General

  • Target

    4f9e3a49ec175a743f79aea093757dc8c30b1bb46f3bc2e8aad52b760579e082.bin

  • Size

    2.9MB

  • Sample

    240603-ac4xnsdc35

  • MD5

    7a15f5c0bd355388f7adc7c5e71a2438

  • SHA1

    4b4bcde9ac46612847ee59cd77a3cc49270369ba

  • SHA256

    4f9e3a49ec175a743f79aea093757dc8c30b1bb46f3bc2e8aad52b760579e082

  • SHA512

    6c743873d8ddbea73fec723400a41b1ec6e1c18b9da9e98b89d191aa7bf01897af47c485f8ac9428c2817d083646345ba1f6b63dfb98372aad5cf61b32026263

  • SSDEEP

    49152:2GvFP4C7Lvkc0PGX8411qv2oaOcAapT2727J17EirQH0D:xtP4xXPfQ1wXcp17EirQHi

Malware Config

Targets

    • Target

      4f9e3a49ec175a743f79aea093757dc8c30b1bb46f3bc2e8aad52b760579e082.bin

    • Size

      2.9MB

    • MD5

      7a15f5c0bd355388f7adc7c5e71a2438

    • SHA1

      4b4bcde9ac46612847ee59cd77a3cc49270369ba

    • SHA256

      4f9e3a49ec175a743f79aea093757dc8c30b1bb46f3bc2e8aad52b760579e082

    • SHA512

      6c743873d8ddbea73fec723400a41b1ec6e1c18b9da9e98b89d191aa7bf01897af47c485f8ac9428c2817d083646345ba1f6b63dfb98372aad5cf61b32026263

    • SSDEEP

      49152:2GvFP4C7Lvkc0PGX8411qv2oaOcAapT2727J17EirQH0D:xtP4xXPfQ1wXcp17EirQHi

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

    • Checks known Qemu files.

      Checks for known Qemu files that exist on Android virtual device images.

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries the mobile country code (MCC)

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Acquires the wake lock

    • Checks if the internet connection is available

    • Schedules tasks to execute at a specified time

      Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    • Checks the presence of a debugger

MITRE ATT&CK Mobile v15

Tasks