833e552b9b64e49564bed2d214ab5a2a36c2b2e0d842ec8dbccfe333b4df131b | Triage

Sharing

General

Target

Idle-Lumber-Empire_1.9.1_mod.apk
Size

128.0MB
Sample

240327-vzld3acb61
MD5

070539669351b1f4a25ec9f3720c210b
SHA1

68cee072d74d4f35b13799aac8cf5e326d638a17
SHA256

833e552b9b64e49564bed2d214ab5a2a36c2b2e0d842ec8dbccfe333b4df131b
SHA512

d830faddb9ec65a03cdef8a49ce5881cdd2f538d6a39d3f73fc1506c72149683d4bc373bfd0cca21b28b1c17c10e79685adf3ff74c98628de0acc17d9f7c2292
SSDEEP

3145728:HrRzg4uy0NnsvrWNWam88rA11evqSGJpUerhR8xIIjGO8R1m:HrRMny+svsdm8wEEdGlO86

Score

8^/10

android banker discovery evasion

Malware Config

Targets

- Target
  
  Idle-Lumber-Empire_1.9.1_mod.apk
- Size
  
  128.0MB
- MD5
  
  070539669351b1f4a25ec9f3720c210b
- SHA1
  
  68cee072d74d4f35b13799aac8cf5e326d638a17
- SHA256
  
  833e552b9b64e49564bed2d214ab5a2a36c2b2e0d842ec8dbccfe333b4df131b
- SHA512
  
  d830faddb9ec65a03cdef8a49ce5881cdd2f538d6a39d3f73fc1506c72149683d4bc373bfd0cca21b28b1c17c10e79685adf3ff74c98628de0acc17d9f7c2292
- SSDEEP
  
  3145728:HrRzg4uy0NnsvrWNWam88rA11evqSGJpUerhR8xIIjGO8R1m:HrRMny+svsdm8wEEdGlO86
Score

8^/10

banker discovery evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Reads information about phone network operator.
  discovery
- Checks the presence of a debugger
  evasion
- Listens for changes in the sensor environment (might be used to detect emulation)
  evasion
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Hide Artifacts

User Evasion

Credential Access

Discovery

Software Discovery

Security Software Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bankerdiscoveryevasion