General

  • Target

    2dcf0b16bc7cd525a64ad1d7cc2f4500.apk

  • Size

    13.4MB

  • Sample

    240517-wy5xracd3y

  • MD5

    2dcf0b16bc7cd525a64ad1d7cc2f4500

  • SHA1

    96d971e39a243f28cd1d35780c78ca7209a0b3b7

  • SHA256

    8cf6c72db8f985b1c1051bc7ec2ed5f1cd9f6029fc7deb4f512603b3cd4d2e0e

  • SHA512

    0fdacc5583a7abb7ab93b3b54cbd5f599477438ce4e142e3784847bfe2de7a7db9240ed1e549e35ea61dd14d3cff48e5365b0595143356561eae431c134b2162

  • SSDEEP

    393216:jsvBVsRomSBUl43IoCNKclh50Z6AFMGlWfen27nvHZ6tVCAE:jspVsamAI3FizF2fUqHClE

Malware Config

Targets

    • Target

      2dcf0b16bc7cd525a64ad1d7cc2f4500.apk

    • Size

      13.4MB

    • MD5

      2dcf0b16bc7cd525a64ad1d7cc2f4500

    • SHA1

      96d971e39a243f28cd1d35780c78ca7209a0b3b7

    • SHA256

      8cf6c72db8f985b1c1051bc7ec2ed5f1cd9f6029fc7deb4f512603b3cd4d2e0e

    • SHA512

      0fdacc5583a7abb7ab93b3b54cbd5f599477438ce4e142e3784847bfe2de7a7db9240ed1e549e35ea61dd14d3cff48e5365b0595143356561eae431c134b2162

    • SSDEEP

      393216:jsvBVsRomSBUl43IoCNKclh50Z6AFMGlWfen27nvHZ6tVCAE:jspVsamAI3FizF2fUqHClE

    • Checks if the Android device is rooted.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Acquires the wake lock

    • Checks if the internet connection is available

    • Reads information about phone network operator.

    • Requests cell location

      Uses Android APIs to to get current cell information.

    • Schedules tasks to execute at a specified time

      Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    • Listens for changes in the sensor environment (might be used to detect emulation)

MITRE ATT&CK Mobile v15

Tasks