irata | 01b0e9cb7e864e753261b94e3e652254968d8188562a5abfc240d19fa783bc5f

General

Target

01b0e9cb7e864e753261b94e3e652254968d8188562a5abfc240d19fa783bc5f.bin
Size

4.6MB
Sample

240529-1sqcbsca67
MD5

2c36088fec061815bdcebb93aec8771d
SHA1

e84c7530b996cd455f6fdaaf5f852c39970edf42
SHA256

01b0e9cb7e864e753261b94e3e652254968d8188562a5abfc240d19fa783bc5f
SHA512

cd87c739d424312f961cb7a025dfd708cd07bd5ebbe09918934743a92596d6d2b8e8e33c9d3790eefd529209ca706c75486d2e307fefd3dd98c2aea126247f0e
SSDEEP

98304:u1kVoDshYuBmbMypvBSpoHogIbLD0euD0mD0/D0EgD0nAMD0ID0bD0xjP:ukVoAhJ3ympoHmbLDcDjDmDGDCFDtDGg

Score

10^/10

Malware Config

Targets

- Target
  
  01b0e9cb7e864e753261b94e3e652254968d8188562a5abfc240d19fa783bc5f.bin
- Size
  
  4.6MB
- MD5
  
  2c36088fec061815bdcebb93aec8771d
- SHA1
  
  e84c7530b996cd455f6fdaaf5f852c39970edf42
- SHA256
  
  01b0e9cb7e864e753261b94e3e652254968d8188562a5abfc240d19fa783bc5f
- SHA512
  
  cd87c739d424312f961cb7a025dfd708cd07bd5ebbe09918934743a92596d6d2b8e8e33c9d3790eefd529209ca706c75486d2e307fefd3dd98c2aea126247f0e
- SSDEEP
  
  98304:u1kVoDshYuBmbMypvBSpoHogIbLD0euD0mD0/D0EgD0nAMD0ID0bD0xjP:ukVoAhJ3ympoHmbLDcDjDmDGDCFDtDGg
Score

8^/10

banker collection credential_access discovery evasion persistence impact
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Prevents application removal
  Application may abuse the framework's APIs to prevent removal.
  evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Requests accessing notifications (often used to intercept notifications before users become aware).
  collection credential_access
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries the mobile country code (MCC)
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Acquires the wake lock
behavioral1 behavioral2 behavioral3