5264734e9d6cee5cb648ff0fbdb870c9bf6a0af367e5516c8269dc414a8ec589

Sharing

Copy URL Twitter E-mail

General

Target

baddo.apk
Size

24.9MB
Sample

231010-maj6pseg59
MD5

a73e438be0bbbe7f9b9d392b299269a8
SHA1

9c3c41fdd43fc8cdb05e92ae6049ea4e6204a50c
SHA256

5264734e9d6cee5cb648ff0fbdb870c9bf6a0af367e5516c8269dc414a8ec589
SHA512

57162bf6459a0ade10bf2c04de395e681b75cad78d4199e2ed4caa8d8b6c1db9e62fc2ded447f2170c7a91a8d4d1c5c7fc3e27c8e1d6f1858de2b8f21bf51c54
SSDEEP

393216:aM2ZMMGcOG7QZPOnZ7ZhNaBAb0TCDg3Y00DlraMhAghqGtmYO:KMFcN7HpZzQmD90wlPhEOmYO

Score

7^/10

android evasion

Malware Config

Targets

- Target
  
  baddo.apk
- Size
  
  24.9MB
- MD5
  
  a73e438be0bbbe7f9b9d392b299269a8
- SHA1
  
  9c3c41fdd43fc8cdb05e92ae6049ea4e6204a50c
- SHA256
  
  5264734e9d6cee5cb648ff0fbdb870c9bf6a0af367e5516c8269dc414a8ec589
- SHA512
  
  57162bf6459a0ade10bf2c04de395e681b75cad78d4199e2ed4caa8d8b6c1db9e62fc2ded447f2170c7a91a8d4d1c5c7fc3e27c8e1d6f1858de2b8f21bf51c54
- SSDEEP
  
  393216:aM2ZMMGcOG7QZPOnZ7ZhNaBAb0TCDg3Y00DlraMhAghqGtmYO:KMFcN7HpZzQmD90wlPhEOmYO
Score

7^/10

evasion
- Checks known Qemu pipes.
  Checks for known pipes used by the Android emulator to communicate with the host.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Reads information about phone network operator.
behavioral1 behavioral2 behavioral3
- Target
  
  actionsQueue.js
- Size
  
  14KB
- MD5
  
  82b447366ff35e410389ffafed6798de
- SHA1
  
  16ab455ac17bf809fbf24f95d9c0dbe030b76f96
- SHA256
  
  2e121b9f6ba6f2df32ac9481262d69c38e9b57d8a1bdeec4054247975d26f925
- SHA512
  
  c2e8f3a0296b295a953624944d366c136f4de82a6c9a5b1cc4d509952b3895cc3672bbc6089b9e1d23d9b20e8012300dd2565fa102e08339726331626bcf957d
- SSDEEP
  
  192:ylpi0RiSH+IGqSCz84o3SCFia31NsjIsjYxqi+MC/RSYFIF8zE4Ogtu69xIOHEMw:mNeICibDI94OnXgPKcc
Score

1^/10
behavioral4 behavioral5
- Target
  
  audience_network.dex
- Size
  
  3.1MB
- MD5
  
  9b8164be4f0ffaedadc82125e5346c14
- SHA1
  
  c4bf7a6383958b493ed5c4dd6a19862d366fca4a
- SHA256
  
  8e632284c9b0180ef28e309b4b0f282ef608cfb9d9046df899d8bdac227ea9ce
- SHA512
  
  352b3e9ef70839d0850ff7ca4a1f19f3df546412ae5cac1243a80588e573fea6371edd4c408a2edf1b48d70a10a5cb579513d3cd38a4b5ccf4b7528dd28704a4
- SSDEEP
  
  49152:ux7jXNKo/ZQTdFJ6UhCAiclpDjCxD2lwhn16L5BJq:upYzfl1xFJq
Score

3^/10
behavioral6 behavioral7
- Target
  
  baseline.prof
- Size
  
  15KB
- MD5
  
  f3ffd4f316c3bd88b85dbe3bb3df3d6b
- SHA1
  
  77a1bff1caf4fe0c128e45d7fc3f193249e58a9d
- SHA256
  
  0d358ee594600571a0ced3a868f97ce4df0b39ba9c1791491a8e0b36b768aea4
- SHA512
  
  cc6208c8bd01158614ca1bb7cb01702198a96e07dd35c58699a4f8656bbf5b21551ad2d28be176d44330b502b5c014b4f248a6a05e60188e10e8d38ff2d0cafb
- SSDEEP
  
  384:5FgquECGd0EUEtC+3mG1AM3wt4pUVbuV/tqyOJ:5HnT0DEt1311AM3woUVagjJ
Score

3^/10
behavioral8 behavioral9
- Target
  
  baseline.profm
- Size
  
  1KB
- MD5
  
  e7116fe2e01a76b5c4eb2a7eb30db53e
- SHA1
  
  45072899183dcc29b1c6f8211490ef7227682e51
- SHA256
  
  c8b0a38d8cf11d518fcef6bc1cd47ee3d8e563910b83b2e469fd05d38b654034
- SHA512
  
  858158ba13b8198ae867155398ce6137e8b973086c163a11548e91b6f20538cd72a7d3196b32d9158ad5a75fe45229798bb9eb37b504f4dd1db5840923a7ac7c
Score

3^/10
behavioral10 behavioral11
- Target
  
  circle_burst_animation.json
- Size
  
  14KB
- MD5
  
  5470c9490729bbdbf4000f189a21770d
- SHA1
  
  ec49544b7223c9d53fe5d7cc658e568460098cb3
- SHA256
  
  2ee1e0bdcd57ca6c652f2a68d459976e2c608d432ac8a25dce471b0746d65b63
- SHA512
  
  600946a5e2b1ab50ee352d685e2d498addddd105743ea1043d94718bf6128f9b4e8c687c31214ca7c42588926cba017b90b3f148b4387bda4294e4bb4b2d1eb5
- SSDEEP
  
  96:4WAl7dM2GTcHq9u1z08Gla2GTcHquGBgSCmdbUNYH+tmt:f2GTcHq22GTcHqemdbCYH+tmt
Score

3^/10
behavioral12 behavioral13
- Target
  
  crush_success_lottie_animation.json
- Size
  
  61KB
- MD5
  
  3714d364c4172cf4ae79c77fd2b6dc5f
- SHA1
  
  65af2ab661f57f366614f01addf28f7a400900c0
- SHA256
  
  27ca815f04dc9f4d92b277b64838969228ef59b2edc5584875935dd8336baf73
- SHA512
  
  9a0ad70504d837e36fef80ccd7bc73c72d8e3a4fa140b61d291e6c2329ea109bef3bb6b82e7c3ad1230b93ded30ed4415a4c42653bb696c1eacbd4caedec0b15
- SSDEEP
  
  1536:PdtR+uIHl1t1Zx5DrDJxm1HFZFKfaxF17x2:Pd3H2rDzdvD2lnM6Lt2
Score

3^/10
behavioral14 behavioral15
- Target
  
  js_receiver.js
- Size
  
  2KB
- MD5
  
  6ec1a0b43b7ceeadb05acfadbefbfbd7
- SHA1
  
  077d4306166d359081211aec4fca0d86eb8fd095
- SHA256
  
  93b4b4f57bb2aeb061a617338d0f077d377c3a095c6eff70d3024f6680c88e40
- SHA512
  
  09c92f65c60a0a6fce214ebe15550aea2f3f675d08830eb7c7f282cf95c78a9c212130c5598f368cabfeeb47607ab11cbdb65efbc2596e0bd9bd55d06365d0f5
Score

1^/10
behavioral16 behavioral17
- Target
  
  live_animation.json
- Size
  
  4KB
- MD5
  
  bcedcbaf73e6cfe8e9ed5dd059202094
- SHA1
  
  fd67c19153160d14fd8e01f330bcd0b5192754ad
- SHA256
  
  8e43941be8a28c0a9dd5a548fc3c6dc606801a0b92850db4054c87cf9d0d1c18
- SHA512
  
  13b4d5f0e96234fa2f37476f29b9d61e734e9743b06b93c31fecc72113fc8c73167f61435c4c86320fc7c4eaffee7c170079e8a9e096a33bf078effa72b90931
- SSDEEP
  
  96:4Vy0xRUENOygwFbhFfIkw8NEUhwRxhZvCPN/:G5qENOSDVIkw8NEqw3qPN/
Score

3^/10
behavioral18 behavioral19
- Target
  
  mraid.js
- Size
  
  44KB
- MD5
  
  103bc103a4080ce6931336831b791364
- SHA1
  
  f759cb23d330937c47c9d8af59d9c6c72b7c2d05
- SHA256
  
  d42d20cc7e8a01cb50be9747bcec585654de282d9e21f340e772095cca5d07e3
- SHA512
  
  f25fa39044a8b36ce695b435f2c8583d236ced2361eb0462748d7f126a8536448ca677ab92b0fdaa17527cce333b3e30ee47f8e84616dda31a4cb940c74ced7d
- SSDEEP
  
  384:QNeICibDI94OnXgPKLeALdCW/yi8Ld8U7mPs:QIIrbJK4
Score

1^/10
behavioral20 behavioral21
- Target
  
  omsdk-v1.js
- Size
  
  38KB
- MD5
  
  ad0804e22766a82341b4cbe639b526cf
- SHA1
  
  a1458ea624e10faaaf141db97d90ccfcb7f3c075
- SHA256
  
  4c61d4b14a471fe10f71845713be9417cfbd90222a41c9c8023e915a231a3be2
- SHA512
  
  a68e23dd287626a3670b1fd52a3cb18a158d3d7636b1a1bc473f61fb213f70a8488dc6c830ac53a3653f4457e74c71a2483992c3d2d69f586c89f810f2bb0907
- SSDEEP
  
  768:RRB6W8jP2VVh4gKqf3y6iPxjggbtoPqaK57Q2/9vt5ZBFus9cAZhmUs+2ZnIezGp:RRBv872zf3anxoPqaK57Q2/9vt5ZBF5J
Score

1^/10
behavioral22 behavioral23
- Target
  
  spark_animation.json
- Size
  
  21KB
- MD5
  
  cc27de11d0bd8588133b176f8969a271
- SHA1
  
  bdb77ac1ed95fa62c02fb0eea30b9762004ef479
- SHA256
  
  c3cd8c85294f0ae771c47f3878259114c4bee3fa53b0942a30cbf557074791e2
- SHA512
  
  c614dc62b62183107780a69a536cc35117c6d67e7d849789dd46e0317e743fca7ced2e83a372cfa1a7abd81cc991859f0b6da690d6b25274a232452b80ecdd52
- SSDEEP
  
  384:9Ig9+sIo0HOsye4ZU/LuCeVb4Z+N8ZZs2atsGBG4yV7NLF:9IeCo/ne3QarsPsKG9NLF
Score

3^/10
behavioral24 behavioral25
- Target
  
  splash.json
- Size
  
  9KB
- MD5
  
  315f0eff51eec29891a1f9a97fccee9c
- SHA1
  
  d5bb01f799ad830eb1bb139eb6e7aee7b1be1739
- SHA256
  
  e86434f3cdf1efd908e5b5773d3a90a0a9a604dec9446e207aa781665edfe908
- SHA512
  
  953de0bd4d118cc2a63d32e861715c1cba20853d157144893436efb5762127a34cc18f66c7f0e515221a2de4c03f417b1b3caa998ae160c8e71ba1d53d14ec15
- SSDEEP
  
  192:lQ1PL3Mt1FF8MSlAFF8rrn3b9UGQg+F8OktrzPKt1FCBVxVpdq:lKKTR0CGFy5k5zXjO
Score

3^/10
behavioral26 behavioral27
- Target
  
  supplierconfig.json
- Size
  
  136B
- MD5
  
  a288112eab3cd5e225eff0819a5d70ad
- SHA1
  
  3b584f17eb7666b091bf677c7e61a8a6079b3c93
- SHA256
  
  a017687549108f8d1aa190ce82479938521f09a018c405e3a1394b85d142a896
- SHA512
  
  da36ed04d079bbb70b1efaf4318db0cd1879e3888a95749121305520f8c79e84c3235abb00e2a22823a4c7038281054b4cc5cb4e1515d4c55615c75cbaa0290f
Score

3^/10
behavioral28 behavioral29
- Target
  
  tt_mime_type.pro
- Size
  
  51KB
- MD5
  
  cb785fde908a09e38366cb084ac2b738
- SHA1
  
  1cc3eb6156955e5afe9270bce65b5e29dea7eefa
- SHA256
  
  16ac07012233f98eb40e45191c9783fa9eea65fba35444410f7f9c3eb8f72c16
- SHA512
  
  21a056284fea2d48529705e809e7dcc9e48d16ae18bcd4485dc34844b61e47c1f4234a277afa0700911fbc811d3f9056b48c355b614dc5b0e844a8e20e15a5b0
- SSDEEP
  
  1536:ZOMJkaMOe+y70nzC6ZL9ESV3YmTE1kuI1s1Z7988O8MzGtiTUGQAs1obo1z9ws8u:ZOMJkaMOe+y70nzC6ZL9ESV3YmTE1kub
Score

3^/10
behavioral30 behavioral31
- Target
  
  tt_na.czl
- Size
  
  2KB
- MD5
  
  613e5f728f632901e721cae4d41588e1
- SHA1
  
  a29a6dbb6834d0dc868f4decae8291468cb2afd9
- SHA256
  
  e3302e023616e1a4df27662b882b2d11fb28271bd12907d944a3deda38e51832
- SHA512
  
  55e98d711f2a682c9faadd9510108c0d8428642f511ef6f497b32f7b6bbc23ff34a4efd308486340254b3fab1203a16015a02ad10cb0c6290ed83872520409d7
Score

3^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks known Qemu pipes.

Loads dropped Dex/Jar

Reads information about phone network operator.

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32