Overview

overview

8

Static

static

6

982797b6b0...2e.apk

android-9-x86

8

982797b6b0...2e.apk

android-11-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    982797b6b0dbf743fa85fa3dec906efbe9c034c8fd93cefbc1e0cd4eb557742e.bin

  • Size

    2.2MB

  • Sample

    240509-1xxl7scb67

  • MD5

    edaeddeb91325c7f037e5c60cf446dec

  • SHA1

    3ec41f6400dcca2ff3a6ad4874a6af32f870d2b6

  • SHA256

    982797b6b0dbf743fa85fa3dec906efbe9c034c8fd93cefbc1e0cd4eb557742e

  • SHA512

    4620974c57cbbc61fcb8bc8d6ab9635f9fc5a1f5cdb58e5d436de2527459da882789b551fa3190a09827049b5a3e323cc673438464b31e6ba38c58a6d8dca84a

  • SSDEEP

    49152:vziOMbTCFu655QDAitWLBIvewQNlAI0frC7:vzyn6TQhoLzwQV0frC7

Score
8/10
androidbankercollectiondiscoveryevasionexecutionimpactpersistence

Malware Config

Targets

    • Target

      982797b6b0dbf743fa85fa3dec906efbe9c034c8fd93cefbc1e0cd4eb557742e.bin

    • Size

      2.2MB

    • MD5

      edaeddeb91325c7f037e5c60cf446dec

    • SHA1

      3ec41f6400dcca2ff3a6ad4874a6af32f870d2b6

    • SHA256

      982797b6b0dbf743fa85fa3dec906efbe9c034c8fd93cefbc1e0cd4eb557742e

    • SHA512

      4620974c57cbbc61fcb8bc8d6ab9635f9fc5a1f5cdb58e5d436de2527459da882789b551fa3190a09827049b5a3e323cc673438464b31e6ba38c58a6d8dca84a

    • SSDEEP

      49152:vziOMbTCFu655QDAitWLBIvewQNlAI0frC7:vzyn6TQhoLzwQV0frC7

    Score
    8/10
    bankercollectiondiscoveryevasionexecutionimpactpersistence

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Requests changing the default SMS application.

      collectionimpact

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Queries account information for other applications stored on the device

      Application may abuse the framework's APIs to collect account information stored on the device.

      collection

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries the phone number (MSISDN for GSM devices)

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Checks if the internet connection is available

      discovery

    • Schedules tasks to execute at a specified time

      Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

      executionpersistence
    behavioral1behavioral2

MITRE ATT&CK Mobile v15

Tasks