General

  • Target

    aef6feeb7fd1af99b5539e8d5a2b712a

  • Size

    1.9MB

  • Sample

    220603-gzlg6sbbd3

  • MD5

    aef6feeb7fd1af99b5539e8d5a2b712a

  • SHA1

    22754ea7447c2708420b883b567ec902ece8e56a

  • SHA256

    6fa4baef8a811f429cee4b383d7a4776b7b363b62551c8d8e0f93bad33adefbd

  • SHA512

    f4ec1af475246355ba6ea9c63b02a74742b613a6c63953ab764a7fbc4d6a66abc57d6967fba19b86d15dad08721331b94af7983c3b91ef22e84a53d262a709d6

Malware Config

Targets

    • Target

      aef6feeb7fd1af99b5539e8d5a2b712a

    • Size

      1.9MB

    • MD5

      aef6feeb7fd1af99b5539e8d5a2b712a

    • SHA1

      22754ea7447c2708420b883b567ec902ece8e56a

    • SHA256

      6fa4baef8a811f429cee4b383d7a4776b7b363b62551c8d8e0f93bad33adefbd

    • SHA512

      f4ec1af475246355ba6ea9c63b02a74742b613a6c63953ab764a7fbc4d6a66abc57d6967fba19b86d15dad08721331b94af7983c3b91ef22e84a53d262a709d6

    • BlackRock

      BlackRock is an android banker based on Xerxes banking Trojan.

    • BlackRock Payload

    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Matrix

Tasks