General
-
Target
4f9e3a49ec175a743f79aea093757dc8c30b1bb46f3bc2e8aad52b760579e082.bin
-
Size
2.9MB
-
Sample
240603-ac4xnsdc35
-
MD5
7a15f5c0bd355388f7adc7c5e71a2438
-
SHA1
4b4bcde9ac46612847ee59cd77a3cc49270369ba
-
SHA256
4f9e3a49ec175a743f79aea093757dc8c30b1bb46f3bc2e8aad52b760579e082
-
SHA512
6c743873d8ddbea73fec723400a41b1ec6e1c18b9da9e98b89d191aa7bf01897af47c485f8ac9428c2817d083646345ba1f6b63dfb98372aad5cf61b32026263
-
SSDEEP
49152:2GvFP4C7Lvkc0PGX8411qv2oaOcAapT2727J17EirQH0D:xtP4xXPfQ1wXcp17EirQHi
Static task
static1
Behavioral task
behavioral1
Sample
4f9e3a49ec175a743f79aea093757dc8c30b1bb46f3bc2e8aad52b760579e082.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
4f9e3a49ec175a743f79aea093757dc8c30b1bb46f3bc2e8aad52b760579e082.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
4f9e3a49ec175a743f79aea093757dc8c30b1bb46f3bc2e8aad52b760579e082.apk
Resource
android-x64-arm64-20240514-en
Malware Config
Targets
-
-
Target
4f9e3a49ec175a743f79aea093757dc8c30b1bb46f3bc2e8aad52b760579e082.bin
-
Size
2.9MB
-
MD5
7a15f5c0bd355388f7adc7c5e71a2438
-
SHA1
4b4bcde9ac46612847ee59cd77a3cc49270369ba
-
SHA256
4f9e3a49ec175a743f79aea093757dc8c30b1bb46f3bc2e8aad52b760579e082
-
SHA512
6c743873d8ddbea73fec723400a41b1ec6e1c18b9da9e98b89d191aa7bf01897af47c485f8ac9428c2817d083646345ba1f6b63dfb98372aad5cf61b32026263
-
SSDEEP
49152:2GvFP4C7Lvkc0PGX8411qv2oaOcAapT2727J17EirQH0D:xtP4xXPfQ1wXcp17EirQHi
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Checks known Qemu files.
Checks for known Qemu files that exist on Android virtual device images.
-
Checks known Qemu pipes.
Checks for known pipes used by the Android emulator to communicate with the host.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries the mobile country code (MCC)
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Acquires the wake lock
-
Checks if the internet connection is available
-
Schedules tasks to execute at a specified time
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Checks the presence of a debugger
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Input Injection
1Virtualization/Sandbox Evasion
4System Checks
4Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
Software Discovery
1Security Software Discovery
1System Information Discovery
2System Network Configuration Discovery
1System Network Connections Discovery
1