Overview

overview

7

Static

static

6

994da87c4a...6d.apk

android-9-x86

7

994da87c4a...6d.apk

android-11-x64

7

plugin-deploy.apk

android-9-x86

plugin-deploy.apk

android-10-x64

plugin-deploy.apk

android-11-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    994da87c4a7b6e309da1cd7dbb23106d.bin

  • Size

    8.5MB

  • Sample

    240607-czra7sgb8t

  • MD5

    994da87c4a7b6e309da1cd7dbb23106d

  • SHA1

    af14ae84a0a652a0f8ea18f886092a5c6aa1420c

  • SHA256

    084ae4bd9bb3f61ef085275751820553d0f3c56b3898bbdb9c30aac908657570

  • SHA512

    89cc6c5a38dd392d50f12bf9b6e2c0be1bed023ec87b41e0370dfc8130fed40ed5850adce2a62becc0f7fc173f5517b07ed7a6a06c435d88e8e4a55f76c8b361

  • SSDEEP

    196608:uFuZxz6UGGPiNPAbPWjkwjhkwHreA7D5hLXGMdcyxu+3vH5WSUC8+:uFuSUG1PMPWBjhkh8vbGMdBx//H9N

Score
7/10
androidcollectiondiscoveryevasionpersistencetrojan

Malware Config

Targets

    • Target

      994da87c4a7b6e309da1cd7dbb23106d.bin

    • Size

      8.5MB

    • MD5

      994da87c4a7b6e309da1cd7dbb23106d

    • SHA1

      af14ae84a0a652a0f8ea18f886092a5c6aa1420c

    • SHA256

      084ae4bd9bb3f61ef085275751820553d0f3c56b3898bbdb9c30aac908657570

    • SHA512

      89cc6c5a38dd392d50f12bf9b6e2c0be1bed023ec87b41e0370dfc8130fed40ed5850adce2a62becc0f7fc173f5517b07ed7a6a06c435d88e8e4a55f76c8b361

    • SSDEEP

      196608:uFuZxz6UGGPiNPAbPWjkwjhkwHreA7D5hLXGMdcyxu+3vH5WSUC8+:uFuSUG1PMPWBjhkh8vbGMdBx//H9N

    Score
    7/10
    collectiondiscoverypersistencetrojanevasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Reads the content of SMS inbox messages.

      collection

    • Reads the content of the SMS messages.

      collection

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Reads information about phone network operator.

      discovery

    • Aborts a broadcast (usually for hiding system events from other apps)

      trojanpersistence
    behavioral1behavioral2

    • Target

      plugin-deploy.jar

    • Size

      141KB

    • MD5

      9f4bbcd28bcd69e8bc4ce666a14ab362

    • SHA1

      0919eb3d9a4cc4dc494a9ba983120d50caee373a

    • SHA256

      9936759227ab2008f8fc16cc08b04b3a8e394260dbb6f75f176457d2b0539c1c

    • SHA512

      2c40138dc94f1b0483f0c7203c9e7c29118f21b475bfea875a1214feb2b9e79e75243a45dfcfe431065c9e9a9cfaaa43b152c68cd8e372b31e6a31eb3bc77487

    • SSDEEP

      3072:K9FFjFj1v+/d3wzw+K9hKF717GIGKaPtFBtlSuoSBCx5sA1P3+TbS:8VtGA8+Kf2lGIG5FDSICxyjTbS

    Score
    1/10
    behavioral3behavioral4behavioral5

MITRE ATT&CK Mobile v15

Tasks