Overview

overview

10

Static

static

10

d5ca7ba75c...c9.apk

android-9-x86

8

d5ca7ba75c...c9.apk

android-10-x64

8

d5ca7ba75c...c9.apk

android-11-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dbf98b9b54fdd429ceb18b35158e44d4.bin

  • Size

    1.2MB

  • Sample

    240503-b8rgwsca9x

  • MD5

    4d16f6f7f746931ea7078cca194596ec

  • SHA1

    65eea0c91f123b28015a35cf0027d9d019876a4c

  • SHA256

    5f8cf1bdf1b7385d8b78e4c26d41e6b18d8732626f11c946afd0827a9f0e0db4

  • SHA512

    710ca480874b631593d73f1cff09a7ffcb78c424721d2d118b78a34a24f54b40af807476f5a96b8dfae5576ef4dec41b1253a828bff6dc9d1eebf0e4c6637706

  • SSDEEP

    24576:vMfdmwU0QNsZyKWxGhwpatDHQm46Qunj9Ep7yB4i5vYaVlAeweR:0fdON/Rwhw4pwH6FnjdVlAveR

Score
10/10
ermacandroidcollectioncredential_accessdiscoveryevasionexecutionimpactpersistence

Malware Config

Targets

    • Target

      d5ca7ba75cfb8fd76929c1b8f6547780d8305a6654b6423124d380ff59b0d1c9.zip

    • Size

      1.4MB

    • MD5

      dbf98b9b54fdd429ceb18b35158e44d4

    • SHA1

      ae15f0e4c2c299adf52de17b51400fcf25479184

    • SHA256

      d5ca7ba75cfb8fd76929c1b8f6547780d8305a6654b6423124d380ff59b0d1c9

    • SHA512

      b8e7838627cd0346480aa456be863ecc6c56ce4b43fd408be9e104c1183b3d6c3b6fdc5f329e9f4e4421fec3599232e887803ba01959fe56c6a8b30da4fa1079

    • SSDEEP

      24576:My/WPvDL4292BzHVFYixHq9bYHfumO9dRuKKiwBUH27m8AdWeUR1uffgpABG/4zb:F/W3f4292Bz1FYsHq9bYHfumscKKipw6

    Score
    8/10
    collectioncredential_accessdiscoveryevasionexecutionimpactpersistence

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Prevents application removal

      Application may abuse the framework's APIs to prevent removal.

      evasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Queries the phone number (MSISDN for GSM devices)

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Requests enabling of the accessibility settings.

    • Acquires the wake lock

    • Reads information about phone network operator.

      discovery

    • Schedules tasks to execute at a specified time

      Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

      executionpersistence
    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks