872d6f98c87cc9f9c7a447db24828ea9e00fc67d9eaa60cac45695f575c0e734 | Triage

Submit
Reports

Overview

overview

8

Static

static

6

872d6f98c8...34.apk

android-9-x86

8

872d6f98c8...34.apk

android-10-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

872d6f98c87cc9f9c7a447db24828ea9e00fc67d9eaa60cac45695f575c0e734
Size

20.5MB
Sample

231220-f3d2tsdean
MD5

228194ec93d0130e26bb18d34dadfd46
SHA1

9b14f15412fdc3a7b370d07fdbb0ddb132cab4ba
SHA256

872d6f98c87cc9f9c7a447db24828ea9e00fc67d9eaa60cac45695f575c0e734
SHA512

8050a23a47c87fae5fda7dd379e81a35742c00bb55bf221744a47674b6630ffcfcb4617968fda0c231683c3a4da0bcb96ba55c60dd65f68abbc8cab18f9caf11
SSDEEP

393216:FmLO2sJA35z7A79L++0r1mbgafiubcLZXbfT9i/zVN2I+TXq1kKpPbNiRSKcsjJ4:owJA35z7c58BmbBffcVX9i/zVN2IkaOk

Score

8^/10

android banker stealth trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

872d6f98c87cc9f9c7a447db24828ea9e00fc67d9eaa60cac45695f575c0e734.apk

Resource

android-x86-arm-20231215-en

banker stealth trojan

android-9-x86

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

872d6f98c87cc9f9c7a447db24828ea9e00fc67d9eaa60cac45695f575c0e734.apk

Resource

android-x64-20231215-en

banker stealth trojan

android-10-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  872d6f98c87cc9f9c7a447db24828ea9e00fc67d9eaa60cac45695f575c0e734
- Size
  
  20.5MB
- MD5
  
  228194ec93d0130e26bb18d34dadfd46
- SHA1
  
  9b14f15412fdc3a7b370d07fdbb0ddb132cab4ba
- SHA256
  
  872d6f98c87cc9f9c7a447db24828ea9e00fc67d9eaa60cac45695f575c0e734
- SHA512
  
  8050a23a47c87fae5fda7dd379e81a35742c00bb55bf221744a47674b6630ffcfcb4617968fda0c231683c3a4da0bcb96ba55c60dd65f68abbc8cab18f9caf11
- SSDEEP
  
  393216:FmLO2sJA35z7A79L++0r1mbgafiubcLZXbfT9i/zVN2I+TXq1kKpPbNiRSKcsjJ4:owJA35z7c58BmbBffcVX9i/zVN2IkaOk
Score

8^/10

banker stealth trojan
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker
- Removes its main activity from the application launcher
  stealth trojan
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Acquires the wake lock
- Queries the unique device ID (IMEI, MEID, IMSI)
- Reads information about phone network operator.
- Requests cell location
  Uses Android APIs to to get current cell information.
- Requests dangerous framework permissions
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bankerstealthtrojan

behavioral2

bankerstealthtrojan

© 2018-2025

Terms | Privacy