General
-
Target
826f773160d410911f1264d9ae18b257.zip
-
Size
8.5MB
-
Sample
240506-k4gassfd2v
-
MD5
826f773160d410911f1264d9ae18b257
-
SHA1
052d5b51a2f8dc24b9e124dadd24e6eb229e9f9f
-
SHA256
dfaae61c292ef05981dc62f71dce4fbd4d8f0f5bc19c4f4bc739c5ea25acbb71
-
SHA512
62a7805dc99c2c9541f7de7379db8a41207024098387e814206f29de503b5957ab18936be0d8bdfff9499a18c47914e399a698c10ff887d580cff2db366c0ad7
-
SSDEEP
98304:osKfC9rzuhTeHp8TDaoWSW+mz3zBzTb0tgSD:08vA/WSKzJEj
Behavioral task
behavioral1
Sample
826f773160d410911f1264d9ae18b257.apk
Resource
android-x86-arm-20240506-en
Behavioral task
behavioral2
Sample
826f773160d410911f1264d9ae18b257.apk
Resource
android-x64-20240506-en
Behavioral task
behavioral3
Sample
826f773160d410911f1264d9ae18b257.apk
Resource
android-x64-arm64-20240506-en
Malware Config
Extracted
spynote
www.biancfdaslkljdsfkw.shop:7772
Targets
-
-
Target
826f773160d410911f1264d9ae18b257.zip
-
Size
8.5MB
-
MD5
826f773160d410911f1264d9ae18b257
-
SHA1
052d5b51a2f8dc24b9e124dadd24e6eb229e9f9f
-
SHA256
dfaae61c292ef05981dc62f71dce4fbd4d8f0f5bc19c4f4bc739c5ea25acbb71
-
SHA512
62a7805dc99c2c9541f7de7379db8a41207024098387e814206f29de503b5957ab18936be0d8bdfff9499a18c47914e399a698c10ff887d580cff2db366c0ad7
-
SSDEEP
98304:osKfC9rzuhTeHp8TDaoWSW+mz3zBzTb0tgSD:08vA/WSKzJEj
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Checks the application is allowed to request package installs through the package installer
Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries the mobile country code (MCC)
-
Reads the content of the SMS messages.
-
Reads the content of the call log.
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Acquires the wake lock
-
Checks if the internet connection is available
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Schedules tasks to execute at a specified time
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-