General
-
Target
583b68d3c917ddc713d8621959f97d7f2636654494027e494f2368409730f88b.apk
-
Size
20.5MB
-
Sample
240502-bsyw2afb76
-
MD5
5682f19f3a2723db1c7141c9157ab93e
-
SHA1
748ea5d804fafc742824bd4c2f9c0259822de99d
-
SHA256
583b68d3c917ddc713d8621959f97d7f2636654494027e494f2368409730f88b
-
SHA512
63884b29b4b4714a2330d43529148ee9e8aba2b3ed62dbf85f9187148f330e846de2cf8516db3d2b8b7cd5b6cfa989b2e9a00e6df89da76e0b317d2ba415d46e
-
SSDEEP
393216:HHusJA35z7A79L+4wr1mbgafiubc6ZxbdT9i/zVN2I+TX3VsKpPbNiRSKcsLJJ:HRJA35z7c5KBmbBffcQxvi/zVN2IkHGl
Behavioral task
behavioral1
Sample
583b68d3c917ddc713d8621959f97d7f2636654494027e494f2368409730f88b.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
583b68d3c917ddc713d8621959f97d7f2636654494027e494f2368409730f88b.apk
Resource
android-33-x64-arm64-20240229-en
Malware Config
Extracted
andrmonitor
https://anmon.name/mch.html
Targets
-
-
Target
583b68d3c917ddc713d8621959f97d7f2636654494027e494f2368409730f88b.apk
-
Size
20.5MB
-
MD5
5682f19f3a2723db1c7141c9157ab93e
-
SHA1
748ea5d804fafc742824bd4c2f9c0259822de99d
-
SHA256
583b68d3c917ddc713d8621959f97d7f2636654494027e494f2368409730f88b
-
SHA512
63884b29b4b4714a2330d43529148ee9e8aba2b3ed62dbf85f9187148f330e846de2cf8516db3d2b8b7cd5b6cfa989b2e9a00e6df89da76e0b317d2ba415d46e
-
SSDEEP
393216:HHusJA35z7A79L+4wr1mbgafiubc6ZxbdT9i/zVN2I+TX3VsKpPbNiRSKcsLJJ:HRJA35z7c5KBmbBffcQxvi/zVN2IkHGl
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries account information for other applications stored on the device
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the phone number (MSISDN for GSM devices)
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Acquires the wake lock
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
Reads information about phone network operator.
-
Requests dangerous framework permissions
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
1Suppress Application Icon
1