General

  • Target

    890814e53dca788e353433be8f1d28c2.apk

  • Size

    9.1MB

  • Sample

    240603-seb9jsac7x

  • MD5

    890814e53dca788e353433be8f1d28c2

  • SHA1

    1201511ffd20cb07cdcc5c43b8d78596119f5b2c

  • SHA256

    8c636cf0b0e28fd5af9f394dbfcc0037ace5e351736eb3dbbb7505609aff56b9

  • SHA512

    f976911db54eff8c3b16954b34fc425e5f0909b3fc34080ff5ffc9ad45fc0f0744faebdde80d7ebea53f1dfbb0e68de41116473fd2d44cb395ae960b6c18328a

  • SSDEEP

    196608:GKFspWqSLS4eRvdIe14LPvhmv2Df+b/NtinMMhXfojKjZbyPvSKf01/:VONceRlIeqLPvwRbFsgnDG/

Malware Config

Targets

    • Target

      890814e53dca788e353433be8f1d28c2.apk

    • Size

      9.1MB

    • MD5

      890814e53dca788e353433be8f1d28c2

    • SHA1

      1201511ffd20cb07cdcc5c43b8d78596119f5b2c

    • SHA256

      8c636cf0b0e28fd5af9f394dbfcc0037ace5e351736eb3dbbb7505609aff56b9

    • SHA512

      f976911db54eff8c3b16954b34fc425e5f0909b3fc34080ff5ffc9ad45fc0f0744faebdde80d7ebea53f1dfbb0e68de41116473fd2d44cb395ae960b6c18328a

    • SSDEEP

      196608:GKFspWqSLS4eRvdIe14LPvhmv2Df+b/NtinMMhXfojKjZbyPvSKf01/:VONceRlIeqLPvwRbFsgnDG/

    Score
    8/10
    • Checks if the Android device is rooted.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Target

      asd.apk

    • Size

      6.4MB

    • MD5

      a5e92ba54ff5e7e01144304e88a90cd7

    • SHA1

      00bcad8a52631937c4a90664021cc23a0984b819

    • SHA256

      97b88089fa97505c27fe86ab3ee1ff2e04863585cdb29b7f5dcbf07b9753b471

    • SHA512

      2dfab04934ed585c6113b5dfdd98fbeae54f5f13b7fcd48fcc17bc692193447e5c4525b9eb7673baabe699b2275ccb5560affff85f12438819a00fff43d70d32

    • SSDEEP

      98304:z94vu8Q4YBGD50NNvpNOQ/5MT1phXNj2020lq/ephsICcKiLI:z9iuHc90NppN5ophZF20EmXsIfK7

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries the phone number (MSISDN for GSM devices)

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Checks if the internet connection is available

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

    • Schedules tasks to execute at a specified time

      Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    • Target

      base.apk

    • Size

      313KB

    • MD5

      80fc9f41ca450ca5f089a9785b982925

    • SHA1

      b3450a1422881f0b78554eb1695887c578856487

    • SHA256

      a55aef8fdfaf4152b5653900c6465a72a2cac8695f92b935b14af70df6792ffa

    • SHA512

      c20ab215dbc2499bc8eb1cae150d4b0c5feeadd390de7974dfdae2acfc71afcd24db23d0db54b4c4634b7bb65c99865c3f382c6946d3c8522bc039b5437767cd

    • SSDEEP

      6144:nIKApPu6xdwXbbuO3+wL+vu+hKZ0FoBFqDoi+q5dhhye:Z+G6Lgbu8+wL+NhKZ0FoyDoi+qrhhye

    Score
    7/10
    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries the phone number (MSISDN for GSM devices)

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Mobile v15

Tasks