Analysis
-
max time kernel
1450942s -
max time network
95s -
platform
android_x64 -
resource
android-x64-20220823-en -
resource tags
androidarch:x64arch:x86image:android-x64-20220823-enlocale:en-usos:android-10-x64system -
submitted
19-09-2022 15:59
Static task
static1
Behavioral task
behavioral1
Sample
WF1662041024814SabadellCodigo.apk
Resource
android-x86-arm-20220823-en
Behavioral task
behavioral2
Sample
WF1662041024814SabadellCodigo.apk
Resource
android-x64-20220823-en
Behavioral task
behavioral3
Sample
WF1662041024814SabadellCodigo.apk
Resource
android-x64-arm64-20220823-en
General
-
Target
WF1662041024814SabadellCodigo.apk
-
Size
1.8MB
-
MD5
9684d24ffe9e59e9c1409024853be74e
-
SHA1
250d07eba297fd6b7e25098afa54e639ca6ebe82
-
SHA256
4190086d57c7220cdb97e572cb512c90ffd882c33c4b0c6f545138b5e907e9e8
-
SHA512
9ea6404cb077a4899852bfb74f3da4e9b48d1ebdac652c6fcce8913e6656cdf8613aaceac73b48ef9e66ab0d036c449bd81643b5f95d242d3dffb456963b26da
-
SSDEEP
49152:UvcNLHOMjemjrFX5UV3ubT29zyHowu7QHKCs1wwa:UvcNLHOMjemfFpUkbT287u7Qsg
Malware Config
Signatures
-
Brata
Brata is a banking trojan malware first seen in 2019.
-
Brata payload 1 IoCs
Processes:
resource yara_rule sample family_brata -
Requests dangerous framework permissions 10 IoCs
Processes:
description ioc Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE Allows an application to read SMS messages. android.permission.READ_SMS Allows an application to send SMS messages. android.permission.SEND_SMS Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION Allows an application to receive SMS messages. android.permission.RECEIVE_SMS Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.sabadel.codigo.app/cache/1Filesize
2.4MB
MD5bf5737d2cc1628fc189f4f6b4087b93a
SHA11a6fb8041ceea7f67677bd319135152fdc358eac
SHA2567b0740a5fbe1837fadfd2859e06867139d99d0e75f684d781ccc8f371cbb9e41
SHA512a8754011b0b43a6fa87a68453f5c0c9844066c2e6d3035bf3624499a826244173334199c324d4321b68553ff8b097a901c9a9bf866c59c9c61c0fbf327e1b3b8
-
/data/user/0/com.sabadel.codigo.app/cache/2Filesize
2.4MB
MD5bf5737d2cc1628fc189f4f6b4087b93a
SHA11a6fb8041ceea7f67677bd319135152fdc358eac
SHA2567b0740a5fbe1837fadfd2859e06867139d99d0e75f684d781ccc8f371cbb9e41
SHA512a8754011b0b43a6fa87a68453f5c0c9844066c2e6d3035bf3624499a826244173334199c324d4321b68553ff8b097a901c9a9bf866c59c9c61c0fbf327e1b3b8
-
/data/user/0/com.sabadel.codigo.app/cache/~test.testFilesize
4B
MD5098f6bcd4621d373cade4e832627b4f6
SHA1a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA2569f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff
-
/data/user/0/com.sabadel.codigo.app/files/shared/tmp.apkFilesize
2.4MB
MD5bf5737d2cc1628fc189f4f6b4087b93a
SHA11a6fb8041ceea7f67677bd319135152fdc358eac
SHA2567b0740a5fbe1837fadfd2859e06867139d99d0e75f684d781ccc8f371cbb9e41
SHA512a8754011b0b43a6fa87a68453f5c0c9844066c2e6d3035bf3624499a826244173334199c324d4321b68553ff8b097a901c9a9bf866c59c9c61c0fbf327e1b3b8