Overview

overview

8

Static

static

6

8ea8c506cd...da.apk

android-9-x86

8

aisdk_qtt.apk

android-9-x86

aisdk_qtt.apk

android-10-x64

aisdk_qtt.apk

android-11-x64

gdtadv2.apk

android-9-x86

night.apk

android-9-x86

night.apk

android-10-x64

night.apk

android-11-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8ea8c506cd1732ba60c230b9985ec9cb2d37f487f12a6384d569b7b9df11fada

  • Size

    31.3MB

  • Sample

    231223-zmdkxabaa6

  • MD5

    138c861b1d352bc97f43a7b4cb886cd5

  • SHA1

    646e4db9fbba604c4d03da53d3c165d66f2c7152

  • SHA256

    8ea8c506cd1732ba60c230b9985ec9cb2d37f487f12a6384d569b7b9df11fada

  • SHA512

    c9788a425b60a0b3064c6bcd879cb869fe105e1786b726f54aa70e0644f70b1e0b15ad2705aaced01400bbd58e78e5bad3c9f142f36bdf575f6fb0e67a820ac5

  • SSDEEP

    786432:+jfI1EJhMnadYVgGjPkCbNnaXsDQO1Tyfz0ecf8813W6:+AEWadYVkUaXvOJnfB1R

Score
8/10
androidevasion

Malware Config

Targets

    • Target

      8ea8c506cd1732ba60c230b9985ec9cb2d37f487f12a6384d569b7b9df11fada

    • Size

      31.3MB

    • MD5

      138c861b1d352bc97f43a7b4cb886cd5

    • SHA1

      646e4db9fbba604c4d03da53d3c165d66f2c7152

    • SHA256

      8ea8c506cd1732ba60c230b9985ec9cb2d37f487f12a6384d569b7b9df11fada

    • SHA512

      c9788a425b60a0b3064c6bcd879cb869fe105e1786b726f54aa70e0644f70b1e0b15ad2705aaced01400bbd58e78e5bad3c9f142f36bdf575f6fb0e67a820ac5

    • SSDEEP

      786432:+jfI1EJhMnadYVgGjPkCbNnaXsDQO1Tyfz0ecf8813W6:+AEWadYVkUaXvOJnfB1R

    Score
    8/10
    evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Checks Android system properties for emulator presence.

    • Checks known Qemu files.

      Checks for known Qemu files that exist on Android virtual device images.

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads information about phone network operator.

    • Listens for changes in the sensor environment (might be used to detect emulation)

      evasion
    behavioral1

    • Target

      aisdk_qtt.jar

    • Size

      820KB

    • MD5

      aa7aa46f0cd80e489f94b8bfdb33aaaf

    • SHA1

      df529afef261f9dea7d80557162206c86106e89e

    • SHA256

      e0acfa01e36b962d1c1c9191557a938efdf3246f419f1eb6c9df29e0c196cc68

    • SHA512

      f7ef44c13ef790865e58a529f573bf4290b4574a842a9ee219cae8bce3dbc5690f46e34c4172fb211291f52cb7d1efde1b24cf45702cf155a9601276486222f5

    • SSDEEP

      12288:WmA/F/9YtyTRLPytq8bbpbXrohN0CP1WCChQ0e39EX1xYugVYPNNvZTlRQ1CAdL:NA/JwyTJgvbBCN0Y1WCrNchg2BygK

    Score
    1/10
    behavioral2behavioral3behavioral4

    • Target

      gdtadv2.jar

    • Size

      650KB

    • MD5

      5eaa0ab055f88d1710a1c680cced039d

    • SHA1

      3cd78c640c175d8f41c981dec45da2e0671659fa

    • SHA256

      629ce3d46af2e307c50aa0a8b6a4649c07f15c9bb0ab074dc9e3c42d452223c5

    • SHA512

      fa0e514c183962c89a2f27d680768542628a031312300de7d1574490920057975f227fe9e95e2a1c3cef399f755686b40ca926a4db6e582f7c5a07277f072c13

    • SSDEEP

      12288:2o/eAqlTYNTbHulJeTcMZH2rNp8OwazS5skPAZl9xHlUaE3OdKFwEUSsielxE:2o/ea32e4MZH2rNpHwsbkPApp1qwNSsw

    Score
    1/10
    behavioral5

    • Target

      night.skin

    • Size

      70KB

    • MD5

      2793cd09b43ba1a6819ed0fa01702b34

    • SHA1

      ab91b82a49950896b959e80eb0543f794ee66a55

    • SHA256

      30504b9231ff7422c7dce9247d45aa78c8dda42b2a2c9cdc3905649b2e7507d4

    • SHA512

      007b0905733d87460a73a6c45578507709a486eb98a1fc57e604e1ef3e98fdb291ec60061efeb89fe5bd588fa097211704ea03c77422d0599d1c08703b399336

    • SSDEEP

      1536:y3nABj0m6fJ3h+hAd4s6zyLI7XV40BsTqqqEx+G4WUya5XMCru1/Jru:ywBj0m6m62gsC0BscE54hSC

    Score
    1/10
    behavioral6behavioral7behavioral8

MITRE ATT&CK Matrix

Tasks