0b72c22517fdefd4cf0466d8d4c634ca73b7667d378be688efe131af4ac3aed8 | Triage

Resubmissions

22-11-2023 16:15

231122-tqbyladf25 10

06-02-2023 11:15

230206-ncz6dadf55 8

01-02-2023 07:34

230201-jd4sqsec2s 8

Sharing

General

Target

0b72c22517fdefd4cf0466d8d4c634ca73b7667d378be688efe131af4ac3aed8_unpacked.zip
Size

7.2MB
Sample

230206-ncz6dadf55
MD5

ec9f857999b4fc3dd007fdb786b7a8d1
SHA1

3fa48a36d22d848ad111b246ca94fa58088dbb7a
SHA256

0b72c22517fdefd4cf0466d8d4c634ca73b7667d378be688efe131af4ac3aed8
SHA512

51d9965e08fa3f5cd8850df3f2dd8503c47ce9f3668b2ae90d3560cc16acd0d4d1b3bbed651d957bc41ea7595a527a00b9c600b3726faa6095af380019e3d1e0
SSDEEP

98304:vDdInEpAOdLl2DfGjOmP34z09nmw3xAZMV8JiDQeZgUGdh0fr33dmh++0oEHi6Pz:5gE7tf3u09nmiOZmDid9h+CFZMXmwfXR

Score

8^/10

android banker evasion ransomware

Malware Config

Targets

- Target
  
  0b72c22517fdefd4cf0466d8d4c634ca73b7667d378be688efe131af4ac3aed8_unpacked.zip
- Size
  
  7.2MB
- MD5
  
  ec9f857999b4fc3dd007fdb786b7a8d1
- SHA1
  
  3fa48a36d22d848ad111b246ca94fa58088dbb7a
- SHA256
  
  0b72c22517fdefd4cf0466d8d4c634ca73b7667d378be688efe131af4ac3aed8
- SHA512
  
  51d9965e08fa3f5cd8850df3f2dd8503c47ce9f3668b2ae90d3560cc16acd0d4d1b3bbed651d957bc41ea7595a527a00b9c600b3726faa6095af380019e3d1e0
- SSDEEP
  
  98304:vDdInEpAOdLl2DfGjOmP34z09nmw3xAZMV8JiDQeZgUGdh0fr33dmh++0oEHi6Pz:5gE7tf3u09nmiOZmDid9h+CFZMXmwfXR
Score

8^/10

banker evasion ransomware
- Makes use of the framework's Accessibility service.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
  banker
- Acquires the wake lock.
- Requests enabling of the accessibility settings.
- Reads information about phone network operator.
- Removes a system notification.
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bankerevasionransomware

behavioral2

behavioral3