Overview

overview

7

Static

static

6

honeygain_app.apk

android-13-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    honeygain_app.apk

  • Size

    7.8MB

  • Sample

    240426-trgv8sgc2s

  • MD5

    b938576de812d5495878e2bd66ec98ff

  • SHA1

    9eeafc8e85f1cd7e76c20eeb0590a222ac490115

  • SHA256

    e19d58b9c7b48b85118a79795ddd5515b10ccd8be5cef881b5bc806e4af0fe3f

  • SHA512

    ef0519dac250c8bb760fda151e82d6f85f5332a342f46d716682194fc0374605604e3b636d873970bb94c94e243e9f31c612854c250a02485d10cb50f90f0978

  • SSDEEP

    196608:RtkNPy5ehTjK4iIZbvSxNhFQsOidkMFE3nT8cnk:iyNFIZGxN9tck

Score
7/10
androidcollectioncredential_accessdiscoveryevasionimpactpersistence

Malware Config

Targets

    • Target

      honeygain_app.apk

    • Size

      7.8MB

    • MD5

      b938576de812d5495878e2bd66ec98ff

    • SHA1

      9eeafc8e85f1cd7e76c20eeb0590a222ac490115

    • SHA256

      e19d58b9c7b48b85118a79795ddd5515b10ccd8be5cef881b5bc806e4af0fe3f

    • SHA512

      ef0519dac250c8bb760fda151e82d6f85f5332a342f46d716682194fc0374605604e3b636d873970bb94c94e243e9f31c612854c250a02485d10cb50f90f0978

    • SSDEEP

      196608:RtkNPy5ehTjK4iIZbvSxNhFQsOidkMFE3nT8cnk:iyNFIZGxN9tck

    Score
    7/10
    collectioncredential_accessdiscoveryevasionimpactpersistence

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

      evasiondiscovery

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

      collectioncredential_accessimpact

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Acquires the wake lock

    • Reads information about phone network operator.

      discovery

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion

    • Listens for changes in the sensor environment (might be used to detect emulation)

      evasion
    behavioral1

MITRE ATT&CK Mobile v15

Tasks