cf5c9f055e5f43d70e575a52080351cb9e5a851f2058d1c8c1dd6dc2ea454fe6 | Triage

Sharing

General

Target

cf5c9f055e5f43d70e575a52080351cb9e5a851f2058d1c8c1dd6dc2ea454fe6.bin
Size

4.8MB
Sample

240523-1w8cbaad88
MD5

ee223733a9d1d6b7edc9877d9ed0e251
SHA1

ec7cc098bdf56a58df93b1d6626786ab59224870
SHA256

cf5c9f055e5f43d70e575a52080351cb9e5a851f2058d1c8c1dd6dc2ea454fe6
SHA512

e99f2fe7a54a688b69db05da6dd7377e98482d78ff592ca2e640043872d9225e975ce03a094f86167598a931d768b5ae9489ba869055587a1b44cac286be6942
SSDEEP

98304:24x5SbExfdJ3d2ZrXbO/1vfFS2fPQEJT/6O2v4e:24x51XCa1v9S2HtJWzQe

Score

8^/10

android banker collection discovery evasion persistence

Malware Config

Targets

- Target
  
  cf5c9f055e5f43d70e575a52080351cb9e5a851f2058d1c8c1dd6dc2ea454fe6.bin
- Size
  
  4.8MB
- MD5
  
  ee223733a9d1d6b7edc9877d9ed0e251
- SHA1
  
  ec7cc098bdf56a58df93b1d6626786ab59224870
- SHA256
  
  cf5c9f055e5f43d70e575a52080351cb9e5a851f2058d1c8c1dd6dc2ea454fe6
- SHA512
  
  e99f2fe7a54a688b69db05da6dd7377e98482d78ff592ca2e640043872d9225e975ce03a094f86167598a931d768b5ae9489ba869055587a1b44cac286be6942
- SSDEEP
  
  98304:24x5SbExfdJ3d2ZrXbO/1vfFS2fPQEJT/6O2v4e:24x51XCa1v9S2HtJWzQe
Score

8^/10

banker collection discovery persistence evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Reads the content of SMS inbox messages.
  collection
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Credential Access

Discovery

Software Discovery

Security Software Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Protected User Data

SMS Messages

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bankercollectiondiscoverypersistence

behavioral2

bankercollectiondiscoverypersistence

behavioral3

bankercollectiondiscoveryevasion