bahamut | b65a8edc06bbeb598e495ccc44dc40e77ab2ef0ab11e136a0a10c24970640b42 | Triage

Submit
Reports

Overview

overview

Static

static

b65a8edc06...42.apk

android-9-x86

7

b65a8edc06...42.apk

android-11-x64

7

Sharing

General

Target

b65a8edc06bbeb598e495ccc44dc40e77ab2ef0ab11e136a0a10c24970640b42
Size

31.7MB
Sample

240410-q1lzrsch3z
MD5

20e66b734fa959145a8ef75d2e6cdffb
SHA1

3144b187edf4309263ff0bcfd02c6542704145b1
SHA256

b65a8edc06bbeb598e495ccc44dc40e77ab2ef0ab11e136a0a10c24970640b42
SHA512

903b6322d92c310162e0abc356bdc5daa40c57095655b653564d29c89bf8803e155885ecdfac4820687e86e4d0311badd7cc52cc9ca59ca6b4b55d88edd9177b
SSDEEP

786432:Gx3Em1OMtghYsVYzTKU86F+VQF9Fks7J5oX063p:GJEt8gh72Tl8+ko9Gsdax3p

Score

10^/10

bahamut android collection evasion persistence

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

b65a8edc06bbeb598e495ccc44dc40e77ab2ef0ab11e136a0a10c24970640b42.apk

Resource

android-x86-arm-20240221-en

collection evasion persistence

android-9-x86

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

b65a8edc06bbeb598e495ccc44dc40e77ab2ef0ab11e136a0a10c24970640b42.apk

Resource

android-x64-arm64-20240221-en

collection evasion persistence

android-11-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

bahamut

C2

https://ft8hua063okwfdcu21pw.de/api/v0.0.1/device/

Targets

- Target
  
  b65a8edc06bbeb598e495ccc44dc40e77ab2ef0ab11e136a0a10c24970640b42
- Size
  
  31.7MB
- MD5
  
  20e66b734fa959145a8ef75d2e6cdffb
- SHA1
  
  3144b187edf4309263ff0bcfd02c6542704145b1
- SHA256
  
  b65a8edc06bbeb598e495ccc44dc40e77ab2ef0ab11e136a0a10c24970640b42
- SHA512
  
  903b6322d92c310162e0abc356bdc5daa40c57095655b653564d29c89bf8803e155885ecdfac4820687e86e4d0311badd7cc52cc9ca59ca6b4b55d88edd9177b
- SSDEEP
  
  786432:Gx3Em1OMtghYsVYzTKU86F+VQF9Fks7J5oX063p:GJEt8gh72Tl8+ko9Gsdax3p
Score

7^/10

collection evasion persistence
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Reads the contacts stored on the device.
  collection
- Reads the content of the call log.
  collection
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

collectionevasionpersistence

behavioral2

collectionevasionpersistence

© 2018-2024

Terms | Privacy