mobileorder | ed3aa8e58d65c81df2f18e970456225b7c2b78e4add4dea556298a915b8fef1a | Triage

Sharing

General

Target

ed3aa8e58d65c81df2f18e970456225b7c2b78e4add4dea556298a915b8fef1a
Size

346KB
Sample

240410-r6y2yseh2v
MD5

cf3ed93ddff7bc0b1fe401c14f2ecb91
SHA1

c729efaae21b9404b527b9cdd0b32eb3c224cf71
SHA256

ed3aa8e58d65c81df2f18e970456225b7c2b78e4add4dea556298a915b8fef1a
SHA512

e6db9ef58ce0b4c945dd805fee4a0e796c631908ccb4c5f440e81be99a92fe052c3e134956d98d0c1394e3d8ccd1ea7c976d0b1e8a472139221e09d172ac4ab5
SSDEEP

6144:jV+AXP1tBNYzDGH/Fzez5rO+X/JzXPRYILk2q3wXqZ0IiSPqDBwBctsIvU9Ej:xBH/FzU5i+X/ZBLk2DXqCaqDBsoXUM

Score

10^/10

mobileorder android evasion privilege_escalation stealth trojan

Malware Config

Extracted

Family

mobileorder

C2

fly100.dellgod.net

Targets

- Target
  
  ed3aa8e58d65c81df2f18e970456225b7c2b78e4add4dea556298a915b8fef1a
- Size
  
  346KB
- MD5
  
  cf3ed93ddff7bc0b1fe401c14f2ecb91
- SHA1
  
  c729efaae21b9404b527b9cdd0b32eb3c224cf71
- SHA256
  
  ed3aa8e58d65c81df2f18e970456225b7c2b78e4add4dea556298a915b8fef1a
- SHA512
  
  e6db9ef58ce0b4c945dd805fee4a0e796c631908ccb4c5f440e81be99a92fe052c3e134956d98d0c1394e3d8ccd1ea7c976d0b1e8a472139221e09d172ac4ab5
- SSDEEP
  
  6144:jV+AXP1tBNYzDGH/Fzez5rO+X/JzXPRYILk2q3wXqZ0IiSPqDBwBctsIvU9Ej:xBH/FzU5i+X/ZBLk2DXqCaqDBsoXUM
Score

8^/10

evasion privilege_escalation stealth trojan
- Removes its main activity from the application launcher
  stealth trojan evasion
- Tries to add a device administrator.
  privilege_escalation
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Device Administrator Permissions

Defense Evasion

Hide Artifacts

Suppress Application Icon

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionprivilege_escalationstealthtrojan

behavioral2

evasionstealthtrojan

behavioral3

evasionprivilege_escalationstealthtrojan