bahamut | 767744f41c8feb141369122e5d3d75b636ccc63ecef3865b82e8420ee44ec19b | Triage

Sharing

General

Target

767744f41c8feb141369122e5d3d75b636ccc63ecef3865b82e8420ee44ec19b
Size

31.7MB
Sample

240410-n6jeqaaa3x
MD5

babbd2b9f9267b43cd8abf8e6bca5b10
SHA1

79bd0bdfdc3645531c6285c3eb7c24cd0d6b0faf
SHA256

767744f41c8feb141369122e5d3d75b636ccc63ecef3865b82e8420ee44ec19b
SHA512

99471ff424f85d19488e982cc7af0562a02ff9c6dc2bf0fa480fdcaef423a7fbdf4c32bcfee68c51efa46e74e29f8e86907b0550e7445025d547f1949f1250a0
SSDEEP

786432:WB3Em1PXhYsVpTJt9DU86F+VQ5+XoX063L7JE:W5EeXh7XTDy8+kO+Yx3LdE

Score

10^/10

bahamut android collection evasion persistence

Malware Config

Extracted

Family

bahamut

C2

https://ft8hua063okwfdcu21pw.de/api/v0.0.1/device/

Targets

- Target
  
  767744f41c8feb141369122e5d3d75b636ccc63ecef3865b82e8420ee44ec19b
- Size
  
  31.7MB
- MD5
  
  babbd2b9f9267b43cd8abf8e6bca5b10
- SHA1
  
  79bd0bdfdc3645531c6285c3eb7c24cd0d6b0faf
- SHA256
  
  767744f41c8feb141369122e5d3d75b636ccc63ecef3865b82e8420ee44ec19b
- SHA512
  
  99471ff424f85d19488e982cc7af0562a02ff9c6dc2bf0fa480fdcaef423a7fbdf4c32bcfee68c51efa46e74e29f8e86907b0550e7445025d547f1949f1250a0
- SSDEEP
  
  786432:WB3Em1PXhYsVpTJt9DU86F+VQ5+XoX063L7JE:W5EeXh7XTDy8+kO+Yx3LdE
Score

7^/10

collection evasion persistence
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Reads the contacts stored on the device.
  collection
- Reads the content of the call log.
  collection
behavioral1 behavioral2

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Defense Evasion

Foreground Persistence

Credential Access

Discovery

Lateral Movement

Collection

Protected User Data

Call Log

Contact List

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

collectionevasionpersistence

behavioral2