Overview

overview

8

Static

static

6

8509cd3cad...89.apk

android-9-x86

8

8509cd3cad...89.apk

android-13-x64

8

Resubmissions

17/05/2024, 08:33

240517-kgbf2ahf5y 8

05/04/2024, 12:26

240405-pmmhpsce95 6

05/04/2024, 12:26

240405-pmd7bsbh9w 6

Sharing

Copy URL Twitter E-mail

General

  • Target

    8509cd3cada43f74b8b9a65719bd4f7c24efb605ae35369508ea35ea0fe53689

  • Size

    14.0MB

  • Sample

    240517-kgbf2ahf5y

  • MD5

    2a3d2c35fd2dc6fb5a7d5a328b3bd529

  • SHA1

    b102465ecd34bf5af39e5c3d7213dbd026be9c49

  • SHA256

    8509cd3cada43f74b8b9a65719bd4f7c24efb605ae35369508ea35ea0fe53689

  • SHA512

    b68525f7c522c9d2ab578d4c142bd16ed577f66437e65b7d6de5adef9d1f8e7f78f3eb6632921b9afcab443cab7846fe20a96006370228165e32a5103f5d197a

  • SSDEEP

    393216:BjVsj2ku6XMmE0NiQF7Iy+h0VkQ2G6kIRrvH6J0KG:BPQE0N/Qh0VX2GvYT6J0KG

Score
8/10
androidbankercollectioncredential_accessdiscoveryevasionpersistence

Malware Config

Targets

    • Target

      8509cd3cada43f74b8b9a65719bd4f7c24efb605ae35369508ea35ea0fe53689

    • Size

      14.0MB

    • MD5

      2a3d2c35fd2dc6fb5a7d5a328b3bd529

    • SHA1

      b102465ecd34bf5af39e5c3d7213dbd026be9c49

    • SHA256

      8509cd3cada43f74b8b9a65719bd4f7c24efb605ae35369508ea35ea0fe53689

    • SHA512

      b68525f7c522c9d2ab578d4c142bd16ed577f66437e65b7d6de5adef9d1f8e7f78f3eb6632921b9afcab443cab7846fe20a96006370228165e32a5103f5d197a

    • SSDEEP

      393216:BjVsj2ku6XMmE0NiQF7Iy+h0VkQ2G6kIRrvH6J0KG:BPQE0N/Qh0VX2GvYT6J0KG

    Score
    8/10
    bankercollectioncredential_accessdiscoveryevasionpersistence

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Queries account information for other applications stored on the device

      Application may abuse the framework's APIs to collect account information stored on the device.

      collection

    • Reads the contacts stored on the device.

      collection

    • Reads the content of the call log.

      collection

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Tasks