General
-
Target
FAPlusv140_Jected.apk
-
Size
6.8MB
-
Sample
231004-v1kh6adc5w
-
MD5
232c85e36c33e449caa852ee2bf1e34e
-
SHA1
6adc756ffd886a8313758facd9755034e96789c5
-
SHA256
ac24b61e112fbe6a0d994f6078c378b01a56359814db828ad73353708825c491
-
SHA512
e26eb8f0ac9120110e64825c35ff6ae09997bf4156ca540a16793d69b65a262d07b9ad891e3e253144a1f9de06b74f19cbc8c4749c8e8b958d7544b6f4aee37c
-
SSDEEP
98304:Yaf0ZGU0C0e/iVoPw8rnSC1sWF/04GSwF3pnFtf8TczUq5UDRkBlTAgq6ijWJUUi:Jhfm/Qo4FwsYvG5pnFCTczH5ekwviJXg
Behavioral task
behavioral1
Sample
FAPlusv140_Jected.apk
Resource
android-x64-20230831-en
Behavioral task
behavioral2
Sample
FAPlusv140_Jected.apk
Resource
android-x64-arm64-20230831-en
Malware Config
Extracted
spynote
fee-harmful.gl.at.ply.gg:41934
Targets
-
-
Target
FAPlusv140_Jected.apk
-
Size
6.8MB
-
MD5
232c85e36c33e449caa852ee2bf1e34e
-
SHA1
6adc756ffd886a8313758facd9755034e96789c5
-
SHA256
ac24b61e112fbe6a0d994f6078c378b01a56359814db828ad73353708825c491
-
SHA512
e26eb8f0ac9120110e64825c35ff6ae09997bf4156ca540a16793d69b65a262d07b9ad891e3e253144a1f9de06b74f19cbc8c4749c8e8b958d7544b6f4aee37c
-
SSDEEP
98304:Yaf0ZGU0C0e/iVoPw8rnSC1sWF/04GSwF3pnFtf8TczUq5UDRkBlTAgq6ijWJUUi:Jhfm/Qo4FwsYvG5pnFCTczH5ekwviJXg
Score8/10-
Makes use of the framework's Accessibility service.
-
Acquires the wake lock.
-
Legitimate hosting services abused for malware hosting/C2
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Removes a system notification.
-