bahamut | a71290070f826292c0ce907f21280e46cb4b800163ca3b81301c75710387ff1b | Triage

Submit
Reports

Overview

overview

Static

static

a71290070f...1b.apk

android-9-x86

8

a71290070f...1b.apk

android-11-x64

8

Sharing

General

Target

a71290070f826292c0ce907f21280e46cb4b800163ca3b81301c75710387ff1b
Size

29.1MB
Sample

240410-qhywlscb3w
MD5

7ac30a4488748e4be24c04325f147c9f
SHA1

b54fff5a7f0a279040a4499d5aabce41ea1840fb
SHA256

a71290070f826292c0ce907f21280e46cb4b800163ca3b81301c75710387ff1b
SHA512

2bde3d4bb8a5df81f1e0230cf6e1464853bb52c104ce3da594a0218fee62b83610d673b999c186b158b469c50213be4057c8a23aea2b693fd9083293db44cc9c
SSDEEP

393216:bjd8b3Stod1v3uFwCPwmSPkkbiaOhECW1Fypl+W9ESATJXQY0/rBxqHoyvc2IGif:SbKhE3cYFAYA/q3Yq2w2AEZ+1AphH

Score

10^/10

bahamut android collection discovery evasion persistence

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

a71290070f826292c0ce907f21280e46cb4b800163ca3b81301c75710387ff1b.apk

Resource

android-x86-arm-20240221-en

collection discovery evasion persistence

android-9-x86

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

a71290070f826292c0ce907f21280e46cb4b800163ca3b81301c75710387ff1b.apk

Resource

android-x64-arm64-20240221-en

collection discovery evasion persistence

android-11-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

bahamut

C2

https://ft8hua063okwfdcu21pw.de/api/v0.0.1/device/

Targets

- Target
  
  a71290070f826292c0ce907f21280e46cb4b800163ca3b81301c75710387ff1b
- Size
  
  29.1MB
- MD5
  
  7ac30a4488748e4be24c04325f147c9f
- SHA1
  
  b54fff5a7f0a279040a4499d5aabce41ea1840fb
- SHA256
  
  a71290070f826292c0ce907f21280e46cb4b800163ca3b81301c75710387ff1b
- SHA512
  
  2bde3d4bb8a5df81f1e0230cf6e1464853bb52c104ce3da594a0218fee62b83610d673b999c186b158b469c50213be4057c8a23aea2b693fd9083293db44cc9c
- SSDEEP
  
  393216:bjd8b3Stod1v3uFwCPwmSPkkbiaOhECW1Fypl+W9ESATJXQY0/rBxqHoyvc2IGif:SbKhE3cYFAYA/q3Yq2w2AEZ+1AphH
Score

8^/10

collection discovery evasion persistence
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about running processes on the device.
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Reads the contacts stored on the device.
  collection
- Reads the content of the call log.
  collection
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

collectiondiscoveryevasionpersistence

behavioral2

collectiondiscoveryevasionpersistence

© 2018-2024

Terms | Privacy