Resubmissions

25-06-2021 19:13

210625-g3rlde4dqn 8

17-01-2021 18:18

210117-lzgtt5m89n 10

12-01-2021 14:53

210112-6aqfd4757x 10

General

  • Target

    WIFI.apk

  • Size

    2.9MB

  • Sample

    210117-lzgtt5m89n

  • MD5

    79ba96848428337e685e10b06ccc1c89

  • SHA1

    51b31827c1d961ced142a3c5f3efa2b389f9c5ad

  • SHA256

    854774a198db490a1ae9f06d5da5fe6a1f683bf3d7186e56776516f982d41ad3

  • SHA512

    ed0e788b735de1508eb387a20bff312094bb9b935c5b2d278391c01edf27550816515e60054b687f14ce04e7ccb7c46f0169a93df571abd623d4ee0b150f1f43

Malware Config

Extracted

AES_key
AES_key

Targets

    • Target

      WIFI.apk

    • Size

      2.9MB

    • MD5

      79ba96848428337e685e10b06ccc1c89

    • SHA1

      51b31827c1d961ced142a3c5f3efa2b389f9c5ad

    • SHA256

      854774a198db490a1ae9f06d5da5fe6a1f683bf3d7186e56776516f982d41ad3

    • SHA512

      ed0e788b735de1508eb387a20bff312094bb9b935c5b2d278391c01edf27550816515e60054b687f14ce04e7ccb7c46f0169a93df571abd623d4ee0b150f1f43

    • Reads device subscriber ID

      Uses Android APIs to read subscriber ID (IMSI on GSM devices).

    • Removes its main activity from the application launcher

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Checks Android system properties for emulator presence.

    • Reads name of network operator

      Uses Android APIs to discover system information.

    • Reads serial number of SIM

    • Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Matrix

Tasks