fakecalls | 703d36404e1e9bb74172bc7be5e3cfb8ffad4a6a4bee54ee0ab18deae3d105d5 | Triage

Sharing

General

Target

703d36404e1e9bb74172bc7be5e3cfb8ffad4a6a4bee54ee0ab18deae3d105d5
Size

14.8MB
Sample

231220-aahxesdbh4
MD5

a05dcab001a60974ffe00af3b8cdd52f
SHA1

af438a9279d1e4c3cba7bf710c6a90d4283c66dc
SHA256

703d36404e1e9bb74172bc7be5e3cfb8ffad4a6a4bee54ee0ab18deae3d105d5
SHA512

bb4ab06a23bdcbfa9ac0a4fbeb3a7f17919755c3ab1e2319895fdc97ea0978101817fea1a2a41a86e4085c5beb22ca1e54e44d664854c58b303abb0616ddcc91
SSDEEP

393216:zO0kOdzbiqHYTm5y4Cv9O+zShcnF+Ml5QBYLK0sBPuF:60tvbZhCZSQFtQBYLKXm

Score

10^/10

fakecalls android banker infostealer rat trojan

Malware Config

Targets

- Target
  
  703d36404e1e9bb74172bc7be5e3cfb8ffad4a6a4bee54ee0ab18deae3d105d5
- Size
  
  14.8MB
- MD5
  
  a05dcab001a60974ffe00af3b8cdd52f
- SHA1
  
  af438a9279d1e4c3cba7bf710c6a90d4283c66dc
- SHA256
  
  703d36404e1e9bb74172bc7be5e3cfb8ffad4a6a4bee54ee0ab18deae3d105d5
- SHA512
  
  bb4ab06a23bdcbfa9ac0a4fbeb3a7f17919755c3ab1e2319895fdc97ea0978101817fea1a2a41a86e4085c5beb22ca1e54e44d664854c58b303abb0616ddcc91
- SSDEEP
  
  393216:zO0kOdzbiqHYTm5y4Cv9O+zShcnF+Ml5QBYLK0sBPuF:60tvbZhCZSQFtQBYLKXm
Score

10^/10

fakecalls banker infostealer rat trojan
- FakeCalls
  FakeCalls is an Android banking trojan first seen in April 2022.
  rat trojan infostealer banker fakecalls
- Declares services with permission to bind to the system
- Legitimate hosting services abused for malware hosting/C2
- Requests dangerous framework permissions
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

fakecallsbankerinfostealerrattrojan

behavioral3