General

  • Target

    1.1.1.1.apk

  • Size

    4.5MB

  • Sample

    240502-1g9ltsff5y

  • MD5

    cc24816e6444f0a3d4c2c55a61eea186

  • SHA1

    8bf52bf54675db902f34f863ae946424f2924cbc

  • SHA256

    ece54563bcfc4aff039715a122dc95dc7660c194eb61ec93a8ddcc0d43c2505c

  • SHA512

    b552484263091f5ccf39f40c9743c6c19b8dad89baf47b687e795172ed159de458c877d11b0cefd62de81131b543e363fb064246e045e8a77211a5589844ec38

  • SSDEEP

    98304:y8omkJJupz22PtKXiYL9zmhsaDD5UEJHGbjmz5zBxTz0tcPO7o:yekHuR22wJL3yD5Ucbzt8Yb

Malware Config

Targets

    • Target

      1.1.1.1.apk

    • Size

      4.5MB

    • MD5

      cc24816e6444f0a3d4c2c55a61eea186

    • SHA1

      8bf52bf54675db902f34f863ae946424f2924cbc

    • SHA256

      ece54563bcfc4aff039715a122dc95dc7660c194eb61ec93a8ddcc0d43c2505c

    • SHA512

      b552484263091f5ccf39f40c9743c6c19b8dad89baf47b687e795172ed159de458c877d11b0cefd62de81131b543e363fb064246e045e8a77211a5589844ec38

    • SSDEEP

      98304:y8omkJJupz22PtKXiYL9zmhsaDD5UEJHGbjmz5zBxTz0tcPO7o:yekHuR22wJL3yD5Ucbzt8Yb

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Acquires the wake lock

    • Schedules tasks to execute at a specified time

      Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

MITRE ATT&CK Mobile v15

Tasks