General
-
Target
PersonalMessenger.apk
-
Size
75.5MB
-
Sample
230918-q1fsraca22
-
MD5
eccb8868e7a2f57e7f07ed79b6b6c115
-
SHA1
3f0d58a6ba8c0518c8df1567ed9761dc9bdc6c77
-
SHA256
36bfcc34b706c0fb9b6d38e079a1cbf89d759095def7686aea403d79328c4e49
-
SHA512
64d8881d134ffa8b8973e7fb3e40186a6a6b49ee161595cf84fba1579f55cd2c15816dc7c1377c4496a8e7059501f46b93ef2d1f59ae3c6579184faa0948a694
-
SSDEEP
786432:WcrVt8DKEy/tPPYBOHkQlvfLX8RLbO0uM8oAffI0mN3OQ7LMa3lQ9eXknxHy:WcrTp1PaAkQlILb0nMO+MkOS
Malware Config
Targets
-
-
Target
PersonalMessenger.apk
-
Size
75.5MB
-
MD5
eccb8868e7a2f57e7f07ed79b6b6c115
-
SHA1
3f0d58a6ba8c0518c8df1567ed9761dc9bdc6c77
-
SHA256
36bfcc34b706c0fb9b6d38e079a1cbf89d759095def7686aea403d79328c4e49
-
SHA512
64d8881d134ffa8b8973e7fb3e40186a6a6b49ee161595cf84fba1579f55cd2c15816dc7c1377c4496a8e7059501f46b93ef2d1f59ae3c6579184faa0948a694
-
SSDEEP
786432:WcrVt8DKEy/tPPYBOHkQlvfLX8RLbO0uM8oAffI0mN3OQ7LMa3lQ9eXknxHy:WcrTp1PaAkQlILb0nMO+MkOS
Score7/10-
Acquires the wake lock.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
baseline.prof
-
Size
1006B
-
MD5
47a763921d0d7995e9b560ce2bde6dd5
-
SHA1
f6c2fb0207ddd20ba37ea89bd3617bac1d557fd1
-
SHA256
602367f4c57f1eefbfe872e9eb49f369a8ebd7ad4a5ce39a3601a1604ddd92e8
-
SHA512
c86543734fc0d627816a453a1bf13ef71718abedb682e3a04849aabe6dd719fce1cd07e8a35d17d33b218ff749718789f9166d893cfed4be635543ab69aa1db6
Score3/10 -
-
-
Target
baseline.profm
-
Size
205B
-
MD5
ed4a7b465662696bb4900080487207b3
-
SHA1
c616d6039a986fe844d177dcd67bdb703fd98676
-
SHA256
a2c93b02e8b9d2373ce7ff4a1054c7dc5a2d617a88bd07bd538f47de2d8b9f8e
-
SHA512
3df0abacd679a44374780cf7c174544359fea584186a784e6a898be1f28a3e18415c22ff0d09f973f518093ba7f0fd68c9417a5f61314f75ca87353fc9c0f7ca
Score3/10 -