General

  • Target

    yzxj-V3.0.8.apk

  • Size

    6.1MB

  • Sample

    240523-qek6cacb7s

  • MD5

    6fc57ba747cc519582bccb292679fe6e

  • SHA1

    c520779703703899615677a6647e12b51a01989a

  • SHA256

    a520b2fb06448ed7dadc7d1b122af67b3bd97c0e984f6f4a454ec42037a9b340

  • SHA512

    6d9bc83e32bfcea2ce19434bca1407dbfee43e8b968509ddd20f1bca4da98bb073969363df56b542efea566370e04e99e4cc25d67c2c7bd308e1dccd630604c6

  • SSDEEP

    98304:LRJjOMuU8pY00870nxwhusH1L7ALJRrp0bHCQO4vbySD5WlG0QDrJtlJMhD+MZ:LbfubCxwhuc3SJRrc5OALDeSr3lJMNZ

Malware Config

Targets

    • Target

      yzxj-V3.0.8.apk

    • Size

      6.1MB

    • MD5

      6fc57ba747cc519582bccb292679fe6e

    • SHA1

      c520779703703899615677a6647e12b51a01989a

    • SHA256

      a520b2fb06448ed7dadc7d1b122af67b3bd97c0e984f6f4a454ec42037a9b340

    • SHA512

      6d9bc83e32bfcea2ce19434bca1407dbfee43e8b968509ddd20f1bca4da98bb073969363df56b542efea566370e04e99e4cc25d67c2c7bd308e1dccd630604c6

    • SSDEEP

      98304:LRJjOMuU8pY00870nxwhusH1L7ALJRrp0bHCQO4vbySD5WlG0QDrJtlJMhD+MZ:LbfubCxwhuc3SJRrc5OALDeSr3lJMNZ

    • Checks if the Android device is rooted.

    • Checks known Qemu files.

      Checks for known Qemu files that exist on Android virtual device images.

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries the mobile country code (MCC)

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Checks if the internet connection is available

MITRE ATT&CK Mobile v15

Tasks