cb64b58eb5f78279d7c28313c2c4538dffd3a59d7d52560d4d1508f3d9c92909

Sharing

Copy URL Twitter E-mail

General

Target

e689b6661754093fb93c7807a643774f4d474b174c637ddc0af4227042242b33.apk.zip
Size

130.6MB
Sample

231008-ad953sbb65
MD5

d0a0f330f8b8219b3a55cacf30f42f25
SHA1

2e63a2b5c9bf1ac4125715be3632107d6f813cfb
SHA256

cb64b58eb5f78279d7c28313c2c4538dffd3a59d7d52560d4d1508f3d9c92909
SHA512

947c87f74435d644b23b1447afe6bf9119405f686ef9bb3bf8d100b479d268c1bf68f0e4f832dfa4e0eac0f351da0d51bfb19429635d49601b05eb72dd9e9272
SSDEEP

3145728:B2Zn4+ssxEXG/kKj383FVG8Aj67zuSHMHKNR/vu38SDwF9CeF:E1NssxEXG/kkozHJ/uSHMqL/vu38SsvB

Score

8^/10

Malware Config

Targets

- Target
  
  e689b6661754093fb93c7807a643774f4d474b174c637ddc0af4227042242b33.apk
- Size
  
  139.3MB
- MD5
  
  16d06930ea962b0526c017c7d3715c19
- SHA1
  
  a6f5db661db7bdb4b70ca434d6f00cc20a821253
- SHA256
  
  4d1df237dbfe2a510fb781608d24020afd308a75f639a266c13787a3f99c3fe6
- SHA512
  
  92eb661715520377ba2287f884a5a0bb21e8461cc05c554464bd3cf43cf03c4d4737e832a6e6b3e3f2e39713b0e3e6c8a5b85ea2e5d136317fefaa3955200f31
- SSDEEP
  
  3145728:L97anX3R4GwrYexoo6woxrGGzp3M5hTJB0e4oV2NICRf42JkJZeMlHx:LMXh1bexlp4rGocTJBDY6CG/ZL
Score

8^/10

banker evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
  banker
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Removes a system notification.
  evasion
behavioral1
- Target
  
  AndroidRuntimePermissions.Runtime.dll
- Size
  
  9KB
- MD5
  
  45fd34d8d684ed8b381e91716ad2f8fc
- SHA1
  
  8bd8cc68eda2cb08a1f1ffb1642e195c8892219c
- SHA256
  
  1df4b7d4e5f82c2cd23a05cfc164e2e3517dd2b79e2f333c5169f109ce5fe42e
- SHA512
  
  f6601e881d3902b85af71a6784c9b852cbe22de904264f6e9d88ef355616cc053d26546b2d19fe0bf4b232008700c399fd25866c5e4e35e5252b9304b36a69c3
- SSDEEP
  
  192:DyXoyVia0q+QB3O5NzPCEfAN3TS8rqdV9U3+rGCry:Dy4yoR0BsHAVS8rqdYOKCry
Score

1^/10
behavioral2 behavioral3
- Target
  
  AppIconChanger.dll
- Size
  
  4KB
- MD5
  
  f5ee3c77d3ea5b91e6f125b235814306
- SHA1
  
  4a2997f015e46cef1574afac9c926951b436f8a2
- SHA256
  
  2ad498fd35c7571bce03f9b7bf0aa2a2b6a72d6cad895d6bf738c65a0ba2666f
- SHA512
  
  5897f8ae607f2a4aaadd903a4178c53ca5e4c39eda142f3f044e00aa956d931d523928643b9a8b10622911b13b5cadcd4ee7250aacd94b45317e587228484d91
Score

1^/10
behavioral4 behavioral5
- Target
  
  AppsFlyer.dll
- Size
  
  36KB
- MD5
  
  2864c81ff38911845f35bc8e4a9c6e79
- SHA1
  
  baed6adc7b4f844c82537e1a351ffbf4c948d656
- SHA256
  
  b6d1771e98bd6c541b70bacbc2f62fda58745cf22f0373814bde383ef4ccd05c
- SHA512
  
  3f237fc14a133b5a626c92d1e4e39ecaadf9b647fea3e43847378b56e0ddb9bbfb9669e50372ea556019261a1b5cdbbc5e3127cd349fa4badb72de6ad8478301
- SSDEEP
  
  768:+bmVdnjhqfYnVJG3DiLK6PrVFDFruE+IsyDh9hT:6mDn+iV4uPJFDZ
Score

1^/10
behavioral6 behavioral7
- Target
  
  ArabicSupport.dll
- Size
  
  13KB
- MD5
  
  6cb0fbba1df139d8f836df2ddec66a8a
- SHA1
  
  ad2d7a112785726a766f09aeb646fd2c5590e7b5
- SHA256
  
  64e4226ed624172ce7654aa9ee5946d48219084bb02cbf49c5d76898409ead23
- SHA512
  
  eb95ba8266e6d10d7c1dbd314730ef89e4e1fcf719ed3c27a73ff629f81c1013bdfa47af212ec8e41deaacf565941d91dfce1af3b4a307c26982ca852b92a0ff
- SSDEEP
  
  192:+lPrXAuAQzIuiPfrEYy16gqKX+b0dWGa9sh8r65WF+bxTZ:Cr7AduurE4GGM5Ww1
Score

1^/10
behavioral8 behavioral9
- Target
  
  Assembly-CSharp-firstpass.dll
- Size
  
  386KB
- MD5
  
  95bd460a2b997f2898977aa0c3158d69
- SHA1
  
  24aea065f0e7f56182e5e5f597872d8d402aaef4
- SHA256
  
  9a3da1aa5d2714ea619176843bd8cc1b9e0cec8c5166a9f27f0ed7f61d26fff7
- SHA512
  
  7bf1211f427146960763b155ae28534648b9efa76130ed2d870e408237fb56ea95e0d0b591e8286e11461365cb66fe5c258b110f9fa2448516e3b86017ddb292
- SSDEEP
  
  12288:byIJXfi2CcU3OXnPYRLOA6lCfBfHJONzS82brfovVU:by4hpwKnUORS82bz
Score

1^/10
behavioral10 behavioral11
- Target
  
  Assembly-CSharp.dll
- Size
  
  3.5MB
- MD5
  
  a16b9a5283a56cdbe647d7deafb2a711
- SHA1
  
  5bd5c6c7d1b76c8a3922524d6431fcafeef0f136
- SHA256
  
  aa9e36cfa7201e75080080b49ced19445b92a25b373100a6c26df6a25eac562b
- SHA512
  
  d7c4bff7f2b49cf5643a6123dbeb5d1ecc8dde66dd187db5dad6222c1ba197107c9597e86ac8119be2cc40abab7969fe029843155588d67a2c2a718355cf00b8
- SSDEEP
  
  49152:t+2wfsagxRvevrjcTCCiE9g8Gj6v1kSwMv6f5OU9eFxEPopGJsLe6S428Rxv/Isj:t+2iIvXCCDG8Gkqe
Score

1^/10
behavioral12 behavioral13
- Target
  
  Bugsnag.dll
- Size
  
  8KB
- MD5
  
  87bb91d1f7f4c5692d90d3dd2235bd8f
- SHA1
  
  b8f98479c1caa5a8eb15c272629eb6f3450fd204
- SHA256
  
  aad7b09cf998d20b688df8bb8b97f214c9d6888106231546a67da9db6d663359
- SHA512
  
  e904da90c77b6e72ef8f166823b2320a23cefe6abebb4675398508354499f8653f76951a61d7e16d2a95b08222ef751a3f9c6e9ced81124952ed1f96ea3a3b5a
- SSDEEP
  
  96:an9pB6RnEWD55jEYG173dOUvpnYG5o5F30RfCY2jJ5jQlbKFTdjwn8x:YpIEWD551G1E0f4d0l6j7jQl0Zs2
Score

1^/10
behavioral14 behavioral15
- Target
  
  BugsnagUnity.Android.dll
- Size
  
  148KB
- MD5
  
  4609f12003acee84f1d4ae82fee54521
- SHA1
  
  6053b9afc039c226c99e4e5377ba7a0dca2edf48
- SHA256
  
  462d1324ba1b211090d9d2baf08675df7d3bee703f65e0e4d4f7a9317a1a4f54
- SHA512
  
  507d7879dcde401c326cb5aff0854280ad41b19b00e782b20ba670c985790855e8aa4d65ff189a6221fe7ca8ea66c55f96ada04149cfbb705e85398071e72cdb
- SSDEEP
  
  3072:zR6z2Q9Dovbh0ViR0YQn64pVn8UbXRgx:rUEveViG4Yn
Score

1^/10
behavioral16 behavioral17
- Target
  
  Castle.Core.dll
- Size
  
  432KB
- MD5
  
  5fd9509e23271b37ed2ff8b8c8871e9b
- SHA1
  
  67e3d1afd27fb570938fdd922f86b48137c81c3a
- SHA256
  
  9b555bc6f25753f1de58bd5a12c26d21a034914d9b8d56aee7c4fdb6365f11d2
- SHA512
  
  ea81645c5699ed83aeb137296dd9ec2a432d24ddc55193e930ed8c4b55663052d45cff01346ec19881ef7096bd73f68d429407570a82e767213c73c2b7664e41
- SSDEEP
  
  6144:9qS7E6tO0vCqltN6Z1G+9FkdbAnGTZEg8UJrF6YdUb9iNDCqRBHpZTdj7dH7+:rEz0vmFkBAcHT6YdmkCqRBHpTZH7+
Score

1^/10
behavioral18 behavioral19
- Target
  
  DOTween.Modules.dll
- Size
  
  43KB
- MD5
  
  5f2f8efff03530f00442345264f3ec3f
- SHA1
  
  da4327562843ce8213ce5ccd8e758e6517c387b5
- SHA256
  
  4ff11e9f273da070241fa5a1ac35ce19a7405d7f69b8e1dcd65dd2a8a24ff673
- SHA512
  
  980d8bbc7aef060bebc62572edcb85dba0b926f5551c9959a6e65379f99ea8798f2bdb88c31f5624e4b88b6e5cc7acfb2ebee84eaae16f33fdc22e988097cfd5
- SSDEEP
  
  768:v2KFTysL4GZEXV25x0MVDQBRBXgKoMR+mAAlraJhX8iOrha9:v2KJysL4jMVY/XgQsmAAlr0HOrQ9
Score

1^/10
behavioral20 behavioral21
- Target
  
  DOTween.dll
- Size
  
  158KB
- MD5
  
  b0c92c3bbe4adc4881598bd16c5c0202
- SHA1
  
  1389b9c2c30a4cf013e3109a670af53f1b292dd3
- SHA256
  
  48ea88b9fc7d95fc04ae333e7df4fdeed865ec39629382e5524f5cdc32e7dd4e
- SHA512
  
  445d4896ab729777c0f32dc37ff67991b8847bbab36b849fdc8146ec883b050791f076dbd0dea55215901d9c2c876b8bcef269f087d9a15de70bf2ea8ff5054c
- SSDEEP
  
  3072:wmJuRf6eC3QaWnGpRXrfVvLyNXfFoldyFi:wJRfdLno5DVvLndE
Score

1^/10
behavioral22 behavioral23
- Target
  
  Facebook.Unity.Android.dll
- Size
  
  4KB
- MD5
  
  662fff442d813495c7294ca802dad81d
- SHA1
  
  775f9e6e0893ef62c473294d4621bee3bca83fca
- SHA256
  
  cd75eda7b5dda263facabb62f65f378aeca49848b7bd34f5efb359ffacccee3a
- SHA512
  
  b020d3c7e113bf2738b089364939a96d51f4d4f6ecf3bdfb513cac5205253d43c45de203a1b77308a540cb2b20515660aa61b5d38e7ffae48c9c673532e3fb94
Score

1^/10
behavioral24 behavioral25
- Target
  
  Facebook.Unity.Settings.dll
- Size
  
  9KB
- MD5
  
  4276dceb6dac16e46423b01a6fe1d9d9
- SHA1
  
  a829600637a6bd9259a6d532eb8361713a947be2
- SHA256
  
  0a1b5f4838008daa13e8e00d03add310eb2088afd09afdbe53a32295cc6bf686
- SHA512
  
  a35e10bd1e3bb4bac42b1af3a652d4d828ae399949e3c64be85582b4642b01aa1e0223efd63860a6fbad0aaf3e8b15cf564aa2355c61aa55d4e7c3b71d0c71e3
- SSDEEP
  
  192:m+AgyJz8L7mSIY4DdeB2SiF0VViyUlQCtviFo6S9DcDR+:m+pE030eCBiFoA+
Score

1^/10
behavioral26 behavioral27
- Target
  
  Facebook.Unity.dll
- Size
  
  156KB
- MD5
  
  f9c91a921b4f11f771241e57a03a0c62
- SHA1
  
  a98d3daa11336faf3bc4181f27e2e8ba94eba01c
- SHA256
  
  ed509ef0dd887e6b60b065ba3f9156992a5194014099e1cfd195d1cd0e9132c7
- SHA512
  
  ed40969a9007eb3f4d68f6d0a63442fea08345b1d017c79dd5dfdaa7d54bb572a5346e23af13e236e1ed7f5b9b8fb19822947ca0336ab74837e00949c60ca5aa
- SSDEEP
  
  3072:GbKAbdwsYTTRq+REYAcSvWj00n+1MQMx17zHAREkaNIKHFHMIsc:dAbasD/Sdn++bSEkaNI
Score

1^/10
behavioral28 behavioral29
- Target
  
  Firebase.Analytics.dll
- Size
  
  40KB
- MD5
  
  e665bc929fe1728fe4238b53102e0c66
- SHA1
  
  dcb971b7748c91fcdd0b99abd89dec48e04f1dc2
- SHA256
  
  1de40fd8947b24df53196498651017eb091fb989df444a73e592cc288290c772
- SHA512
  
  61b7089e572720e962af0618b24089b01e74d6a3cc552256d9cf67ab2d824046154474c6603ca70fa982239c16af31ccaca66410e26789353d7f98f75ac7ac4d
- SSDEEP
  
  768:NtmMJUdwcFayw4cl/KslvKVQ/Ez2+EPuBzPcY:NEMSdzFaZ/Ez2+EPQcY
Score

1^/10
behavioral30 behavioral31
- Target
  
  Firebase.App.dll
- Size
  
  87KB
- MD5
  
  eda57ce86c018b7ec757ce925387a54e
- SHA1
  
  8cfa2b8b97b86b105f99ac3d6583d0a995845ba6
- SHA256
  
  5966a1c2664b3dbcd2de1b8acbfe48170df353d6344a5441fc37d12784fdf103
- SHA512
  
  90f4497959e2fad4ec9b770031dae2f18d2cbfc4afcfb64bd2e3d490cdb426af757e179ff5ff391cc307479040853e9de80713c9ad12d1d10a7bc3a005eec822
- SSDEEP
  
  1536:y/4tHJMGv/PikqCwitgddVeNzxjbPkcN4u5:y/4dJMGnKkJt+ebPkc2u5
Score

1^/10
behavioral32

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Targets

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

Acquires the wake lock.

Loads dropped Dex/Jar

Removes a system notification.

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32