18832427a4a7dd1c2960a40fc13fc0dfc5357ecafdf7dae9f89d721f4138bc25 | Triage

Submit
Reports

Overview

overview

8

Static

static

6

18832427a4...25.apk

android-10-x64

8

18832427a4...25.apk

android-11-x64

8

18832427a4...25.apk

android-13-x64

8

18832427a4...25.apk

android-9-x86

8

Resubmissions

02-04-2024 06:58

240402-hrp13aae2w 8

13-08-2020 12:07

200813-m8qffw1xej 10

Sharing

General

Target

18832427a4a7dd1c2960a40fc13fc0dfc5357ecafdf7dae9f89d721f4138bc25
Size

1.6MB
Sample

240402-hrp13aae2w
MD5

b8d3cd2eed88a3dbd30e1447c1add48b
SHA1

c21e13d788b4c177829ac43b8bd4c71487fe41f5
SHA256

18832427a4a7dd1c2960a40fc13fc0dfc5357ecafdf7dae9f89d721f4138bc25
SHA512

fe012a29fc00b8d76f9c293ca42618edeca8e2eec41f8117513ed162b3e9a178d2ee5ca3e9abcab0cc423c03c2d0b9a3867f428b9ed9f75cb06bfcbc8ab540f3
SSDEEP

49152:CyLC2HJXfWuJASAW5Gxxqa3j+SuqWTSMJR:7C2pXMSAWW3juI6R

Score

8^/10

android collection evasion persistence stealth trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

18832427a4a7dd1c2960a40fc13fc0dfc5357ecafdf7dae9f89d721f4138bc25.apk

Resource

android-x64-20240221-en

evasion persistence stealth trojan

android-10-x64

4 signatures

300 seconds

Behavioral task

behavioral2

Sample

18832427a4a7dd1c2960a40fc13fc0dfc5357ecafdf7dae9f89d721f4138bc25.apk

Resource

android-x64-arm64-20240221-en

evasion persistence stealth trojan

android-11-x64

5 signatures

300 seconds

Behavioral task

behavioral3

Sample

18832427a4a7dd1c2960a40fc13fc0dfc5357ecafdf7dae9f89d721f4138bc25.apk

Resource

android-33-x64-arm64-20240229-en

collection evasion persistence

android-13-x64

5 signatures

300 seconds

Behavioral task

behavioral4

Sample

18832427a4a7dd1c2960a40fc13fc0dfc5357ecafdf7dae9f89d721f4138bc25.apk

Resource

android-x86-arm-20240221-en

evasion persistence stealth trojan

android-9-x86

5 signatures

300 seconds

Malware Config

Targets

- Target
  
  18832427a4a7dd1c2960a40fc13fc0dfc5357ecafdf7dae9f89d721f4138bc25
- Size
  
  1.6MB
- MD5
  
  b8d3cd2eed88a3dbd30e1447c1add48b
- SHA1
  
  c21e13d788b4c177829ac43b8bd4c71487fe41f5
- SHA256
  
  18832427a4a7dd1c2960a40fc13fc0dfc5357ecafdf7dae9f89d721f4138bc25
- SHA512
  
  fe012a29fc00b8d76f9c293ca42618edeca8e2eec41f8117513ed162b3e9a178d2ee5ca3e9abcab0cc423c03c2d0b9a3867f428b9ed9f75cb06bfcbc8ab540f3
- SSDEEP
  
  49152:CyLC2HJXfWuJASAW5Gxxqa3j+SuqWTSMJR:7C2pXMSAWW3juI6R
Score

8^/10

evasion persistence stealth trojan collection
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion
- Removes its main activity from the application launcher
  stealth trojan evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Requests enabling of the accessibility settings.
- Acquires the wake lock
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

evasionpersistencestealthtrojan

behavioral2

evasionpersistencestealthtrojan

behavioral3

collectionevasionpersistence

behavioral4

evasionpersistencestealthtrojan

© 2018-2024

Terms | Privacy