General

  • Target

    ee5ffa9a25bf909b27e35c9ad2341522600248eef7e744833c0e1dc383376ff3.apk

  • Size

    53.6MB

  • Sample

    240521-rhaz8agf65

  • MD5

    84282112dbe52849adf0031eec26bb2c

  • SHA1

    21dac90ce09633ef08fe592e098301307200751d

  • SHA256

    ee5ffa9a25bf909b27e35c9ad2341522600248eef7e744833c0e1dc383376ff3

  • SHA512

    a4b29b47dd7b85e05c2104dffb35d0193c84d7925e54143355ed54dc7b7e20fb08d64f25b5226f084fe1dba566b2bade10cc95e589f064942eff66e9f9c40262

  • SSDEEP

    393216:6M2G64U1/sOv96jFCTq4xcTlS3OnxHj8kKx8qpDFsjely0YyeS:j64U1fdMxgkJ4DFO5yeS

Malware Config

Targets

    • Target

      ee5ffa9a25bf909b27e35c9ad2341522600248eef7e744833c0e1dc383376ff3.apk

    • Size

      53.6MB

    • MD5

      84282112dbe52849adf0031eec26bb2c

    • SHA1

      21dac90ce09633ef08fe592e098301307200751d

    • SHA256

      ee5ffa9a25bf909b27e35c9ad2341522600248eef7e744833c0e1dc383376ff3

    • SHA512

      a4b29b47dd7b85e05c2104dffb35d0193c84d7925e54143355ed54dc7b7e20fb08d64f25b5226f084fe1dba566b2bade10cc95e589f064942eff66e9f9c40262

    • SSDEEP

      393216:6M2G64U1/sOv96jFCTq4xcTlS3OnxHj8kKx8qpDFsjely0YyeS:j64U1fdMxgkJ4DFO5yeS

    • Checks if the Android device is rooted.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the phone number (MSISDN for GSM devices)

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Acquires the wake lock

    • Checks if the internet connection is available

    • Reads information about phone network operator.

    • Schedules tasks to execute at a specified time

      Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    • Checks the presence of a debugger

MITRE ATT&CK Mobile v15

Tasks