General
-
Target
1.apk
-
Size
14.5MB
-
Sample
240523-pgk3paha74
-
MD5
603ae1751c4278cf0b306b142580b1f3
-
SHA1
9e49d6ff09d44752135a85d029e8450c35f82394
-
SHA256
ad1653a80c8b576805c5d722b4e5168f420b5819a1778b147465545682dec7d8
-
SHA512
02a18c38532feeea90783ae023b95b0ddcf587a35bf2234a2443542dfd954250ab1ce04ed36e643140857e1234c60f9dbc60584e846ebeaeb6a29df5999f9387
-
SSDEEP
393216:zhGL5jFRvTg/fUNmeBhhvjBxvsPh509n5a0hJiwjMV:zKjPvU/fkBXjBxvtJ5aGimO
Malware Config
Targets
-
-
Target
1.apk
-
Size
14.5MB
-
MD5
603ae1751c4278cf0b306b142580b1f3
-
SHA1
9e49d6ff09d44752135a85d029e8450c35f82394
-
SHA256
ad1653a80c8b576805c5d722b4e5168f420b5819a1778b147465545682dec7d8
-
SHA512
02a18c38532feeea90783ae023b95b0ddcf587a35bf2234a2443542dfd954250ab1ce04ed36e643140857e1234c60f9dbc60584e846ebeaeb6a29df5999f9387
-
SSDEEP
393216:zhGL5jFRvTg/fUNmeBhhvjBxvsPh509n5a0hJiwjMV:zKjPvU/fkBXjBxvtJ5aGimO
Score8/10-
Checks if the Android device is rooted.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Requests cell location
Uses Android APIs to to get current cell location.
-
Checks known Qemu files.
Checks for known Qemu files that exist on Android virtual device images.
-
Checks known Qemu pipes.
Checks for known pipes used by the Android emulator to communicate with the host.
-
Checks memory information
Checks memory information which indicate if the system is an emulator.
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Checks if the internet connection is available
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
Reads information about phone network operator.
-
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
3System Checks
3