Overview

overview

8

Static

static

6

462e131e3b...29.apk

android-9-x86

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    462e131e3b1b3e72f475374496bd6d0067fb271b78d25302f4798764e961e529.apk

  • Size

    2.2MB

  • Sample

    240529-kr3m9shb9w

  • MD5

    e143e7e9c6518566b164d17779aeaced

  • SHA1

    eb5c102409f45d8e3e0c137f5d3f21aed5cc2032

  • SHA256

    462e131e3b1b3e72f475374496bd6d0067fb271b78d25302f4798764e961e529

  • SHA512

    de05f5a053a3b1d445b8e28790a222e27c2cb48e6affdc5a353a76657c0abe5362f8862f5553d226257cf5d369ec3e6dfe4ac02f69b3695a74f5b6ea068bba36

  • SSDEEP

    49152:3bXariYd8Zkxqm3VSd63y8ZipwkHkB1seN0ELOcnDRoG6MnPhbe:LXaOfZkB3VSdKiikuOcnDClMo

Score
8/10
androidcollectioncredential_accessevasionexecutionpersistencestealthtrojan

Malware Config

Targets

    • Target

      462e131e3b1b3e72f475374496bd6d0067fb271b78d25302f4798764e961e529.apk

    • Size

      2.2MB

    • MD5

      e143e7e9c6518566b164d17779aeaced

    • SHA1

      eb5c102409f45d8e3e0c137f5d3f21aed5cc2032

    • SHA256

      462e131e3b1b3e72f475374496bd6d0067fb271b78d25302f4798764e961e529

    • SHA512

      de05f5a053a3b1d445b8e28790a222e27c2cb48e6affdc5a353a76657c0abe5362f8862f5553d226257cf5d369ec3e6dfe4ac02f69b3695a74f5b6ea068bba36

    • SSDEEP

      49152:3bXariYd8Zkxqm3VSd63y8ZipwkHkB1seN0ELOcnDRoG6MnPhbe:LXaOfZkB3VSdKiikuOcnDClMo

    Score
    8/10
    collectioncredential_accessevasionexecutionpersistencestealthtrojan

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Prevents application removal

      Application may abuse the framework's APIs to prevent removal.

      evasion

    • Removes its main activity from the application launcher

      stealthtrojanevasion

    • Requests accessing notifications (often used to intercept notifications before users become aware).

      collectioncredential_access

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Requests enabling of the accessibility settings.

    • Acquires the wake lock

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion

    • Schedules tasks to execute at a specified time

      Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

      executionpersistence

    • Listens for changes in the sensor environment (might be used to detect emulation)

      evasion
    behavioral1

MITRE ATT&CK Mobile v15

Tasks