a1e83bfc3931107c41dfebaa40a4ca71cca1592db8c5079ce2f2369e3a6cf670 | Triage

Submit
Reports

Overview

overview

8

Static

static

6

ph.loanpes...17.apk

android-9-x86

8

ph.loanpes...17.apk

android-11-x64

8

Sharing

General

Target

ph.loanpeso.fast_2024-04-17.apk
Size

4.8MB
Sample

240614-h3ez8stcpn
MD5

45ba409980bdddde494f3e7d9474957b
SHA1

4e9536af53d73b23182cfe7fdc7e9aadc13e1988
SHA256

a1e83bfc3931107c41dfebaa40a4ca71cca1592db8c5079ce2f2369e3a6cf670
SHA512

4e0ca906818ad8a61042e467e4f27c3ec19ddc0e5a313444297960efc7406afd84c95bd4cfefbf917a60ccdcab462fe0c2352df04cdcff09dd2a9e8471e31d2b
SSDEEP

98304:lM94XJbsqybkISWWGZY6T4+55ZxMgNOF/IKWQR:aisbyGHT4+56gI5IKZR

Score

8^/10

android collection credential_access discovery evasion impact persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ph.loanpeso.fast_2024-04-17.apk

Resource

android-x86-arm-20240611.1-en

discovery evasion impact persistence

android-9-x86

12 signatures

1800 seconds

Behavioral task

behavioral2

Sample

ph.loanpeso.fast_2024-04-17.apk

Resource

android-x64-arm64-20240611.1-en

collection credential_access discovery evasion impact

android-11-x64

11 signatures

1800 seconds

Malware Config

Targets

- Target
  
  ph.loanpeso.fast_2024-04-17.apk
- Size
  
  4.8MB
- MD5
  
  45ba409980bdddde494f3e7d9474957b
- SHA1
  
  4e9536af53d73b23182cfe7fdc7e9aadc13e1988
- SHA256
  
  a1e83bfc3931107c41dfebaa40a4ca71cca1592db8c5079ce2f2369e3a6cf670
- SHA512
  
  4e0ca906818ad8a61042e467e4f27c3ec19ddc0e5a313444297960efc7406afd84c95bd4cfefbf917a60ccdcab462fe0c2352df04cdcff09dd2a9e8471e31d2b
- SSDEEP
  
  98304:lM94XJbsqybkISWWGZY6T4+55ZxMgNOF/IKWQR:aisbyGHT4+56gI5IKZR
Score

8^/10

discovery evasion impact persistence collection credential_access
- Checks if the Android device is rooted.
  evasion
- Checks Android system properties for emulator presence.
  evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries information about active data network
  discovery
- Queries the mobile country code (MCC)
  discovery
- Reads information about phone network operator.
  discovery
- Checks the presence of a debugger
  evasion
- Listens for changes in the sensor environment (might be used to detect emulation)
  evasion
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

discoveryevasionimpactpersistence

behavioral2

collectioncredential_accessdiscoveryevasionimpact

© 2018-2024

Terms | Privacy