General
-
Target
MEmu-setup-abroad-sdk-20240322.exe
-
Size
23.0MB
-
Sample
240322-lkjggscg8w
-
MD5
f9ce897d93d4f77bca3cca8541a8addb
-
SHA1
4ac5a68266c842fb997fd755c9d10d1975baa71f
-
SHA256
89174acde0ea21562e6186847ba7d12aacd9b2b2132f456dd8335680daadd9a9
-
SHA512
57ad25f1a3b1514e579fd9f61102d0e6ea42e32bb9371fa447ab6e8c4403a018ee5b1959f3038dd591c930ecc4b535abe6851693334a67542acb7877152b0a6a
-
SSDEEP
393216:w95Rjktqn778Sd3o+83Jsv6tWKFdu9CwvUiPbKv647n+YlmYz:MRjkG7Iq3oOD2vegm0
Malware Config
Targets
-
-
Target
MEmu-setup-abroad-sdk-20240322.exe
-
Size
23.0MB
-
MD5
f9ce897d93d4f77bca3cca8541a8addb
-
SHA1
4ac5a68266c842fb997fd755c9d10d1975baa71f
-
SHA256
89174acde0ea21562e6186847ba7d12aacd9b2b2132f456dd8335680daadd9a9
-
SHA512
57ad25f1a3b1514e579fd9f61102d0e6ea42e32bb9371fa447ab6e8c4403a018ee5b1959f3038dd591c930ecc4b535abe6851693334a67542acb7877152b0a6a
-
SSDEEP
393216:w95Rjktqn778Sd3o+83Jsv6tWKFdu9CwvUiPbKv647n+YlmYz:MRjkG7Iq3oOD2vegm0
Score10/10-
AhMyth
AhMyth is an open source Android remote administration tool.
-
Guerrilla
Guerrilla is an Android malware used by the Lemon Group threat actor.
-
Guerrilla payload
-
Mandrake
Mandrake is an Android spyware first seen in 2020.
-
Mandrake payload
-
Drops file in Drivers directory
-
Checks for any installed AV software in registry
-
Downloads MZ/PE file
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1