bahamut | c4cdcfb645cb50451f6a5cf792ef91e07aa1ed166ad99f59358eb8b9a1284440 | Triage

Submit
Reports

Overview

overview

Static

static

c4cdcfb645...40.apk

android-9-x86

7

c4cdcfb645...40.apk

android-10-x64

7

c4cdcfb645...40.apk

android-11-x64

8

Sharing

General

Target

c4cdcfb645cb50451f6a5cf792ef91e07aa1ed166ad99f59358eb8b9a1284440
Size

7.0MB
Sample

240410-rc6vpsde2v
MD5

241b578fe963ad199fd5bdc0bb50f4ca
SHA1

3a9fe80e346356dd1b7a12765fc941f7d584d943
SHA256

c4cdcfb645cb50451f6a5cf792ef91e07aa1ed166ad99f59358eb8b9a1284440
SHA512

52e6d4a9164480af0f3c3d5e08d85d25054ccb2f6ac57bf7db7ea4f0c8b9a60a2829ac4e7310822e289fa8ee4d25d9b4146014681ef16cb404ed2a03cf2d5e62
SSDEEP

196608:p8/u+xgCR1D6Du6gUxL8wLszeEvf/QuN707b:aG+HD6yJUx9LnG70f

Score

10^/10

bahamut android collection discovery evasion persistence

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

c4cdcfb645cb50451f6a5cf792ef91e07aa1ed166ad99f59358eb8b9a1284440.apk

Resource

android-x86-arm-20240221-en

collection discovery evasion persistence

android-9-x86

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

c4cdcfb645cb50451f6a5cf792ef91e07aa1ed166ad99f59358eb8b9a1284440.apk

Resource

android-x64-20240221-en

collection discovery evasion persistence

android-10-x64

7 signatures

150 seconds

Behavioral task

behavioral3

Sample

c4cdcfb645cb50451f6a5cf792ef91e07aa1ed166ad99f59358eb8b9a1284440.apk

Resource

android-x64-arm64-20240221-en

collection discovery evasion persistence

android-11-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

bahamut

C2

https://r4dc3btbyzip0edkbykb1qteulwb.de

Targets

- Target
  
  c4cdcfb645cb50451f6a5cf792ef91e07aa1ed166ad99f59358eb8b9a1284440
- Size
  
  7.0MB
- MD5
  
  241b578fe963ad199fd5bdc0bb50f4ca
- SHA1
  
  3a9fe80e346356dd1b7a12765fc941f7d584d943
- SHA256
  
  c4cdcfb645cb50451f6a5cf792ef91e07aa1ed166ad99f59358eb8b9a1284440
- SHA512
  
  52e6d4a9164480af0f3c3d5e08d85d25054ccb2f6ac57bf7db7ea4f0c8b9a60a2829ac4e7310822e289fa8ee4d25d9b4146014681ef16cb404ed2a03cf2d5e62
- SSDEEP
  
  196608:p8/u+xgCR1D6Du6gUxL8wLszeEvf/QuN707b:aG+HD6yJUx9LnG70f
Score

8^/10

collection discovery evasion persistence
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Reads the contacts stored on the device.
  collection
- Reads the content of the call log.
  collection
- Requests enabling of the accessibility settings.
- Acquires the wake lock
- Reads information about phone network operator.
  discovery
- Checks the presence of a debugger
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

collectiondiscoveryevasionpersistence

behavioral2

collectiondiscoveryevasionpersistence

behavioral3

collectiondiscoveryevasionpersistence

© 2018-2024

Terms | Privacy