General
-
Target
ab502b175e52657c1c18ffc778657b80f4a57d05f50ffd4bfe23aa8d6593af60
-
Size
7.0MB
-
Sample
240522-zkk7zagb29
-
MD5
688ef7cf954d56e3995681f7d4e3a0bf
-
SHA1
5fcb85d659e0086732d7918c90e8783a4bb3b488
-
SHA256
ab502b175e52657c1c18ffc778657b80f4a57d05f50ffd4bfe23aa8d6593af60
-
SHA512
4f35086b6b7f8c683e066e51ded183b9411f6b5ba010753380ffd4046610c62222a445c81b8c2383a2c27aad8eb82e58a373b838bb2abc973b1c0210540c1a67
-
SSDEEP
196608:NT8rJbzS2KCY1YU+rtc9DY3EGLAaRiUWDSFSLxY:w5zS2s+U+rtcBBaRivOsLxY
Malware Config
Targets
-
-
Target
ab502b175e52657c1c18ffc778657b80f4a57d05f50ffd4bfe23aa8d6593af60
-
Size
7.0MB
-
MD5
688ef7cf954d56e3995681f7d4e3a0bf
-
SHA1
5fcb85d659e0086732d7918c90e8783a4bb3b488
-
SHA256
ab502b175e52657c1c18ffc778657b80f4a57d05f50ffd4bfe23aa8d6593af60
-
SHA512
4f35086b6b7f8c683e066e51ded183b9411f6b5ba010753380ffd4046610c62222a445c81b8c2383a2c27aad8eb82e58a373b838bb2abc973b1c0210540c1a67
-
SSDEEP
196608:NT8rJbzS2KCY1YU+rtc9DY3EGLAaRiUWDSFSLxY:w5zS2s+U+rtcBBaRivOsLxY
Score8/10-
Checks if the Android device is rooted.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Checks CPU information
Checks CPU information which indicate if the system is an emulator.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the phone number (MSISDN for GSM devices)
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Acquires the wake lock
-
Checks if the internet connection is available
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Foreground Persistence
1Virtualization/Sandbox Evasion
1System Checks
1