Overview

overview

7

Static

static

6

797f4340d0...79.apk

android-9-x86

7

797f4340d0...79.apk

android-10-x64

7

797f4340d0...79.apk

android-11-x64

7

Analysis

  • max time kernel
    177s
  • max time network
    188s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    29-06-2024 22:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    797f4340d0cff673693df9ed9fee921a85422bc62f2028a1551ea34075c82779.apk

  • Size

    653KB

  • MD5

    1b9d0c6eb6ad774cfb23635454c4ac0e

  • SHA1

    7408ff38f55312df7a53f8471290a60b0993b2fb

  • SHA256

    797f4340d0cff673693df9ed9fee921a85422bc62f2028a1551ea34075c82779

  • SHA512

    18091f4256ec8be0140728290267f81c3822f2fba5b384bcd7c430f09e0fc8e5b437404ab503c4e2e7614762f04dcb2b3e0522ccf0105ebf9e7894f323af144b

  • SSDEEP

    12288:4m/KI9py44zzt3czvA4lhjEjdU+L94mXu1vU8+t1:P/p9k4kxMzn1EjHGmXQvt+t1

Score
7/10
collectioncredential_accessevasionimpactpersistence

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 6 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.spacex.mmobile
    1⤵
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Checks CPU information
    • Checks memory information
    PID:4488

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.spacex.mmobile/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
    Filesize

    8B

    MD5

    99c5ad919d966b343d0e53757e5f5232

    SHA1

    c953df1a185e9385fc711dbf4fe5e5de9aadf35a

    SHA256

    b972ffa1e505376e012a0bb40c031e8eb1f6863ac7858c8554d4069f92a431d7

    SHA512

    ebadcba2b28346cd7e78bb5335528ee8b0d80e264899a7c75fd1637c24dd3a2e3fcc26fb9c0b971070e83496f3f9f88cd89e4767ed79eba246a6f2549bcc92b8

    Download Submit
  • /data/misc/profiles/cur/0/com.spacex.mmobile/primary.prof
    Filesize

    511B

    MD5

    040b1f999b0ba1f02280b98813cbf3b1

    SHA1

    14805f6b39d603573b8dcdb817055b3bb491d5d4

    SHA256

    92ab69e1f7c582953c12af0cb7bf8d347e559d08a3ad000c6471ad5966a47001

    SHA512

    ffdf8851a36fb7288625e80f5d9223d58a745358ca7fbd68eb041ed06497ed84d7fa9dfb73b7dff7a1ef749aa68d7dfe1714191ac7361c0eb217e066dac921a0

    Download Submit
  • /data/misc/profiles/cur/0/com.spacex.mmobile/primary.prof
    Filesize

    1KB

    MD5

    09d61be0559c818cf127254d110d49c5

    SHA1

    f711343f016162c7de1ce436749e4ecbd97df552

    SHA256

    20a645451dedc69b569de6f9e251824bdb4aa8ae211a69fc5b5b6d07471b2597

    SHA512

    d3ca68057de5bd57118855f7a904aea46fb64f82206833882bbcfd87f0704546fba22c2ac960189d0e21b519aae830f2ab811c2de9dc77f281571ef50f908fd0

    Download Submit