General

  • Target

    d4eb473c06270ed1114712050c2415b984d4a86db2084a7a9014c5fe45f6ebf4.bin

  • Size

    2.9MB

  • Sample

    240521-1x7geabg85

  • MD5

    450c641f833bd3721bf2f04678d79734

  • SHA1

    aad371b7f3e322987bf915248e8672ee7594dbe4

  • SHA256

    d4eb473c06270ed1114712050c2415b984d4a86db2084a7a9014c5fe45f6ebf4

  • SHA512

    7b4603b95b7cbfa4755224d81803103b2b9837bc9e8079d58c9e6610887157616168b217bd2118c230362ed06e210919ef578ed5c677b276db2833a2e6a2225c

  • SSDEEP

    49152:7L0DwJGguyA9gdcgvKN2ZRaLcvvKcznFDGoS4WHNHG/+RznVI7L40hRCtxb53DQg:7L0D6Jf5AN2ZcLcviAdS4kpe+BnVI7Lc

Malware Config

Targets

    • Target

      d4eb473c06270ed1114712050c2415b984d4a86db2084a7a9014c5fe45f6ebf4.bin

    • Size

      2.9MB

    • MD5

      450c641f833bd3721bf2f04678d79734

    • SHA1

      aad371b7f3e322987bf915248e8672ee7594dbe4

    • SHA256

      d4eb473c06270ed1114712050c2415b984d4a86db2084a7a9014c5fe45f6ebf4

    • SHA512

      7b4603b95b7cbfa4755224d81803103b2b9837bc9e8079d58c9e6610887157616168b217bd2118c230362ed06e210919ef578ed5c677b276db2833a2e6a2225c

    • SSDEEP

      49152:7L0DwJGguyA9gdcgvKN2ZRaLcvvKcznFDGoS4WHNHG/+RznVI7L40hRCtxb53DQg:7L0D6Jf5AN2ZcLcviAdS4kpe+BnVI7Lc

    Score
    1/10
    • Target

      vm.apk

    • Size

      397KB

    • MD5

      b8c7a837b7f373e4260de6d845198bd7

    • SHA1

      35010df07f54493c6fd885d4150ad603029d6804

    • SHA256

      7ae6cd93a57bec3abbb43e34bd70ced4e460f96f1d734ab5711ac5b642905c7b

    • SHA512

      feec1a74dd224ba7ff67416077f13dd7b479d0bde9cbce62ebc53f1290726f628238aa69b3429aee382aecd59c7f2f189b5de0aa5f841091ee144e421b4c6602

    • SSDEEP

      12288:Ts4/FZrWgUOVgnDPj1C/wxO8vQ9olHFdRpGxM:TrCgQnDJ9xXNFdv5

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries the phone number (MSISDN for GSM devices)

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Tries to add a device administrator.

    • Acquires the wake lock

    • Checks if the internet connection is available

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

    • Schedules tasks to execute at a specified time

      Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

MITRE ATT&CK Matrix

Tasks