bahamut | a40c7cabf874517f5d3d069e0377fa9348e10344000e39717c1a6571939ba7c0 | Triage

Submit
Reports

Overview

overview

Static

static

a40c7cabf8...c0.apk

android-9-x86

8

a40c7cabf8...c0.apk

android-13-x64

Sharing

General

Target

a40c7cabf874517f5d3d069e0377fa9348e10344000e39717c1a6571939ba7c0
Size

29.1MB
Sample

240410-qeqqtsgg76
MD5

54a85378f28085923115ee44f540ff8a
SHA1

2e40f7fd49fa8538879f90a85300247fbf2f8f67
SHA256

a40c7cabf874517f5d3d069e0377fa9348e10344000e39717c1a6571939ba7c0
SHA512

853d315b460f899c3b4e7e2d6e071763dea1f4c58f8ea1547d8a234eda12e7ee8a1b2c4c5f51f7f4074061f3c50dc5e1892e33520d0b7eec3a82e3f1c4c74917
SSDEEP

393216:bjd8b3Stod1v3uFwCPwmSPk3biaOhECW1Fypl+W9ESATkXQY0/rBxqHoyvc2IG6a:ZbKhE3cYQAYA/q3Qq2w2AA+1Aphm

Score

10^/10

bahamut android collection discovery evasion persistence

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

a40c7cabf874517f5d3d069e0377fa9348e10344000e39717c1a6571939ba7c0.apk

Resource

android-x86-arm-20240221-en

collection discovery evasion persistence

android-9-x86

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

a40c7cabf874517f5d3d069e0377fa9348e10344000e39717c1a6571939ba7c0.apk

Resource

android-33-x64-arm64-20240229-en

android-13-x64

0 signatures

150 seconds

Malware Config

Extracted

Family

bahamut

C2

https://ft8hua063okwfdcu21pw.de/api/v0.0.1/device/

Targets

- Target
  
  a40c7cabf874517f5d3d069e0377fa9348e10344000e39717c1a6571939ba7c0
- Size
  
  29.1MB
- MD5
  
  54a85378f28085923115ee44f540ff8a
- SHA1
  
  2e40f7fd49fa8538879f90a85300247fbf2f8f67
- SHA256
  
  a40c7cabf874517f5d3d069e0377fa9348e10344000e39717c1a6571939ba7c0
- SHA512
  
  853d315b460f899c3b4e7e2d6e071763dea1f4c58f8ea1547d8a234eda12e7ee8a1b2c4c5f51f7f4074061f3c50dc5e1892e33520d0b7eec3a82e3f1c4c74917
- SSDEEP
  
  393216:bjd8b3Stod1v3uFwCPwmSPk3biaOhECW1Fypl+W9ESATkXQY0/rBxqHoyvc2IG6a:ZbKhE3cYQAYA/q3Qq2w2AA+1Aphm
Score

8^/10

collection discovery evasion persistence
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about running processes on the device.
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Reads the contacts stored on the device.
  collection
- Reads the content of the call log.
  collection
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

collectiondiscoveryevasionpersistence

behavioral2

© 2018-2024

Terms | Privacy