General

  • Target

    100010.apk

  • Size

    88.9MB

  • Sample

    240512-xxw4wsca5x

  • MD5

    e44f7ae01872784580b58df01a96b2b6

  • SHA1

    e2c50cb29287c40d1201fdecab61298ec7f2c53d

  • SHA256

    b73544e080f9b30cee9aa94dbdfefee5e1e61118cd22436ebdb79c35c2834cd3

  • SHA512

    b76d97612086c62fb84ca5c099a79db31d5a466f55d17ed2fd42e8c932e2d1378ee3cf77e695374a7a27fb5f68f71c5bb2770bcd374c780b2c6d609407f3c454

  • SSDEEP

    1572864:aFUbBxURAZr5HPapJH0V0gvDNV5QUGEmHY1E7L7QDH94o0Z3hVtm7nuhgMq6B:Mkk6Zr5vQ0bLNLQUGEUY1E7vrguhMA

Malware Config

Targets

    • Target

      100010.apk

    • Size

      88.9MB

    • MD5

      e44f7ae01872784580b58df01a96b2b6

    • SHA1

      e2c50cb29287c40d1201fdecab61298ec7f2c53d

    • SHA256

      b73544e080f9b30cee9aa94dbdfefee5e1e61118cd22436ebdb79c35c2834cd3

    • SHA512

      b76d97612086c62fb84ca5c099a79db31d5a466f55d17ed2fd42e8c932e2d1378ee3cf77e695374a7a27fb5f68f71c5bb2770bcd374c780b2c6d609407f3c454

    • SSDEEP

      1572864:aFUbBxURAZr5HPapJH0V0gvDNV5QUGEmHY1E7L7QDH94o0Z3hVtm7nuhgMq6B:Mkk6Zr5vQ0bLNLQUGEUY1E7vrguhMA

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    • Patched UPX-packed file

      Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Acquires the wake lock

    • Checks if the internet connection is available

    • Reads information about phone network operator.

    • Schedules tasks to execute at a specified time

      Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    • Checks the presence of a debugger

MITRE ATT&CK Mobile v15

Tasks