Overview

overview

7

Static

static

1

Betflix-4....m).apk

android-9-x86

7

Betflix-4....m).apk

android-11-x64

7

CaviarDreams.ttf

windows7-x64

3

CaviarDreams.ttf

windows10-2004-x64

7

Pacifico.ttf

windows7-x64

3

Pacifico.ttf

windows10-2004-x64

7

Sansation-Regular.ttf

windows7-x64

3

Sansation-Regular.ttf

windows10-2004-x64

7

Walkway_Bold.ttf

windows7-x64

3

Walkway_Bold.ttf

windows10-2004-x64

7

audience_network.dex

windows7-x64

3

audience_network.dex

windows10-2004-x64

3

crear_tran...n.html

windows7-x64

1

crear_tran...n.html

windows10-2004-x64

1

sound2.wav

windows7-x64

1

sound2.wav

windows10-2004-x64

6

sound3.wav

windows7-x64

1

sound3.wav

windows10-2004-x64

6

sound4.wav

windows7-x64

1

sound4.wav

windows10-2004-x64

6

sound5.wav

windows7-x64

1

sound5.wav

windows10-2004-x64

6

sound_out2.wav

windows7-x64

1

sound_out2.wav

windows10-2004-x64

6

sound_out3.wav

windows7-x64

1

sound_out3.wav

windows10-2004-x64

6

sound_out4.wav

windows7-x64

1

sound_out4.wav

windows10-2004-x64

6

sound_out5.wav

windows7-x64

1

sound_out5.wav

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Betflix-4.2(betflixapk.com).apk

  • Size

    13MB

  • Sample

    230609-xbr8tadh3v

  • MD5

    ea6f6961c64dbb1130ff43c4c03eea65

  • SHA1

    d6faa6f9c35c4ff41f6bfd17a89d76cbcd50d388

  • SHA256

    c148c4ae4e093b3653496766f69a01b2fff54fce595836e71373efc8e4ee6794

  • SHA512

    574206cedda3e67b9afc4cb1cd3d217a92eb65466ff45b8bd84b8d6abe5ad905b7986b4034eac8df4a0c7973ce06c5ae794788c23dcc04ed63b6e14a5a77e85b

  • SSDEEP

    393216:5pW1qkkVEV+Mqqcj+oPOx/8RQrf3RC4rV2SMU:gqzQ+wcj+3O2rf3RC4rV2pU

Score
7/10
androidevasion

Malware Config

Targets

    • Target

      Betflix-4.2(betflixapk.com).apk

    • Size

      13MB

    • MD5

      ea6f6961c64dbb1130ff43c4c03eea65

    • SHA1

      d6faa6f9c35c4ff41f6bfd17a89d76cbcd50d388

    • SHA256

      c148c4ae4e093b3653496766f69a01b2fff54fce595836e71373efc8e4ee6794

    • SHA512

      574206cedda3e67b9afc4cb1cd3d217a92eb65466ff45b8bd84b8d6abe5ad905b7986b4034eac8df4a0c7973ce06c5ae794788c23dcc04ed63b6e14a5a77e85b

    • SSDEEP

      393216:5pW1qkkVEV+Mqqcj+oPOx/8RQrf3RC4rV2SMU:gqzQ+wcj+3O2rf3RC4rV2pU

    Score
    7/10
    evasion

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Removes a system notification.

      evasion
    behavioral1behavioral2

    • Target

      CaviarDreams.ttf

    • Size

      57KB

    • MD5

      fd2d0a4d699ed411275cb14ef35dec7d

    • SHA1

      fdbae680e53ea7f5c7a47d59bc5588553ff97f40

    • SHA256

      48e64216270cb5efebde50ba3a0acf8e20db3fbf745bdc5ff03e54596f8e062a

    • SHA512

      3b7ed259952df67050745395ddfc6ca27e401418874a237558201288b1dbba8d41d9bc34df5ff41e1bf225ca2bd07683cd4650250556380955f171748ee31906

    • SSDEEP

      1536:oKtyXfEGYVulyE9OcUJlNdguFAcWZwtQuEAco+YqBk:oIGfE2L9ORYuqcW+tso+fBk

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral3behavioral4

    • Target

      Pacifico.ttf

    • Size

      73KB

    • MD5

      6b6170fe52fb23f505b4e056fefd2679

    • SHA1

      e2c6924078183bd9fee72e8a6b3992dc637580f0

    • SHA256

      8b0262a477f576b73ecfabe72558940caa11e3e8aa778d1b6f6acd039f5bbbd1

    • SHA512

      a38d9f76f0205e31c4c6996448559b9030ead69414ded6285f9b06085e292387142dfb5a59e30ddcf371df3d18371a27eaa702257c44e5e2b1a109e3e5929f5a

    • SSDEEP

      1536:0c7a7f0LBGqr2TIJHWSGOmlCeWTm1r6+1M3eBNmSvV:af09lJHWSGUDTKWqZV

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral5behavioral6

    • Target

      Sansation-Regular.ttf

    • Size

      43KB

    • MD5

      b06ad7b83e55d7b3599a21635ab88644

    • SHA1

      028307e239259aa3026adc59257435c7909d6ea4

    • SHA256

      6d47039ee6665d78b143a1b264abc02017a33ffa52a4e9f6645ce357f92d4f09

    • SHA512

      89ec2e53a227646d08359de170042cb1ba57b4f0f92a1c5b46373ed7ca75f32ed9de653a6498404c2acac096bc2c1c4ecced8d74394968fc780849c2a075e5e4

    • SSDEEP

      768:b9aYsjV9Ob2KvP+HScdyYCkLDcNS+DtqtpQys3timaP2G+dxEKwfQXJ2r:bdqV9OdvP2dyYVLDcNSiqtiv0x+z+aXC

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral7behavioral8

    • Target

      Walkway_Bold.ttf

    • Size

      49KB

    • MD5

      470d92a839dd021b2b1cddcf008f7cbd

    • SHA1

      6c2dc97ce9ae7e401a16294e63fa6fef1d66f91c

    • SHA256

      b1b15ef15bda6cd043a9b161ec07b1416be3e9a3656995a62699c66860de7081

    • SHA512

      5cc5c5541c1b2261bc0c4c63d1cc8a9d12742e7cffad44bdac9673f9d6639b3d7a7f083886aa2f7299a3baed7630d4b3478030b1a0b2387b26d7385e35cd9a0d

    • SSDEEP

      768:4iWKtROR5nGDfmhwAm6l2uFi9CHvdJSG7u9Wb1w9Qkdce6mlu4dB9LtpK2BK+BqE:4XYQR5GfivDSGC9Wb1ZEdB9/K+4E

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral10behavioral9

    • Target

      audience_network.dex

    • Size

      3MB

    • MD5

      692c6b1b89702297c59bd34c4bd1fa53

    • SHA1

      f38cac946f03d7e869018acbdfe0ed272e11b106

    • SHA256

      920e465a87a2409fc8d7186ea4e319c613c04d156bec75e8b91cb4d07b1deb75

    • SHA512

      927048402fb314ef2624776b27317a6f996ea6b3d697d66b8b213d5be9559f24ae0dca8d2f8a9350d32310b8cab071933936640641d297ba522b3af60424df63

    • SSDEEP

      49152:2I4+6Ptxu5kKKrpTdFLFlDLjvj44ZF3I2BFC3JXbPw/Rm:e+otxhawJm

    Score
    3/10
    behavioral11behavioral12

    • Target

      crear_transaction.html

    • Size

      3KB

    • MD5

      d6ff756b957c9d1e55de124e692099d0

    • SHA1

      9e1701210b37688ad5c76a656aecc8b12fec5f82

    • SHA256

      5ccdf32d36d4b5596d51c7d3776221f7768733c390b8cbb62a462e5ac6bf1d8b

    • SHA512

      253db3579712b5465cae7554ff332ab41ae0577711c89a21fe68d0a066d410b15162045573bb31f03fbcb7a17ae530a769846d16a4d8e1503d42b8328f891795

    Score
    1/10
    behavioral13behavioral14

    • Target

      sound2.wav

    • Size

      59KB

    • MD5

      1d3e701c3b7ccac6eb9915ab0488f569

    • SHA1

      ffb9ac94e334d21cfc1c156059f7f993ad7c357f

    • SHA256

      c6107f9102e8e02b31caf15dd1b75682e651202cf9ce6b52d5b7b23ac243fad2

    • SHA512

      91b2be1dab135f8d0927f59b494435f2627ac26c2285ec83dae6fe4029c50dc2f30df59809210743088b58d6f309efca31c793e3f40f1e60f08f51c0d69907f1

    • SSDEEP

      1536:xUkAcuYUgWYD+dNv3lg3xxx+0s9CswsMQOMk19:xjAdYoa+dNQWv9MsCMk19

    Score
    6/10

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral15behavioral16

    • Target

      sound3.wav

    • Size

      46KB

    • MD5

      47f029f497ae8220366d4f0b1d5776f6

    • SHA1

      f97ec2775157b22b11e3e460a5badc32eea958e5

    • SHA256

      199209b0239bf1eba9e60df85c6d3049650ccaea3587c0310d8233466b6d2f5f

    • SHA512

      92861f60b2f8eb75b8ec066f28cf3b3f7f22081cb283406cc1c854cc1754b4b4febbde9d01f93fb6347bd83337b754a2d67a4ef181121508642cf071bc63ffcc

    • SSDEEP

      768:B+8rh9/dm5TT5tx0Zuh259+J5t86m1A/CvWlx8Dj:Bth9/deTT5/0M8+d8G/4Dj

    Score
    6/10

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral17behavioral18

    • Target

      sound4.wav

    • Size

      58KB

    • MD5

      a1205e78e1b273c0355a77de8a5cc6a3

    • SHA1

      e267a41cb563f4d4761fb6d39e0cfce8c81b31b7

    • SHA256

      c3ed890e51dd519972d2c4ddd7634dc99f0c06771a0f0643c5a2ba2e291a0d5f

    • SHA512

      dbac3dcfa8e99d31e0b0ce7ae8c09386aa336d6cef9ce1d6af5b1e204b54ea2f3b41de5cf50923c66408e8207d00830ea1ca4296613909044da1f06436802caa

    • SSDEEP

      1536:gpUTQlNyuAACYOG7jvZ9CjSTg9VsjZ9R/:g+QnAuOqjvTLTgQ7B

    Score
    6/10

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral19behavioral20

    • Target

      sound5.wav

    • Size

      21KB

    • MD5

      5366c619d04e7661479450c2e8ce2601

    • SHA1

      45ab4a5754e3ee59ca79ce6f3105e0cc4a4b4da3

    • SHA256

      554ea70fab38bbcda2a77a7e9b58739ab0749fdd1b88071a0beae7d4e698bff8

    • SHA512

      9fa779ea7755107ab4489e81f0563f631bf16359ffe8d396672988d993ac6747923dc5898e0ea927d05d977870a97a841d1c92506fb4a28a779d5c138fd4cbf7

    • SSDEEP

      384:O2UuM22wXGXg+dIXKWlir4TG3tF+2pV4zh/a/fm97ubWCCIo+WNEIVvQA:0UIIXZw3m2P4zpa/OluqltxVvQA

    Score
    6/10

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral21behavioral22

    • Target

      sound_out2.wav

    • Size

      53KB

    • MD5

      ced76f9b8fa6a838c24d79fdcb5b9d14

    • SHA1

      461b9b56fcefd036c4cafb67a0736c0344f4f56d

    • SHA256

      6a90330be3c02b2e9f14f6eefc3b8e626f7b96053e30dbc02d5257653ca83761

    • SHA512

      a4df9f58692c17ab12457f63aa9f800d1c061356fbda0c99cca223be9deff975a646fa24aa4c1d150ad35a6085aff50b7a8ee2fcff2727f78b3cb4148c0addef

    • SSDEEP

      768:Zq5jG6rlzfky38Px6c8pa9bGHExnLchLigz038mixEoPUqT5RzX1pOjlOnZO97+G:Cj3lbky3G4DpvR+EwEPUqTtgaPA

    Score
    6/10

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral23behavioral24

    • Target

      sound_out3.wav

    • Size

      8KB

    • MD5

      8f3443508cef3459923d37ebbd2baf9e

    • SHA1

      7d531c599ca500c4593db0be8b92abd5585fba36

    • SHA256

      7b0b31c55a3f9daae0edc299895c43907b7d118b3ea9565835151abf7d58e482

    • SHA512

      c89db18aedc46b6ebaf1e08cc492bef3393a8b8469b9c13c4ea1296d75d6110e4bfb5343c234861ce5bae834eed2e9998e5c405d8290659a769db76e6b1e9f9f

    • SSDEEP

      192:PBrw8knTlV1dzRmTFE+olwtg+0sdok7gr5h:PBrw8knpVFmbmwtgC77g5h

    Score
    6/10

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral25behavioral26

    • Target

      sound_out4.wav

    • Size

      75KB

    • MD5

      85bd48344ac1189bebc71e449e808ac0

    • SHA1

      24f85f90a2e75a4d38f3a1448e2f06ccc6443c83

    • SHA256

      9f3060f34e5d7b7c201160d068c57d9ee89e2f568b0ebc9783301552039b77ea

    • SHA512

      76f25185f57d89e9b196e428670b06356de5c6faa1c25b546ab1191085276fc426f412f0420bc8e0e443a1d0e7c8a1749b5c4d6dcd43a5748a291c5ea01a65db

    • SSDEEP

      1536:XWjWQDzJTRTagGb3DpCMk7JHnvX/6rn4zmy6FhdC+C6QjOakLhoVsO:mKgGbEMo1vST4r0C+C6QjOa6hWsO

    Score
    6/10

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral27behavioral28

    • Target

      sound_out5.wav

    • Size

      78KB

    • MD5

      e22c815f11d197c4010e9ad756815c40

    • SHA1

      e4747ed39a55b84872542a55ea2cf11821efc82c

    • SHA256

      c6168512adb61a1ae03ccbeb0e28f3f762a6119ae7e9293cc860b3af6c4eab4f

    • SHA512

      d932be3d6e35a6fb53df42014f5910823d5dbbdb67ef33acd0a48d0794857d6c2cbcd353b7f19849234e5863317237874edaa5e8575cc42ce9452bab2cf8377f

    • SSDEEP

      1536:EZXciKwuczeLQ6njSoXdwqpQVW6dg0ctA4bp/muQ:EZscuXTVwqp+OA4btG

    Score
    6/10

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral29behavioral30

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

12
T1012

System Information Discovery

17
T1082

Peripheral Device Discovery

8
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks