meduza | e29fa10b148be279c203e1f9079e7245b834f7912534c1bf4180af37686f621e | Triage

Submit
Reports

Overview

overview

Static

static

BaSalam.apk

android-9-x86

8

BaSalam.apk

android-10-x64

8

BaSalam.apk

android-11-x64

8

Sharing

General

Target

BaSalam.apk
Size

14.7MB
Sample

240522-n2matafb34
MD5

a973b538df92c14d3573be32454b1639
SHA1

f3b7e2e07510d5b889d617dbbf78714a92fac0a1
SHA256

e29fa10b148be279c203e1f9079e7245b834f7912534c1bf4180af37686f621e
SHA512

bb3a1ed95f5c9d03b3bcd511537da816e35ca1f4c867f87bb055bf4f7ca5ca392f5a446ab1ae21699488d50040bffd9ac3c333a625dd96f7ba0fd1411224fe4c
SSDEEP

393216:Le7WIw0L7MzJ3lfSPvS5xrOQi7JAgECYt5TI1mNRI36It:Leu0/Mz1laXWrOQiMC25E1mrwxt

Score

10^/10

meduza android discovery evasion execution impact persistence

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

BaSalam.apk

Resource

android-x86-arm-20240514-en

discovery evasion execution impact persistence

android-9-x86

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

BaSalam.apk

Resource

android-x64-20240514-en

discovery evasion execution impact persistence

android-10-x64

12 signatures

150 seconds

Behavioral task

behavioral3

Sample

BaSalam.apk

Resource

android-x64-arm64-20240514-en

discovery evasion execution impact persistence

android-11-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  BaSalam.apk
- Size
  
  14.7MB
- MD5
  
  a973b538df92c14d3573be32454b1639
- SHA1
  
  f3b7e2e07510d5b889d617dbbf78714a92fac0a1
- SHA256
  
  e29fa10b148be279c203e1f9079e7245b834f7912534c1bf4180af37686f621e
- SHA512
  
  bb3a1ed95f5c9d03b3bcd511537da816e35ca1f4c867f87bb055bf4f7ca5ca392f5a446ab1ae21699488d50040bffd9ac3c333a625dd96f7ba0fd1411224fe4c
- SSDEEP
  
  393216:Le7WIw0L7MzJ3lfSPvS5xrOQi7JAgECYt5TI1mNRI36It:Leu0/Mz1laXWrOQiMC25E1mrwxt
Score

8^/10

discovery evasion execution impact persistence
- Checks if the Android device is rooted.
  evasion
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries the mobile country code (MCC)
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Acquires the wake lock
- Checks if the internet connection is available
  discovery
- Reads information about phone network operator.
  discovery
- Schedules tasks to execute at a specified time
  Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
  execution persistence
- Checks the presence of a debugger
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

discoveryevasionexecutionimpactpersistence

behavioral2

discoveryevasionexecutionimpactpersistence

behavioral3

discoveryevasionexecutionimpactpersistence

© 2018-2024

Terms | Privacy