d709cab8285cfd269834784b73909ca4f2422d1b5d3fcdfd65be4ece43b85eb7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

44cb9a9fe1ec9eb0ad20b2bbd6c4081d5c72f4bcad038077cecb4a1d13de46a6.zip
Size

2.7MB
Sample

240611-14zedatemh
MD5

ca28de059fa1faa09eba48349cb51262
SHA1

9e3cd18e2c7a43ae7848b7ee698729c1c0cdc43c
SHA256

d709cab8285cfd269834784b73909ca4f2422d1b5d3fcdfd65be4ece43b85eb7
SHA512

48f3df2447ec5cf949b998f19d40a46e427625d7e4a1e00a74196c69996a9ae0835fdfb6b707ccbb45d6b63df6256a582552843b5dd0889dfd5ebf669a24112a
SSDEEP

49152:ztEO86Le8pE2ipbhcZYZlLHqcWyMdNX2WzgDltDe+FxiKYZ19UP8Zdj2yraxArQK:ztx86Le8pE2kNZdHRWPdNTeljx34DbdP

Score

8^/10

android collection credential_access evasion execution persistence stealth trojan

Malware Config

Targets

- Target
  
  44cb9a9fe1ec9eb0ad20b2bbd6c4081d5c72f4bcad038077cecb4a1d13de46a6
- Size
  
  2.9MB
- MD5
  
  7bf7be6fe91a26626818b7a00c7b25e4
- SHA1
  
  537f5248e5c2670ea9f16c42ece3c044fcf1eeee
- SHA256
  
  44cb9a9fe1ec9eb0ad20b2bbd6c4081d5c72f4bcad038077cecb4a1d13de46a6
- SHA512
  
  96654fce8604d535a62707fe5ee8a68184bd708e0bcffbd8727d7fe95052cefb3904040669c3ea0dcee1b33c5c38bf58734f2e8f7c34003cbc028329a305cce4
- SSDEEP
  
  49152:7SoctcwrcGCxGgAyseVnN4zN41jxpSb5c7rS217Z2V+H82szeTuGHfY:7SYwrcGCxGgAys2Gzu1jx4F+S217sV9Z
Score

8^/10

collection credential_access evasion execution persistence stealth trojan
- Removes its main activity from the application launcher
  stealth trojan evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Acquires the wake lock
- Performs UI accessibility actions on behalf of the user
  Application may abuse the accessibility service to prevent their removal.
  evasion
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Broadcast Receivers

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Hide Artifacts

Suppress Application Icon

User Evasion

Impair Defenses

Prevent Application Removal

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

collectioncredential_accessevasionexecutionpersistencestealthtrojan

behavioral2

collectioncredential_accessevasionexecutionpersistencestealthtrojan

behavioral3

collectioncredential_accessevasionexecutionpersistencestealthtrojan