8d542d635655b156904ca9f2d00edc01896a04343f1e352885d7be05e2cf0141 | Triage

Sharing

General

Target

Matsuri-0.5.11-x86_2.apk
Size

14.5MB
Sample

240524-n5t5tshc54
MD5

d163548357184fbd7486095ca7304290
SHA1

39edd5f2d93a15c175b69995f1380d0a0f3823e1
SHA256

8d542d635655b156904ca9f2d00edc01896a04343f1e352885d7be05e2cf0141
SHA512

d3486868467ba42c15229d68b1fbb1e59d36d2850f73b9895885c1b592f354882613f5b05194f25d68e386b13b67f33050deee96aa2557eb195810d632b3dc26
SSDEEP

393216:+Si6LaHxcspm165ZrkALdNg3X0sCOEGVuIqh++y:+SfLaOspHrncDaMqFy

Score

8^/10

android banker discovery evasion persistence

Malware Config

Targets

- Target
  
  Matsuri-0.5.11-x86_2.apk
- Size
  
  14.5MB
- MD5
  
  d163548357184fbd7486095ca7304290
- SHA1
  
  39edd5f2d93a15c175b69995f1380d0a0f3823e1
- SHA256
  
  8d542d635655b156904ca9f2d00edc01896a04343f1e352885d7be05e2cf0141
- SHA512
  
  d3486868467ba42c15229d68b1fbb1e59d36d2850f73b9895885c1b592f354882613f5b05194f25d68e386b13b67f33050deee96aa2557eb195810d632b3dc26
- SSDEEP
  
  393216:+Si6LaHxcspm165ZrkALdNg3X0sCOEGVuIqh++y:+SfLaOspHrncDaMqFy
Score

8^/10

banker discovery persistence evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bankerdiscoverypersistence

behavioral2

bankerdiscoverypersistence

behavioral3

bankerdiscoveryevasion