ebf849b931a7da177013dda573cb7e728405966b8d21a4c034c1c8399d4fa8de | Triage

Submit
Reports

Overview

overview

7

Static

static

6

01bd7edf9a...08.apk

android-9-x86

7

01bd7edf9a...08.apk

android-10-x64

7

01bd7edf9a...08.apk

android-11-x64

7

Sharing

General

Target

01bd7edf9a3424a3ecea72a412275808.apk
Size

5.8MB
Sample

240611-mkwmgsthln
MD5

01bd7edf9a3424a3ecea72a412275808
SHA1

9ec6c11baae31e478955df9f778794d22adca602
SHA256

ebf849b931a7da177013dda573cb7e728405966b8d21a4c034c1c8399d4fa8de
SHA512

0357473234f31ef34cc486fece426513af58b56515ef0069e1b3c36342fcde71af8dee96fbc6f7e7b2ba9e99d790e005b6749a691e19042614e313e1e3614c20
SSDEEP

98304:Q34k5zQpYB24Wwj5JpIUUR99mfD0sQ4bKjqp8Cpgr3qP:Q3x5cxLwj7pIh3t4b9ioB

Score

7^/10

android collection credential_access discovery evasion execution persistence

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

01bd7edf9a3424a3ecea72a412275808.apk

Resource

android-x86-arm-20240603-en

discovery evasion execution persistence

android-9-x86

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

01bd7edf9a3424a3ecea72a412275808.apk

Resource

android-x64-20240603-en

collection credential_access discovery evasion execution persistence

android-10-x64

8 signatures

150 seconds

Behavioral task

behavioral3

Sample

01bd7edf9a3424a3ecea72a412275808.apk

Resource

android-x64-arm64-20240603-en

discovery evasion execution persistence

android-11-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  01bd7edf9a3424a3ecea72a412275808.apk
- Size
  
  5.8MB
- MD5
  
  01bd7edf9a3424a3ecea72a412275808
- SHA1
  
  9ec6c11baae31e478955df9f778794d22adca602
- SHA256
  
  ebf849b931a7da177013dda573cb7e728405966b8d21a4c034c1c8399d4fa8de
- SHA512
  
  0357473234f31ef34cc486fece426513af58b56515ef0069e1b3c36342fcde71af8dee96fbc6f7e7b2ba9e99d790e005b6749a691e19042614e313e1e3614c20
- SSDEEP
  
  98304:Q34k5zQpYB24Wwj5JpIUUR99mfD0sQ4bKjqp8Cpgr3qP:Q3x5cxLwj7pIh3t4b9ioB
Score

7^/10

discovery evasion execution persistence collection credential_access
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about active data network
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

discoveryevasionexecutionpersistence

behavioral2

collectioncredential_accessdiscoveryevasionexecutionpersistence

behavioral3

discoveryevasionexecutionpersistence

© 2018-2024

Terms | Privacy