donot | a4d6c718a5978643439f9373630a72f738b763b535fa7e945e4adb5c1b75ab89 | Triage

Sharing

General

Target

a4d6c718a5978643439f9373630a72f738b763b535fa7e945e4adb5c1b75ab89
Size

4.6MB
Sample

240311-p1cwesfc25
MD5

26850d7b5e900b2e00c8c610c1294a78
SHA1

ea614dc5d898dbe71c080aefb3f74316d3a704ea
SHA256

a4d6c718a5978643439f9373630a72f738b763b535fa7e945e4adb5c1b75ab89
SHA512

2bc27f68407644aa7cacc38f62dde268814061a52c5af8941618afdab04a8bab76d70d4c627ccf462032a093afc2f9067eb87171ad21770ff29b1f9d290e90ac
SSDEEP

98304:4CPxFWBArsnkT8G9CKBEkl30pfo+ps2ZrahjEEjHeK:xHdrKTGcK2c3qA+ej56K

Score

10^/10

donot android collection evasion

Malware Config

Extracted

Family

donot

C2

https://capsup.buzz/

https://toolgpt.buzz

Targets

- Target
  
  a4d6c718a5978643439f9373630a72f738b763b535fa7e945e4adb5c1b75ab89
- Size
  
  4.6MB
- MD5
  
  26850d7b5e900b2e00c8c610c1294a78
- SHA1
  
  ea614dc5d898dbe71c080aefb3f74316d3a704ea
- SHA256
  
  a4d6c718a5978643439f9373630a72f738b763b535fa7e945e4adb5c1b75ab89
- SHA512
  
  2bc27f68407644aa7cacc38f62dde268814061a52c5af8941618afdab04a8bab76d70d4c627ccf462032a093afc2f9067eb87171ad21770ff29b1f9d290e90ac
- SSDEEP
  
  98304:4CPxFWBArsnkT8G9CKBEkl30pfo+ps2ZrahjEEjHeK:xHdrKTGcK2c3qA+ej56K
Score

8^/10

collection evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion
- Acquires the wake lock
behavioral1 behavioral2

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

Credential Access

Discovery

Lateral Movement

Collection

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

collectionevasion

behavioral2

collectionevasion