dracarys | 220fcfa47a11e7e3f179a96258a5bb69914c17e8ca7d0fdce44d13f1f3229548 | Triage

Sharing

General

Target

220fcfa47a11e7e3f179a96258a5bb69914c17e8ca7d0fdce44d13f1f3229548
Size

12.7MB
Sample

240410-ly97csee7x
MD5

07532dea34c87ea2c91d2e035ed5dc87
SHA1

04ec835ae9240722db8190c093a5b2a7059646b1
SHA256

220fcfa47a11e7e3f179a96258a5bb69914c17e8ca7d0fdce44d13f1f3229548
SHA512

270319f1a8a8fe9e19a78741cdcdf5f7c62d3072e55ea68a8c5ecb154bea9fb0895d1562164a0a04ffac19cd2bfa760ee219e3e0ef3890ccce564ace0c1f51ea
SSDEEP

196608:A8ULZA2UNZPFyeRlQbQ4Waex2Jg6K3KVSOjQHITUI8KgYeX1EVsf6lCJwtBD/SZP:qqdZPFyeR2b/WWO3K75Uv5JEVsaUwtNu

Score

10^/10

dracarys android banker collection discovery

Malware Config

Extracted

Family

dracarys

Version

v3

C2

https://youtubepremiumapp.com

Attributes

uri
v3/pull/task

v3/push/result

v3/report/apps

v3/report/attempt

v3/report/basic-info

v3/report/calls

v3/report/contacts

v3/report/file-paths

v3/report/hum

v3/report/message

v3/report/ruby

v3/report/sms

v3/report/storage/root

v3/report/wink

v3/request/file-paths

v3/request/heartbeat

v3/request/hum

v3/request/tasks

v3/request/wink

v3/sync/file

Targets

- Target
  
  220fcfa47a11e7e3f179a96258a5bb69914c17e8ca7d0fdce44d13f1f3229548
- Size
  
  12.7MB
- MD5
  
  07532dea34c87ea2c91d2e035ed5dc87
- SHA1
  
  04ec835ae9240722db8190c093a5b2a7059646b1
- SHA256
  
  220fcfa47a11e7e3f179a96258a5bb69914c17e8ca7d0fdce44d13f1f3229548
- SHA512
  
  270319f1a8a8fe9e19a78741cdcdf5f7c62d3072e55ea68a8c5ecb154bea9fb0895d1562164a0a04ffac19cd2bfa760ee219e3e0ef3890ccce564ace0c1f51ea
- SSDEEP
  
  196608:A8ULZA2UNZPFyeRlQbQ4Waex2Jg6K3KVSOjQHITUI8KgYeX1EVsf6lCJwtBD/SZP:qqdZPFyeR2b/WWO3K75Uv5JEVsaUwtNu
Score

8^/10

banker collection discovery
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Queries account information for other applications stored on the device.
  Application may abuse the framework's APIs to collect account information stored on the device.
  collection
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Reads the contacts stored on the device.
  collection
- Reads the content of photos stored on the user's device.
  collection
- Reads the content of the call log.
  collection
- Acquires the wake lock
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Software Discovery

Security Software Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Data from Local System

Protected User Data

Call Log

Contact List

Stored Application Data

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bankercollectiondiscovery

behavioral2

bankercollectiondiscovery

behavioral3

bankercollectiondiscovery