General
-
Target
upgrade.apk
-
Size
8.6MB
-
Sample
240521-f4h26sbd32
-
MD5
879341f5413a5c3b7c2ae9cb1dcfd63a
-
SHA1
09115e34bb0bfe8d649237993f995c5161363c54
-
SHA256
3cff417e481167c5065842c64f44b070538d993381d8cee8313ad1fd211e8999
-
SHA512
05ac12cdc81561107a90029eb83a6fbf249ea67beb4c8a282b71046c0438a37e6dfe34d0e95d49e738eb63812631af0a833c6ddecf489eaf407eab749b2c75c9
-
SSDEEP
196608:/J1eEIs5uMib8n0QKpVHlEmshxNJgYpnnrEjc02:B0Ed5MHmmsZu4nnwI02
Static task
static1
Behavioral task
behavioral1
Sample
upgrade.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
upgrade.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
upgrade.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral4
Sample
childapp.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral5
Sample
childapp.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral6
Sample
childapp.apk
Resource
android-x64-arm64-20240514-en
Malware Config
Extracted
spynote
chutiyahaitu.duckdns.org:chutiyahaitu.duckdns.org:8080:8080
Targets
-
-
Target
upgrade.apk
-
Size
8.6MB
-
MD5
879341f5413a5c3b7c2ae9cb1dcfd63a
-
SHA1
09115e34bb0bfe8d649237993f995c5161363c54
-
SHA256
3cff417e481167c5065842c64f44b070538d993381d8cee8313ad1fd211e8999
-
SHA512
05ac12cdc81561107a90029eb83a6fbf249ea67beb4c8a282b71046c0438a37e6dfe34d0e95d49e738eb63812631af0a833c6ddecf489eaf407eab749b2c75c9
-
SSDEEP
196608:/J1eEIs5uMib8n0QKpVHlEmshxNJgYpnnrEjc02:B0Ed5MHmmsZu4nnwI02
-
-
-
Target
childapp.apk
-
Size
3.1MB
-
MD5
2b499c1a64c45ce2959eb18fe64b2a6c
-
SHA1
0466e8938274b0c7c20c10c462452f6669dbd559
-
SHA256
38f104e1ebe425c3c3d00fc4e7d0e516173cf3ffb0774031514fc1b8ed6f212d
-
SHA512
c80c58bbb68e65694e45a7914b2f7687eb91c58a9f0bcaffc1eaeda4c358fe82e7201d11178b27da17df63d83c72e41faed08439690de256f2533e0e4702a6c8
-
SSDEEP
49152:EqjG1eSMlFIOW2B/pQYqjA8gAI0O2Aw/moHNebj+V+iKZtl8cPBuI3FS:EqCzMk2tq2307jebDiK3l8ML4
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries the mobile country code (MCC)
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Acquires the wake lock
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Schedules tasks to execute at a specified time
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-