xamalicious | 9c068fa63a0a9c28a8b592a6cb68b155d657274cc87e2dd96b54471feb84b4ef | Triage

Sharing

General

Target

aa.apk
Size

12.5MB
Sample

240524-pwhk4scf5y
MD5

a984c7b9ebb9b8b294b72eb82992fc4a
SHA1

7047659db4fae7a900c3f63bb9121cf6ba0b86b6
SHA256

9c068fa63a0a9c28a8b592a6cb68b155d657274cc87e2dd96b54471feb84b4ef
SHA512

5488558bbad789446e14289aaa001856e8692576a89865546e6e56736d57a57259992e6260105e92c25fcfafd04c8d70a9507e03400359c6804fa383ed72d04f
SSDEEP

196608:T/JuA0wv1RVvr7ouI3x1WUYKpoUnhQrXFIMBM3rWwXaAqwqOSkq5o13ATRgUDj:T/Juv23Vvr7o1xLxrk1IWeqIqT5C3F4

Score

10^/10

xamalicious android discovery evasion persistence

Malware Config

Targets

- Target
  
  aa.apk
- Size
  
  12.5MB
- MD5
  
  a984c7b9ebb9b8b294b72eb82992fc4a
- SHA1
  
  7047659db4fae7a900c3f63bb9121cf6ba0b86b6
- SHA256
  
  9c068fa63a0a9c28a8b592a6cb68b155d657274cc87e2dd96b54471feb84b4ef
- SHA512
  
  5488558bbad789446e14289aaa001856e8692576a89865546e6e56736d57a57259992e6260105e92c25fcfafd04c8d70a9507e03400359c6804fa383ed72d04f
- SSDEEP
  
  196608:T/JuA0wv1RVvr7ouI3x1WUYKpoUnhQrXFIMBM3rWwXaAqwqOSkq5o13ATRgUDj:T/Juv23Vvr7o1xLxrk1IWeqIqT5C3F4
Score

7^/10

discovery evasion persistence
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistence