General

  • Target

    36cd2ea94bcf9f9a9959dc4c1c489933

  • Size

    1.8MB

  • Sample

    240517-wzkyzace72

  • MD5

    36cd2ea94bcf9f9a9959dc4c1c489933

  • SHA1

    828c76b5d980c893147bdee72eb3832227aff7f2

  • SHA256

    51f9c37c3eec0b6f8325aa1c8fe64a0615ab920584042df557426473b1270b40

  • SHA512

    d829d6969f53a3b1b929cf6b964af454f4087bb9075afccf0303007409188bac21df06a1cab5bd2615360fae40202fd3dbb1a861ce397a8d09e8ce86bbc102c4

  • SSDEEP

    49152:+/X7k/o4x1XuIEMYnpn2SL40UFi+xYxpEWWKRFd:+/rMr7XuamB264bFiAopJVR

Malware Config

Targets

    • Target

      36cd2ea94bcf9f9a9959dc4c1c489933

    • Size

      1.8MB

    • MD5

      36cd2ea94bcf9f9a9959dc4c1c489933

    • SHA1

      828c76b5d980c893147bdee72eb3832227aff7f2

    • SHA256

      51f9c37c3eec0b6f8325aa1c8fe64a0615ab920584042df557426473b1270b40

    • SHA512

      d829d6969f53a3b1b929cf6b964af454f4087bb9075afccf0303007409188bac21df06a1cab5bd2615360fae40202fd3dbb1a861ce397a8d09e8ce86bbc102c4

    • SSDEEP

      49152:+/X7k/o4x1XuIEMYnpn2SL40UFi+xYxpEWWKRFd:+/rMr7XuamB264bFiAopJVR

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Prevents application removal

      Application may abuse the framework's APIs to prevent removal.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests enabling of the accessibility settings.

    • Acquires the wake lock

    • Schedules tasks to execute at a specified time

      Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

MITRE ATT&CK Mobile v15

Tasks