furball | 9156f5bd322306c9038a3bc830e53e7b13c272e121fb70b3b8d7d9968fb97e4f | Triage

Sharing

General

Target

9156f5bd322306c9038a3bc830e53e7b13c272e121fb70b3b8d7d9968fb97e4f
Size

69KB
Sample

231220-jsbqhadef2
MD5

9d3ca081e7fe27e44707d8634c22fc95
SHA1

dc0220f9a43989a4628f4eabd5e963fd80d8f698
SHA256

9156f5bd322306c9038a3bc830e53e7b13c272e121fb70b3b8d7d9968fb97e4f
SHA512

9604dd95da02953da8de0284199036588e5b772deb191831716e1b094be21484cbbf806f60f61ad4214ff4a43e9cd8047290dfc61ae9afec5295c4488dedc249
SSDEEP

1536:Ycw8O+xAvWi3ajP+LCQG2IH/EordhSIZjiJWHErXU6/l/vLSKH:Y9IjiCQEfE2MIZ2JkErR1LP

Score

10^/10

furball android evasion stealth trojan

Malware Config

Extracted

Family

furball

C2

http://www.firmwaresystemupdate.com/oth

Targets

- Target
  
  9156f5bd322306c9038a3bc830e53e7b13c272e121fb70b3b8d7d9968fb97e4f
- Size
  
  69KB
- MD5
  
  9d3ca081e7fe27e44707d8634c22fc95
- SHA1
  
  dc0220f9a43989a4628f4eabd5e963fd80d8f698
- SHA256
  
  9156f5bd322306c9038a3bc830e53e7b13c272e121fb70b3b8d7d9968fb97e4f
- SHA512
  
  9604dd95da02953da8de0284199036588e5b772deb191831716e1b094be21484cbbf806f60f61ad4214ff4a43e9cd8047290dfc61ae9afec5295c4488dedc249
- SSDEEP
  
  1536:Ycw8O+xAvWi3ajP+LCQG2IH/EordhSIZjiJWHErXU6/l/vLSKH:Y9IjiCQEfE2MIZ2JkErR1LP
Score

8^/10

evasion stealth trojan
- Removes its main activity from the application launcher
  stealth trojan
- Acquires the wake lock
- Listens for changes in the sensor environment (might be used to detect emulation)
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

evasionstealthtrojan

behavioral3

evasionstealthtrojan