General

  • Target

    4b4b8078717890dee57a58a3307a9b07

  • Size

    1.4MB

  • Sample

    240517-w1ajmacf23

  • MD5

    4b4b8078717890dee57a58a3307a9b07

  • SHA1

    03c192ca1676dfccdee1f08b604da023838d16b9

  • SHA256

    ad07d44d348185db08710d8cdef6b4cff3f52e5c8ce0646654cef441dea1e869

  • SHA512

    517bf0349a03032e8e8ec00643bea7a5f2a94ca4d0f12796c057869ee95ed7c46c3ed9c1f503d087700c447cc4118428b0f86e538a1377da4dd38f80fc375895

  • SSDEEP

    24576:xPe1ZkNOHSf7NO9sz1jt2zdqipzYL1Y3WHTgBzhZ2n3FJsQ91oQJV3bmg2o5+Gu:c1ZzHSDNOKVEQR1ZgRhy3FJsu1oQD3bk

Malware Config

Targets

    • Target

      4b4b8078717890dee57a58a3307a9b07

    • Size

      1.4MB

    • MD5

      4b4b8078717890dee57a58a3307a9b07

    • SHA1

      03c192ca1676dfccdee1f08b604da023838d16b9

    • SHA256

      ad07d44d348185db08710d8cdef6b4cff3f52e5c8ce0646654cef441dea1e869

    • SHA512

      517bf0349a03032e8e8ec00643bea7a5f2a94ca4d0f12796c057869ee95ed7c46c3ed9c1f503d087700c447cc4118428b0f86e538a1377da4dd38f80fc375895

    • SSDEEP

      24576:xPe1ZkNOHSf7NO9sz1jt2zdqipzYL1Y3WHTgBzhZ2n3FJsQ91oQJV3bmg2o5+Gu:c1ZzHSDNOKVEQR1ZgRhy3FJsu1oQD3bk

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Prevents application removal

      Application may abuse the framework's APIs to prevent removal.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries account information for other applications stored on the device

      Application may abuse the framework's APIs to collect account information stored on the device.

    • Requests enabling of the accessibility settings.

    • Acquires the wake lock

    • Schedules tasks to execute at a specified time

      Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

MITRE ATT&CK Mobile v15

Tasks