Overview

overview

8

Static

static

6

Waze Navig...re.apk

android-13-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Waze Navigation & Live Traffic_4.103.1.2_APKPure.apk

  • Size

    96.9MB

  • Sample

    240522-sj77safe35

  • MD5

    f205b9bd9de6a80d867b3373592fc36b

  • SHA1

    2ea1765d9f7e4744722f068b7acaddcef69d0f00

  • SHA256

    528033ebf8c811afadbd6d3391ad26920eb665ca82fb7f4e590df1ba5efcdf76

  • SHA512

    af0de897b7a7c085a13126a2e0bb2ff4bd6f82b28a58150a8f306196a04fb2614839733fef10f60264db464b125b907ecfe7d3ede2d7d1e9cb9b70632f3d4e46

  • SSDEEP

    1572864:Bhu7QeIhTUqNFOFV3R+QGbWuQF+C2PLUkjncu5NBTQRk6eAAZFjlixiIqvtvaW:BMceiNFqBRvGbWuxLZjcsEReZFjlQYv3

Score
8/10
androidcollectioncredential_accessdiscoveryevasionexecutionimpactpersistence

Malware Config

Targets

    • Target

      Waze Navigation & Live Traffic_4.103.1.2_APKPure.apk

    • Size

      96.9MB

    • MD5

      f205b9bd9de6a80d867b3373592fc36b

    • SHA1

      2ea1765d9f7e4744722f068b7acaddcef69d0f00

    • SHA256

      528033ebf8c811afadbd6d3391ad26920eb665ca82fb7f4e590df1ba5efcdf76

    • SHA512

      af0de897b7a7c085a13126a2e0bb2ff4bd6f82b28a58150a8f306196a04fb2614839733fef10f60264db464b125b907ecfe7d3ede2d7d1e9cb9b70632f3d4e46

    • SSDEEP

      1572864:Bhu7QeIhTUqNFOFV3R+QGbWuQF+C2PLUkjncu5NBTQRk6eAAZFjlixiIqvtvaW:BMceiNFqBRvGbWuxLZjcsEReZFjlQYv3

    Score
    8/10
    collectioncredential_accessdiscoveryevasionexecutionimpactpersistence

    • Checks if the Android device is rooted.

      evasion

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

      evasiondiscovery

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

      collectioncredential_accessimpact

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Acquires the wake lock

    • Checks if the internet connection is available

      discovery

    • Reads information about phone network operator.

      discovery

    • Schedules tasks to execute at a specified time

      Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

      executionpersistence

    • Checks the presence of a debugger

      evasion
    behavioral1

MITRE ATT&CK Matrix

Tasks