ebf02b
SHA256847bc963038ae89db9ffbb4f8011007c3eef745e20ba129dd55c95f16ee8caa8
SHA5126a82fd1d6d2d09ef35852321ef3b6a50781c08334aaa03a293e4747fbc9e3a4ecd10a5c800fb658423878996e9ff9ca45f2c9e5f0047607f1a5a78fe6c1a88d3
-
/data/data/com.spacex.mmobile/files/profileinstaller_profileWrittenFor_lastUpdateTime.datFilesize
8B
MD5c0922e27aaabe9775c96d30da9a0492d
SHA13ad68196c1ee06b4fdec0b3dde9747363022891f
SHA256b83ab22ef2cd6008e8518734746d988254e3f94210f587bd26bedf1c3dccc37a
SHA51289b4790e63dd30162579989e2164ac30174bd2e3cbd712cc589c84bfde1139bce3a76112c1d549e8e65b04cf7253b8f418ffe663e5e8e678d49cc2bf982aa87d
-
/data/misc/profiles/cur/0/com.spacex.mmobile/primary.profFilesize
511B
MD5040b1f999b0ba1f02280b98813cbf3b1
SHA114805f6b39d603573b8dcdb817055b3bb491d5d4
SHA25692ab69e1f7c582953c12af0cb7bf8d347e559d08a3ad000c6471ad5966a47001
SHA512ffdf8851a36fb7288625e80f5d9223d58a745358ca7fbd68eb041ed06497ed84d7fa9dfb73b7dff7a1ef749aa68d7dfe1714191ac7361c0eb217e066dac921a0
-
/data/misc/profiles/cur/0/com.spacex.mmobile/primary.profFilesize
1KB
MD58ca1f7fbd9a53cbb095d4a43c7ee7df1
SHA13596d4e9bfa5b78b9e64d6ed5de707e9c34014d6
SHA256f815269081aba7d155c8d757a65b9def20f346747e2d26779a25f54aa7c0dd68
SHA5128cee7647d0fbb27ffaeb200f2308176b1c0b0edebad132d6b125b2bc98baf1a60085e6bc1ec842021850ecbc81216b4880e87f32d24cfa33200b421516fc6012
-
/data/misc/profiles/cur/0/com.spacex.mmobile/primary.profFilesize
1KB
MD52b554e2857746d238213d8ed97b8b1b6
SHA17ac8ab68181842000f5052f49e4962377121b237
SHA25699aaba6ed80a95dc680f7f3c830cbdd4ea9c390d4a8e72f3c863afea15fea44e
SHA5123c0a81d32d82419c1aa898f072a134ef4df5b898f05c58afda11fc25fb4270a5cd9cb684d7abefe4c6056603f9bce088aac7c18e32d939a9ce2ab52286f5af42