General

  • Target

    37c94b09b98f3caf5a3fe3d391802dd3

  • Size

    4.6MB

  • Sample

    240517-wzlv9sce74

  • MD5

    37c94b09b98f3caf5a3fe3d391802dd3

  • SHA1

    f2351a31903222b8a7c451d331b2edbdbca1c9f6

  • SHA256

    fe6cfe7b6e2e91a80ffbbce19629062de42efcc55cdd9ce54b13ce9a482fd280

  • SHA512

    379b0f366ab9189b943b49778b5ba89cf814e82b6c16a4b3a0c506fadfc7e3653089f498ee45836534a7fe9af0c75b30fba4fd3e4a715832be3a856e12464019

  • SSDEEP

    98304:K6QwrIl96T42v0Q01rW/h4GVtJLLahz2AXsV4A8NRBkSrYKtlfA0:K+gczwoh4GVtJve2ksKA2kmJtlfA0

Malware Config

Targets

    • Target

      37c94b09b98f3caf5a3fe3d391802dd3

    • Size

      4.6MB

    • MD5

      37c94b09b98f3caf5a3fe3d391802dd3

    • SHA1

      f2351a31903222b8a7c451d331b2edbdbca1c9f6

    • SHA256

      fe6cfe7b6e2e91a80ffbbce19629062de42efcc55cdd9ce54b13ce9a482fd280

    • SHA512

      379b0f366ab9189b943b49778b5ba89cf814e82b6c16a4b3a0c506fadfc7e3653089f498ee45836534a7fe9af0c75b30fba4fd3e4a715832be3a856e12464019

    • SSDEEP

      98304:K6QwrIl96T42v0Q01rW/h4GVtJLLahz2AXsV4A8NRBkSrYKtlfA0:K+gczwoh4GVtJve2ksKA2kmJtlfA0

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Queries account information for other applications stored on the device

      Application may abuse the framework's APIs to collect account information stored on the device.

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the phone number (MSISDN for GSM devices)

    • Reads the contacts stored on the device.

    • Reads the content of the call log.

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

    • Schedules tasks to execute at a specified time

      Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

MITRE ATT&CK Mobile v15

Tasks