General

  • Target

    d877a03384c80230321a10936843294ada4cdfa398cce0856ad7a5705a6e829b.apk

  • Size

    8.9MB

  • Sample

    240603-sfhgysbe69

  • MD5

    be76c299852532ca1ae9c7bbe72909fc

  • SHA1

    642ab5cd8cccf439d0f77c45b6bfe8768d201788

  • SHA256

    d877a03384c80230321a10936843294ada4cdfa398cce0856ad7a5705a6e829b

  • SHA512

    cc60703f10307b5f60bfd5f54e8a41e8f86fd45d5e6eba9fce411092ad0da7b44f80e7796ad5e627b68e5411f63c2dccd9c56b6f9906502dd82c49cdab6a3df0

  • SSDEEP

    196608:IkWOUDroXC7xjr1/PemdXUpWnH9qSzp+kS9Y+VsIXiHpvOz8OF6:INAgFXdKWdn++osIiHptu6

Malware Config

Targets

    • Target

      d877a03384c80230321a10936843294ada4cdfa398cce0856ad7a5705a6e829b.apk

    • Size

      8.9MB

    • MD5

      be76c299852532ca1ae9c7bbe72909fc

    • SHA1

      642ab5cd8cccf439d0f77c45b6bfe8768d201788

    • SHA256

      d877a03384c80230321a10936843294ada4cdfa398cce0856ad7a5705a6e829b

    • SHA512

      cc60703f10307b5f60bfd5f54e8a41e8f86fd45d5e6eba9fce411092ad0da7b44f80e7796ad5e627b68e5411f63c2dccd9c56b6f9906502dd82c49cdab6a3df0

    • SSDEEP

      196608:IkWOUDroXC7xjr1/PemdXUpWnH9qSzp+kS9Y+VsIXiHpvOz8OF6:INAgFXdKWdn++osIiHptu6

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

    • Checks the application is allowed to request package installs through the package installer

      Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries the mobile country code (MCC)

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Requests allowing to install additional applications from unknown sources.

    • Declares services with permission to bind to the system

    • Requests dangerous framework permissions

    • Checks the presence of a debugger

    • Target

      asd.apk

    • Size

      6.0MB

    • MD5

      9a46c49ade166ee72f07bbf0007df4b5

    • SHA1

      4a41941ecb6d92abd691ad82bc80dbcc4337c700

    • SHA256

      29d39eb8c104f64b24577fb8a2052ec31e3941a941774bcbb3239720c90e60ee

    • SHA512

      23496b9ab633f4f5b07fecec0d33166e8990657b0f8483bfc3dc46d229d985bd8d8016f27e9aafe14895c249d600699c665572baa190e1d6211b3db337cc1108

    • SSDEEP

      98304:5l4cOtQ2YBj3MWR9EpwwxXbFyvYKg1Xc2aNtY0wLmdQdK9Wa:5l1O+T8WRqpw+XbIJgVDCtbwLCzx

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries the phone number (MSISDN for GSM devices)

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Checks if the internet connection is available

    • Reads information about phone network operator.

    • Schedules tasks to execute at a specified time

      Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    • Target

      base.apk

    • Size

      308KB

    • MD5

      88d76f066b26ccc7d7d497b340a86e47

    • SHA1

      54ddfe6c2fdbc9715e844c8e63778ef9fa0e79c8

    • SHA256

      bf7c086de6b79f6e0aa6cfbcf3d932aecd81d9e693ed3844861ef7056afbbef3

    • SHA512

      9c72e663f9f8d28a58568d0355a8806778655e76583405899040a39f7d61e25e8d622bf2b1f40343e18b7e385b92f9d9d34345572b59494444a06409c8621a60

    • SSDEEP

      6144:9buZZHuarSjT423vgqtrDzoJRaQOWr7dWUFJgMGR+HjBCt5:9KXHZS/4itMM7WXdWUHgXelCt5

    Score
    7/10
    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries the phone number (MSISDN for GSM devices)

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Mobile v15

Tasks