a041bc05ffa20dc6df3387818a06329b54c84ca70cb281c0358d936aee0b3858 | Triage

Resubmissions

29-05-2024 07:28

240529-jaxj9afa3z 7

21-05-2024 14:19

240521-rmybbagg99 10

Sharing

General

Target

a041bc05ffa20dc6df3387818a06329b54c84ca70cb281c0358d936aee0b3858.apk
Size

68.9MB
Sample

240529-jaxj9afa3z
MD5

7a5a2264a38d14ec36629301a1f97ed3
SHA1

9ff4d9a4fd79a6decdfc452d21f5954a90703398
SHA256

a041bc05ffa20dc6df3387818a06329b54c84ca70cb281c0358d936aee0b3858
SHA512

88bb457453d9831805199f588b24517e2f88a86fb1e0bafd3b1be3cb19b4ae115e6f42081aa723ec1653d6bfd6ea95601dc39b7893a7812f417e4b232f6843a5
SSDEEP

1572864:zbjAo4jkKsBxhMCb7ZMU1B+3cd9xXX0GQocKL:bcjkVhMChv1S+DfcI

Score

7^/10

android collection discovery evasion persistence

Malware Config

Targets

- Target
  
  a041bc05ffa20dc6df3387818a06329b54c84ca70cb281c0358d936aee0b3858.apk
- Size
  
  68.9MB
- MD5
  
  7a5a2264a38d14ec36629301a1f97ed3
- SHA1
  
  9ff4d9a4fd79a6decdfc452d21f5954a90703398
- SHA256
  
  a041bc05ffa20dc6df3387818a06329b54c84ca70cb281c0358d936aee0b3858
- SHA512
  
  88bb457453d9831805199f588b24517e2f88a86fb1e0bafd3b1be3cb19b4ae115e6f42081aa723ec1653d6bfd6ea95601dc39b7893a7812f417e4b232f6843a5
- SSDEEP
  
  1572864:zbjAo4jkKsBxhMCb7ZMU1B+3cd9xXX0GQocKL:bcjkVhMChv1S+DfcI
Score

7^/10

collection discovery evasion persistence
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks known Qemu pipes.
  Checks for known pipes used by the Android emulator to communicate with the host.
  evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries account information for other applications stored on the device
  Application may abuse the framework's APIs to collect account information stored on the device.
  collection
- Reads the contacts stored on the device.
  collection
- Reads the content of photos stored on the user's device.
  collection
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Acquires the wake lock
- Checks if the internet connection is available
  discovery
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Information Discovery

System Network Connections Discovery

Lateral Movement

Collection

Data from Local System

Protected User Data

Contact List

Stored Application Data

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

collectiondiscoveryevasionpersistence

behavioral2

collectiondiscoveryevasion

behavioral3

collectiondiscoveryevasion

behavioral4

collectiondiscoveryevasionpersistence