General

  • Target

    honeygain_app.apk

  • Size

    8.2MB

  • Sample

    240522-pjvpxaaf8w

  • MD5

    ed3a52f98dee0e529b4df3cd6505bd02

  • SHA1

    8b358b1484693575364f95803b39e3ffd9ab62b5

  • SHA256

    9aaab216f4a485006475dfab6e275b3a8ba9adb2439a3d7baadd14abc72c921d

  • SHA512

    11688bf82de60ffae79ff14b05a39894b1703e4c579bace3c713c8dce98b037df3cac0b2adea0819ca20dd6e6f3fdf5e5366ae205a116a54ac9322724d37ba87

  • SSDEEP

    196608:WQorOi96XSiHqs3i3jQct4P34JyWBpUKIBLvFl:WHQqHjQHoJyWnOb/

Malware Config

Targets

    • Target

      honeygain_app.apk

    • Size

      8.2MB

    • MD5

      ed3a52f98dee0e529b4df3cd6505bd02

    • SHA1

      8b358b1484693575364f95803b39e3ffd9ab62b5

    • SHA256

      9aaab216f4a485006475dfab6e275b3a8ba9adb2439a3d7baadd14abc72c921d

    • SHA512

      11688bf82de60ffae79ff14b05a39894b1703e4c579bace3c713c8dce98b037df3cac0b2adea0819ca20dd6e6f3fdf5e5366ae205a116a54ac9322724d37ba87

    • SSDEEP

      196608:WQorOi96XSiHqs3i3jQct4P34JyWBpUKIBLvFl:WHQqHjQHoJyWnOb/

    • Checks if the Android device is rooted.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Acquires the wake lock

    • Checks if the internet connection is available

    • Reads information about phone network operator.

    • Schedules tasks to execute at a specified time

      Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    • Listens for changes in the sensor environment (might be used to detect emulation)

MITRE ATT&CK Matrix

Tasks