General
-
Target
ambev.2.1.apk
-
Size
3.8MB
-
Sample
230610-1l2rsafh44
-
MD5
55ff3a8221325989e7b37ae93aa00588
-
SHA1
74f483df5ddca5e1bc322bc5d121627c9e96829f
-
SHA256
9263a05f6ca2a1c9b52aa5a52cac5b5881745ff09ddd769f921ed306b32c5f6c
-
SHA512
d3192f09bdb9a356adc1408f11546148059abe9aaa23c6d865d61760faee7fe4540de8ba4a2c9b49f488c3a1517debbf4b6ef5a9fa99774b056aebf3e985b488
-
SSDEEP
12288:avpl2xk7BsXW8FXgnz6DD2NMUO2b2cSqrDZ1nm:avpl22NsjFXgnzZMUOuSq3vm
Behavioral task
behavioral1
Sample
ambev.2.1.apk
Resource
android-x86-arm-20220823-en
Behavioral task
behavioral2
Sample
ambev.2.1.apk
Resource
android-x64-20220823-en
Behavioral task
behavioral3
Sample
ambev.2.1.apk
Resource
android-x64-arm64-20220823-en
Malware Config
Extracted
spynote
1.tcp.sa.ngrok.io:21163
Targets
-
-
Target
ambev.2.1.apk
-
Size
3.8MB
-
MD5
55ff3a8221325989e7b37ae93aa00588
-
SHA1
74f483df5ddca5e1bc322bc5d121627c9e96829f
-
SHA256
9263a05f6ca2a1c9b52aa5a52cac5b5881745ff09ddd769f921ed306b32c5f6c
-
SHA512
d3192f09bdb9a356adc1408f11546148059abe9aaa23c6d865d61760faee7fe4540de8ba4a2c9b49f488c3a1517debbf4b6ef5a9fa99774b056aebf3e985b488
-
SSDEEP
12288:avpl2xk7BsXW8FXgnz6DD2NMUO2b2cSqrDZ1nm:avpl22NsjFXgnzZMUOuSq3vm
Score8/10-
Makes use of the framework's Accessibility service.
-
Acquires the wake lock.
-
Legitimate hosting services abused for malware hosting/C2
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Removes a system notification.
-