General

  • Target

    4f2b73a6f2a7816e54ff0b15b9dd555f

  • Size

    4.1MB

  • Sample

    240517-w1brpacf26

  • MD5

    4f2b73a6f2a7816e54ff0b15b9dd555f

  • SHA1

    f6e585e552cfdfc762d809a95bd48e41bc15c605

  • SHA256

    29b0d86ae68d83f9578c3f36041df943195bc55a7f3f1d45a9c23f145d75af9d

  • SHA512

    9d7759eee7082f28439ffb17e81c366dc1b92f15c074643bdd42d76fd404257e46bb644c3dccc7ce35efb734cb7e5f7a45393590ef75909654d6a9c463425a2d

  • SSDEEP

    98304:F+iSqvb1KDI75XCuRHDwodfeeC8sB34wT+/ayBP77GSj10GAa:dSqDQDSjK8o3NT+/797eGAa

Malware Config

Targets

    • Target

      4f2b73a6f2a7816e54ff0b15b9dd555f

    • Size

      4.1MB

    • MD5

      4f2b73a6f2a7816e54ff0b15b9dd555f

    • SHA1

      f6e585e552cfdfc762d809a95bd48e41bc15c605

    • SHA256

      29b0d86ae68d83f9578c3f36041df943195bc55a7f3f1d45a9c23f145d75af9d

    • SHA512

      9d7759eee7082f28439ffb17e81c366dc1b92f15c074643bdd42d76fd404257e46bb644c3dccc7ce35efb734cb7e5f7a45393590ef75909654d6a9c463425a2d

    • SSDEEP

      98304:F+iSqvb1KDI75XCuRHDwodfeeC8sB34wT+/ayBP77GSj10GAa:dSqDQDSjK8o3NT+/797eGAa

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Queries account information for other applications stored on the device

      Application may abuse the framework's APIs to collect account information stored on the device.

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the phone number (MSISDN for GSM devices)

    • Reads the contacts stored on the device.

    • Reads the content of the call log.

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

    • Schedules tasks to execute at a specified time

      Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

MITRE ATT&CK Mobile v15

Tasks