Overview

overview

10

Static

static

7

com.squarr...al.apk

android-9-x86

7

com.squarr...al.apk

android-10-x64

10

com.squarr...al.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    com.squarrosise.veterpolitical.apk

  • Size

    17.3MB

  • Sample

    230206-r3l8zsed59

  • MD5

    1e69a09b341278197170a9b1a4a64e3a

  • SHA1

    011f30711c39109685c62f538b5ac6c6b97ffe71

  • SHA256

    5d65476281ce15fd07117844a1b25036fe530dd9113d75a0084e6a869beccf0d

  • SHA512

    31b3d7d648b27d5217f99ba804ae78565be92fe719d67dfc1a8ab7d72c9bc5aa39ad36b7dc2be934912c389d1e94f80aadd6d8bbbc9c955eec7d92bd59e2a685

  • SSDEEP

    393216:cSKP32yCWFPsPv4HxYIMEi9Wgl9W+YoazDIVD6bcAv6J+4TTLIU:7KP3fBQIs8+YoqDyDU7U

Score
10/10
harlyandroidevasioninfostealerransomwaretrojan

Malware Config

Extracted

Family

harly

C2

https://fox.gvbkopdf.life

Targets

    • Target

      com.squarrosise.veterpolitical.apk

    • Size

      17.3MB

    • MD5

      1e69a09b341278197170a9b1a4a64e3a

    • SHA1

      011f30711c39109685c62f538b5ac6c6b97ffe71

    • SHA256

      5d65476281ce15fd07117844a1b25036fe530dd9113d75a0084e6a869beccf0d

    • SHA512

      31b3d7d648b27d5217f99ba804ae78565be92fe719d67dfc1a8ab7d72c9bc5aa39ad36b7dc2be934912c389d1e94f80aadd6d8bbbc9c955eec7d92bd59e2a685

    • SSDEEP

      393216:cSKP32yCWFPsPv4HxYIMEi9Wgl9W+YoazDIVD6bcAv6J+4TTLIU:7KP3fBQIs8+YoqDyDU7U

    Score
    10/10
    evasionharlyinfostealerransomwaretrojan

    • Harly

      Harly is an Android trojan subscriber first seen in September 2022.

      trojaninfostealerharly

    • Acquires the wake lock.

    • Checks Android system properties for emulator presence.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads information about phone network operator.

    • Removes a system notification.

      evasion

    • Uses Crypto APIs (Might try to encrypt user data).

      ransomware
    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks