d01ea0ca48173c31e9f2179eab34a4fc08329618eae19ffc1be5f2bea4b4c438

Sharing

Copy URL Twitter E-mail

General

Target

d01ea0ca48173c31e9f2179eab34a4fc08329618eae19ffc1be5f2bea4b4c438
Size

15.4MB
Sample

231224-ewdbaafdfp
MD5

87bfb95fc7c33f189be66d6b14edd2bb
SHA1

7b45456441f11cf0a1dbea8ecac89ec412cfe162
SHA256

d01ea0ca48173c31e9f2179eab34a4fc08329618eae19ffc1be5f2bea4b4c438
SHA512

d06a2081d8b159dfe33bb0113769c1eb23cc68e427db42ba02dcfa33211e9d6e512f81ca673311508c14367a39de9997438944fffeb82a2685f999154a0d6806
SSDEEP

393216:vF0ISWZ3yFw7Yw5YACWv5sD7auTsY3QgL5Z+/XmZ0/:vRNuwB61GuT33QgLOL

Score

8^/10

android evasion

Malware Config

Targets

- Target
  
  d01ea0ca48173c31e9f2179eab34a4fc08329618eae19ffc1be5f2bea4b4c438
- Size
  
  15.4MB
- MD5
  
  87bfb95fc7c33f189be66d6b14edd2bb
- SHA1
  
  7b45456441f11cf0a1dbea8ecac89ec412cfe162
- SHA256
  
  d01ea0ca48173c31e9f2179eab34a4fc08329618eae19ffc1be5f2bea4b4c438
- SHA512
  
  d06a2081d8b159dfe33bb0113769c1eb23cc68e427db42ba02dcfa33211e9d6e512f81ca673311508c14367a39de9997438944fffeb82a2685f999154a0d6806
- SSDEEP
  
  393216:vF0ISWZ3yFw7Yw5YACWv5sD7auTsY3QgL5Z+/XmZ0/:vRNuwB61GuT33QgLOL
Score

8^/10

evasion
- Requests cell location
  Uses Android APIs to to get current cell location.
- Checks Android system properties for emulator presence.
- Checks known Qemu files.
  Checks for known Qemu files that exist on Android virtual device images.
- Checks known Qemu pipes.
  Checks for known pipes used by the Android emulator to communicate with the host.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Reads information about phone network operator.
- Listens for changes in the sensor environment (might be used to detect emulation)
  evasion
behavioral1
- Target
  
  0.jar
- Size
  
  53KB
- MD5
  
  3cba35cc03009a26de0d3d3f7d9f1875
- SHA1
  
  4ac2750728346bff384ade1c2469d91d4b4465a5
- SHA256
  
  c687f3a7381845e6f884084b4042ee6cbb135811bb247b3f57473ac55be11e2a
- SHA512
  
  68f87ca5b574fbe7edbb3b246efd28b3de431fb21659f2acfeaa721920fde1ddacdc5fb3df5cfc8bcd07f6c3ff4bdbe3983ce6df6311028b198ba60364d609f2
- SSDEEP
  
  768:lRpwTOTTvyT2q4eeJAlqeYK8LuCgNcWGapPO/C9E0NoQ6zHZf2kOStZkr1MH/PRY:lfjvNFDJAEwCBoOmjoTAYZkr1MH/m
Score

1^/10
behavioral2 behavioral3 behavioral4
- Target
  
  dynamic.jar
- Size
  
  61KB
- MD5
  
  feaeaf3f8d9fdaed3095dbd5d1ffdb92
- SHA1
  
  ac1e431fc2935ebb22ed56044c53b4025b7cf96b
- SHA256
  
  c31e4eba733516ce01420e456aff8a2402229e49e686d725df70a3195ea5fdbf
- SHA512
  
  97a6e454919138c2425635ea4db90cf4055adef80197407562e2fb09df26dfe5410fba59326f07d050e0179986303a22b6252ee5634ee36badaff251306493c8
- SSDEEP
  
  1536:z9IoCSrEA6bqMtdPpCliajkfgYWdOFz6v:z9IODwxtXCliahOVe
Score

1^/10
behavioral5 behavioral6 behavioral7
- Target
  
  gdtadv2.jar
- Size
  
  468KB
- MD5
  
  6bfe094580c89ba696ef8772de47a552
- SHA1
  
  210bc4afce84b6e6bb36f97f68f9d3d9d3432643
- SHA256
  
  a884e386bf4ec066c9a82518c354be513182add87107552b1f4cf33dc80bddd4
- SHA512
  
  7ae8c9210957f06eb177fa0472ac1fcf80f0e6b1f308ec1906fe059c38623e404b37c34d9e8702cab66efc7ebfdc5400f1506db89b75a5fd1dd915ec2c2086a5
- SSDEEP
  
  6144:Nz015KiQP/B4tKQ3OTNgdJHqn+9ZMsH5EK9JKp0KMNd4IoCJlv0gxWky9+T2k57:N/Z/B/NgdliEZMs9JhZ4kykTlJ
Score

1^/10
behavioral8
- Target
  
  server.apk
- Size
  
  1.4MB
- MD5
  
  c6c14720b841a07901e89ff83c0886d1
- SHA1
  
  dd03dd48cca04ab42f9c025159192386c1d106cb
- SHA256
  
  e5695b424dad07d70f73fb7ccf10d5868da3499a9616fcbfddfc232c6c6e5523
- SHA512
  
  f873c4a1fb5601ea36164d353884144a721df5cdf173c50ad0838bcae1a5835c2bddc4fbd03b01533ef670d07627f4e1e424622a3f33eeb2121fd466cac9096e
- SSDEEP
  
  24576:El8e9D2ruyq2by3T7wl7LKs8a2G/DQzezD/1t/DnPVgR+8a47irnpFU:E2eN2ruybG3/AvNagnDd5DPVg/irnpFU
Score

7^/10
- Checks known Qemu files.
  Checks for known Qemu files that exist on Android virtual device images.
- Checks known Qemu pipes.
  Checks for known pipes used by the Android emulator to communicate with the host.
- Reads information about phone network operator.
behavioral9
- Target
  
  input.jar
- Size
  
  2KB
- MD5
  
  4356213ed83e0f0a6089d72e56a67c94
- SHA1
  
  d451b4c366093b527d71f80c7558da78e66c8383
- SHA256
  
  6d82f780fb9b54b8b6b87823a4a7f92f2184824343339d2dca3362a7f9d27bfa
- SHA512
  
  6aa127a8dd0b75412b5aea01d8be25a33f368358ffa0b2a25422b4d8c930ea04d6b03ba8a16cb44f643c2b62017863892c497c36bfbbf3d08b0390fc4647fa3b
Score

1^/10
behavioral10 behavioral11 behavioral12
- Target
  
  plugin.apk
- Size
  
  14KB
- MD5
  
  e1bb42d58db8d35b26f8bda6042974af
- SHA1
  
  430abc95e98b08d3d24849dd95004b439fdec704
- SHA256
  
  88f427d1c6c5ac8621cc07d0b0f4469223209f6c36125dd543ec293e9daa1d2c
- SHA512
  
  784914faf26bfa3c170165d63f5defe18684ac2dc7ef33b9ae2123f0f151bc4529a552d927507efde7e3f3b111b8e8503d2b5afb29e0ef9bcbd9389f31bafbe8
- SSDEEP
  
  384:Z53eMx2myBNI7T1T28nG38oTOtkDTyCN1wz/B:Z5OMx/ySl28GsIOtkDTygc5
Score

1^/10
behavioral13 behavioral14 behavioral15

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Targets

Requests cell location

Checks Android system properties for emulator presence.

Checks known Qemu files.

Checks known Qemu pipes.

Loads dropped Dex/Jar

Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation)

Checks known Qemu files.

Checks known Qemu pipes.

Reads information about phone network operator.

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15