coper

Resubmissions

03-10-2023 04:57

231003-flel2agd3x 10

02-10-2023 04:19

231002-exzwnsgh69 10

10-03-2023 06:31

230310-haj4gsdf5t 8

15-06-2022 10:31

220615-mkec7sdehq 8

Sharing

Copy URL

Twitter E-mail

General

Target

831346106da21d6edd95d62d22065a705e1c8c3edd29a31fb4ca7431d50d5cb1
Size

123KB
Sample

231003-flel2agd3x
MD5

b08c833107b4fc22289386fe47dd997f
SHA1

fe6673b28888d22b1d3181e26b5e708d96d3f602
SHA256

831346106da21d6edd95d62d22065a705e1c8c3edd29a31fb4ca7431d50d5cb1
SHA512

9b26a007c1c3a107c41992f14df40f094880c045a0586cd67a3fca091fc9937ec513a40733b74950b7c4bdfaffd3a8142be3333f4981e5ff07898d5a1b1bc52f
SSDEEP

3072:ZXWaaDA/UsmY9KFdlvg08HHf1yhEZeXGA4FYP8R4V7/I6EPCLps:ZXP/5P6Y1NlepPnV7/pEKLm

Score

10^/10

Malware Config

Extracted

Family

coper

https://4-u.wtf/

https://fitnessstyle.xyz/

https://sportsstyle.club/

AES_key

Targets

- Target
  
  831346106da21d6edd95d62d22065a705e1c8c3edd29a31fb4ca7431d50d5cb1
- Size
  
  123KB
- MD5
  
  b08c833107b4fc22289386fe47dd997f
- SHA1
  
  fe6673b28888d22b1d3181e26b5e708d96d3f602
- SHA256
  
  831346106da21d6edd95d62d22065a705e1c8c3edd29a31fb4ca7431d50d5cb1
- SHA512
  
  9b26a007c1c3a107c41992f14df40f094880c045a0586cd67a3fca091fc9937ec513a40733b74950b7c4bdfaffd3a8142be3333f4981e5ff07898d5a1b1bc52f
- SSDEEP
  
  3072:ZXWaaDA/UsmY9KFdlvg08HHf1yhEZeXGA4FYP8R4V7/I6EPCLps:ZXP/5P6Y1NlepPnV7/pEKLm
Score

10^/10

coper banker infostealer ransomware rat stealth trojan evasion
- Coper
  Coper is an Android banking Trojan with a multi-stage infection mechanism first seen in July 2021.
  banker trojan infostealer rat coper
- Coper payload
- Makes use of the framework's Accessibility service.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
  banker
- Removes its main activity from the application launcher
  stealth trojan
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Requests enabling of the accessibility settings.
- Reads information about phone network operator.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Coper payload

Makes use of the framework's Accessibility service.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

Removes its main activity from the application launcher

Acquires the wake lock.

Loads dropped Dex/Jar

Requests enabling of the accessibility settings.

Reads information about phone network operator.

Requests disabling of battery optimizations (often used to enable hiding in the background).

Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3