General

  • Target

    2b2752bfe7b22db70eb0e8d9ca64b415

  • Size

    1002KB

  • Sample

    240517-wywn3scd2v

  • MD5

    2b2752bfe7b22db70eb0e8d9ca64b415

  • SHA1

    9ae36532aa6de9427e3e08bba1e8add4b3cccd79

  • SHA256

    b015c99ad510c766d7fed64aa18f1ff9a7321f062e9c6d2912144168897d166b

  • SHA512

    c08bfe36421e7259df6e3c9b9dea4573a7142069185288020bf44ce87076840971cc4b3bbc823036062f00fb8705cda27ca86e017039a5b255bda9d26fe527ef

  • SSDEEP

    24576:CfLgGn/rZV5y85SARuxtOBcBzaR6i0igi3HWQ:WgMrZDSptgcB+Rt0igi3z

Malware Config

Targets

    • Target

      2b2752bfe7b22db70eb0e8d9ca64b415

    • Size

      1002KB

    • MD5

      2b2752bfe7b22db70eb0e8d9ca64b415

    • SHA1

      9ae36532aa6de9427e3e08bba1e8add4b3cccd79

    • SHA256

      b015c99ad510c766d7fed64aa18f1ff9a7321f062e9c6d2912144168897d166b

    • SHA512

      c08bfe36421e7259df6e3c9b9dea4573a7142069185288020bf44ce87076840971cc4b3bbc823036062f00fb8705cda27ca86e017039a5b255bda9d26fe527ef

    • SSDEEP

      24576:CfLgGn/rZV5y85SARuxtOBcBzaR6i0igi3HWQ:WgMrZDSptgcB+Rt0igi3z

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Prevents application removal

      Application may abuse the framework's APIs to prevent removal.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Removes its main activity from the application launcher

    • Queries account information for other applications stored on the device

      Application may abuse the framework's APIs to collect account information stored on the device.

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Requests enabling of the accessibility settings.

    • Checks if the internet connection is available

    • Reads information about phone network operator.

    • Checks the presence of a debugger

MITRE ATT&CK Mobile v15

Tasks