General
-
Target
3db0d587001285f306fbdd73d29ad62ee826a0c27585ebaaf1d993504fdacc5f
-
Size
5.5MB
-
Sample
240416-kexlgsfc6s
-
MD5
deba43a71712c3a501970e3fc5ab1ced
-
SHA1
0d9f42ce346090f7957ca206e5dc5a393fb3513f
-
SHA256
3db0d587001285f306fbdd73d29ad62ee826a0c27585ebaaf1d993504fdacc5f
-
SHA512
331ca7455b08895c4821e24abd052f287570494862d54bab9039b0bd6476b897c679cdaa0e4f542f1d562063f18f9d076a76876d2807f37d331b6fbfcce6ed5f
-
SSDEEP
98304:hU7aQYpE7Bm9K0E3Lw1QPenWTCORGRAhvRNB4p31aVCH90fr+6vSI:hUHY0B0EEmPCWdGRjp3cT
Malware Config
Targets
-
-
Target
3db0d587001285f306fbdd73d29ad62ee826a0c27585ebaaf1d993504fdacc5f
-
Size
5.5MB
-
MD5
deba43a71712c3a501970e3fc5ab1ced
-
SHA1
0d9f42ce346090f7957ca206e5dc5a393fb3513f
-
SHA256
3db0d587001285f306fbdd73d29ad62ee826a0c27585ebaaf1d993504fdacc5f
-
SHA512
331ca7455b08895c4821e24abd052f287570494862d54bab9039b0bd6476b897c679cdaa0e4f542f1d562063f18f9d076a76876d2807f37d331b6fbfcce6ed5f
-
SSDEEP
98304:hU7aQYpE7Bm9K0E3Lw1QPenWTCORGRAhvRNB4p31aVCH90fr+6vSI:hUHY0B0EEmPCWdGRjp3cT
Score7/10-
Checks memory information
Checks memory information which indicate if the system is an emulator.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries account information for other applications stored on the device.
Application may abuse the framework's APIs to collect account information stored on the device.
-
Reads the contacts stored on the device.
-
Reads the content of the call log.
-
Acquires the wake lock
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-