General
-
Target
831346106da21d6edd95d62d22065a705e1c8c3edd29a31fb4ca7431d50d5cb1
-
Size
123KB
-
Sample
231002-exzwnsgh69
-
MD5
b08c833107b4fc22289386fe47dd997f
-
SHA1
fe6673b28888d22b1d3181e26b5e708d96d3f602
-
SHA256
831346106da21d6edd95d62d22065a705e1c8c3edd29a31fb4ca7431d50d5cb1
-
SHA512
9b26a007c1c3a107c41992f14df40f094880c045a0586cd67a3fca091fc9937ec513a40733b74950b7c4bdfaffd3a8142be3333f4981e5ff07898d5a1b1bc52f
-
SSDEEP
3072:ZXWaaDA/UsmY9KFdlvg08HHf1yhEZeXGA4FYP8R4V7/I6EPCLps:ZXP/5P6Y1NlepPnV7/pEKLm
Static task
static1
Behavioral task
behavioral1
Sample
831346106da21d6edd95d62d22065a705e1c8c3edd29a31fb4ca7431d50d5cb1.apk
Resource
android-x64-20230831-en
Behavioral task
behavioral2
Sample
831346106da21d6edd95d62d22065a705e1c8c3edd29a31fb4ca7431d50d5cb1.apk
Resource
android-x64-arm64-20230831-en
Behavioral task
behavioral3
Sample
831346106da21d6edd95d62d22065a705e1c8c3edd29a31fb4ca7431d50d5cb1.apk
Resource
android-x86-arm-20230831-en
Malware Config
Extracted
coper
https://4-u.wtf/
https://fitnessstyle.xyz/
https://sportsstyle.club/
Targets
-
-
Target
831346106da21d6edd95d62d22065a705e1c8c3edd29a31fb4ca7431d50d5cb1
-
Size
123KB
-
MD5
b08c833107b4fc22289386fe47dd997f
-
SHA1
fe6673b28888d22b1d3181e26b5e708d96d3f602
-
SHA256
831346106da21d6edd95d62d22065a705e1c8c3edd29a31fb4ca7431d50d5cb1
-
SHA512
9b26a007c1c3a107c41992f14df40f094880c045a0586cd67a3fca091fc9937ec513a40733b74950b7c4bdfaffd3a8142be3333f4981e5ff07898d5a1b1bc52f
-
SSDEEP
3072:ZXWaaDA/UsmY9KFdlvg08HHf1yhEZeXGA4FYP8R4V7/I6EPCLps:ZXP/5P6Y1NlepPnV7/pEKLm
-
Coper
Coper is an Android banking Trojan with a multi-stage infection mechanism first seen in July 2021.
-
Coper payload
-
Makes use of the framework's Accessibility service.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
-
Acquires the wake lock.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Requests enabling of the accessibility settings.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Uses Crypto APIs (Might try to encrypt user data).
-