General

  • Target

    up_store.apk

  • Size

    16.4MB

  • Sample

    240521-ljsnrsge65

  • MD5

    973d28fbba494d752bbb32b20bd4d88f

  • SHA1

    fc64c929995f0d155494a2ef074844b37b7bb724

  • SHA256

    2b017ecb168e9f621e06bada9687067033a4894cbc3bf6878f4290e013d3182b

  • SHA512

    d606e05ed4139e60f85081c643d69fbfe44753a3251432352c78facafbb825db05faf3aac84a380a0227d3cbf750d81e9643f661b489c00a021dbbe67f34435d

  • SSDEEP

    196608:0JmVeljrZaCPx/BD742kUc3ewJ0vmzVU8Gq6xdFZXoEKK6R9JMzP60OzaydP7:8ieZrZn+304qxdP4Ea/SnQ

Malware Config

Targets

    • Target

      up_store.apk

    • Size

      16.4MB

    • MD5

      973d28fbba494d752bbb32b20bd4d88f

    • SHA1

      fc64c929995f0d155494a2ef074844b37b7bb724

    • SHA256

      2b017ecb168e9f621e06bada9687067033a4894cbc3bf6878f4290e013d3182b

    • SHA512

      d606e05ed4139e60f85081c643d69fbfe44753a3251432352c78facafbb825db05faf3aac84a380a0227d3cbf750d81e9643f661b489c00a021dbbe67f34435d

    • SSDEEP

      196608:0JmVeljrZaCPx/BD742kUc3ewJ0vmzVU8Gq6xdFZXoEKK6R9JMzP60OzaydP7:8ieZrZn+304qxdP4Ea/SnQ

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

    • Checks the application is allowed to request package installs through the package installer

      Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Requests allowing to install additional applications from unknown sources.

    • Checks if the internet connection is available

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Schedules tasks to execute at a specified time

      Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

MITRE ATT&CK Mobile v15

Tasks