General

  • Target

    b04ceb9e211acc72b2af0ab26e20e502ecde25e4be9a465ec77d16ca9da1bb32

  • Size

    31.7MB

  • Sample

    240410-qsln2ahd46

  • MD5

    3c726b77585d359a5bbff08afd682971

  • SHA1

    2fbdc11613a065afbbf36a66e8f17c0d802f8347

  • SHA256

    b04ceb9e211acc72b2af0ab26e20e502ecde25e4be9a465ec77d16ca9da1bb32

  • SHA512

    9a11f73c948877b6c6ac7471a2ab67829808629b07549f2a2ee83df0021a1e284fa98bf6bc9d64f8a0c32c9bd1cb0ba28db807992c055d316916f0df2a0c76e3

  • SSDEEP

    786432:eyg3Em1Dt8TjhYsVsDU86F+VQ9IKlGG7JeoX0638:e7E68Tjh718+kXKGGdpx38

Malware Config

Extracted

Family

bahamut

C2

https://ft8hua063okwfdcu21pw.de/api/v0.0.1/device/

Targets

    • Target

      b04ceb9e211acc72b2af0ab26e20e502ecde25e4be9a465ec77d16ca9da1bb32

    • Size

      31.7MB

    • MD5

      3c726b77585d359a5bbff08afd682971

    • SHA1

      2fbdc11613a065afbbf36a66e8f17c0d802f8347

    • SHA256

      b04ceb9e211acc72b2af0ab26e20e502ecde25e4be9a465ec77d16ca9da1bb32

    • SHA512

      9a11f73c948877b6c6ac7471a2ab67829808629b07549f2a2ee83df0021a1e284fa98bf6bc9d64f8a0c32c9bd1cb0ba28db807992c055d316916f0df2a0c76e3

    • SSDEEP

      786432:eyg3Em1Dt8TjhYsVsDU86F+VQ9IKlGG7JeoX0638:e7E68Tjh718+kXKGGdpx38

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Reads the contacts stored on the device.

    • Reads the content of the call log.

MITRE ATT&CK Mobile v15

Tasks