18832427a4a7dd1c2960a40fc13fc0dfc5357ecafdf7dae9f89d721f4138bc25 | Triage

Resubmissions

02-04-2024 06:58

240402-hrp13aae2w 8

13-08-2020 12:07

200813-m8qffw1xej 10

Sharing

General

Target

18832427a4a7dd1c2960a40fc13fc0dfc5357ecafdf7dae9f89d721f4138bc25
Size

1.6MB
Sample

240402-hrp13aae2w
MD5

b8d3cd2eed88a3dbd30e1447c1add48b
SHA1

c21e13d788b4c177829ac43b8bd4c71487fe41f5
SHA256

18832427a4a7dd1c2960a40fc13fc0dfc5357ecafdf7dae9f89d721f4138bc25
SHA512

fe012a29fc00b8d76f9c293ca42618edeca8e2eec41f8117513ed162b3e9a178d2ee5ca3e9abcab0cc423c03c2d0b9a3867f428b9ed9f75cb06bfcbc8ab540f3
SSDEEP

49152:CyLC2HJXfWuJASAW5Gxxqa3j+SuqWTSMJR:7C2pXMSAWW3juI6R

Score

8^/10

android collection evasion persistence stealth trojan

Malware Config

Targets

- Target
  
  18832427a4a7dd1c2960a40fc13fc0dfc5357ecafdf7dae9f89d721f4138bc25
- Size
  
  1.6MB
- MD5
  
  b8d3cd2eed88a3dbd30e1447c1add48b
- SHA1
  
  c21e13d788b4c177829ac43b8bd4c71487fe41f5
- SHA256
  
  18832427a4a7dd1c2960a40fc13fc0dfc5357ecafdf7dae9f89d721f4138bc25
- SHA512
  
  fe012a29fc00b8d76f9c293ca42618edeca8e2eec41f8117513ed162b3e9a178d2ee5ca3e9abcab0cc423c03c2d0b9a3867f428b9ed9f75cb06bfcbc8ab540f3
- SSDEEP
  
  49152:CyLC2HJXfWuJASAW5Gxxqa3j+SuqWTSMJR:7C2pXMSAWW3juI6R
Score

8^/10

evasion persistence stealth trojan collection
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion
- Removes its main activity from the application launcher
  stealth trojan evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Requests enabling of the accessibility settings.
- Acquires the wake lock
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Foreground Persistence

Hide Artifacts

Suppress Application Icon

Input Injection

Credential Access

Discovery

Lateral Movement

Collection

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

evasionpersistencestealthtrojan

behavioral2

evasionpersistencestealthtrojan

behavioral3

collectionevasionpersistence

behavioral4

evasionpersistencestealthtrojan