General

  • Target

    GBWA 16.20 SamMods.apk

  • Size

    97.0MB

  • Sample

    240417-xy6dyscg4s

  • MD5

    12aa3280b4ce5d1b34212eb9b9f29abd

  • SHA1

    886c180c861aef699ebd6be49f220389b389d49a

  • SHA256

    6dcd7ff6314ea4e516e2d30d7069be53447bf64f05c3bf688867a310561ab1f6

  • SHA512

    801f9f4abc5b760099da3936d5d805024f65ed3484d019e1f6ecb10d802729878966e11963024e04eb5fcfe4bcdc84d35eb4cc098ce4d2b142176acdfc2ecfac

  • SSDEEP

    1572864:xpOjmryc1oFAOLAjIo0dVZPapJHhbozN986aPJHj7OCBjF:xpOjmO32R0dTQJoRiJHjq+jF

Malware Config

Targets

    • Target

      GBWA 16.20 SamMods.apk

    • Size

      97.0MB

    • MD5

      12aa3280b4ce5d1b34212eb9b9f29abd

    • SHA1

      886c180c861aef699ebd6be49f220389b389d49a

    • SHA256

      6dcd7ff6314ea4e516e2d30d7069be53447bf64f05c3bf688867a310561ab1f6

    • SHA512

      801f9f4abc5b760099da3936d5d805024f65ed3484d019e1f6ecb10d802729878966e11963024e04eb5fcfe4bcdc84d35eb4cc098ce4d2b142176acdfc2ecfac

    • SSDEEP

      1572864:xpOjmryc1oFAOLAjIo0dVZPapJHhbozN986aPJHj7OCBjF:xpOjmO32R0dTQJoRiJHjq+jF

    • Android Triada payload

    • Triada

      Triada is an Android banking trojan first seen in 2016.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Acquires the wake lock

    • Declares services with permission to bind to the system

    • Requests dangerous framework permissions

    • Target

      origin.apk

    • Size

      76.1MB

    • MD5

      243a705993221c7b739e8573d903f8e8

    • SHA1

      b2a49e0c713954aa533b6d643edeae7f1dd0a9ac

    • SHA256

      5b6380ea8a1e902174a03920c2876219efe7b69615dbd5d357ee0ed26889c734

    • SHA512

      c4c8a0d5a3a4746882d01994e853d08797d62796106b603f2e939dcc1cc240a8bf17f4d871856f05f924d794fe911c0956eff592eeb9b8d2c487931fd65face7

    • SSDEEP

      1572864:V1oFAOLAjIo0dVZPapJHhbozN986aPJHj7OCBv:Y2R0dTQJoRiJHjq+v

    Score
    7/10
    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Acquires the wake lock

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks