General

  • Target

    com-mod-minion-rush-despicable-me-official-game-v4-5-0h-mod.apk

  • Size

    76.4MB

  • Sample

    240616-twmbhstfnq

  • MD5

    451ed25a28a2ae1bf74be04ead6a4e60

  • SHA1

    8c982fba3296e66b5edc0c55a4350973c91eb81d

  • SHA256

    abf975472d394aea8f569aa644a400d4d0f8d325c851c0eaef870aaffb882572

  • SHA512

    7534b06b4467548367ffc027a8548c4bcddf67fd338672eb3c64740ee96cea19d20e0e9e9d8d61527a801adb0677c612c85e3dc94f4af5d4f9bcb25d63030f0b

  • SSDEEP

    1572864:AD116qJkQD6AhwhJtONi673g2u9ZrzEo9s9IvgxiQQra6j0ilCMM:AfJkc9OnOJTdu9ZrQo9s9IvFa6IicMM

Malware Config

Targets

    • Target

      com-mod-minion-rush-despicable-me-official-game-v4-5-0h-mod.apk

    • Size

      76.4MB

    • MD5

      451ed25a28a2ae1bf74be04ead6a4e60

    • SHA1

      8c982fba3296e66b5edc0c55a4350973c91eb81d

    • SHA256

      abf975472d394aea8f569aa644a400d4d0f8d325c851c0eaef870aaffb882572

    • SHA512

      7534b06b4467548367ffc027a8548c4bcddf67fd338672eb3c64740ee96cea19d20e0e9e9d8d61527a801adb0677c612c85e3dc94f4af5d4f9bcb25d63030f0b

    • SSDEEP

      1572864:AD116qJkQD6AhwhJtONi673g2u9ZrzEo9s9IvgxiQQra6j0ilCMM:AfJkc9OnOJTdu9ZrQo9s9IvFa6IicMM

    • Checks if the Android device is rooted.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the mobile country code (MCC)

    • Reads information about phone network operator.

    • Target

      rtk.apk

    • Size

      2.5MB

    • MD5

      eb9d4f8df3c182d3dff4bc149120be4a

    • SHA1

      f48c1a2b096b1f76421250c40d343b68909dde4c

    • SHA256

      eeca500a3b54632ec77551a4a64e2e966586764c262d637a288a86080e2123c5

    • SHA512

      76ac0eb2be941bd60a20910b4112ea6334d75d03cd497cd15d3c445811a0238fd7a02d0462364212f975f28302d71f310bf36f689e996fccb633f6f472900beb

    • SSDEEP

      49152:ZgWUGMPNaQL4Fbl4KganP+6jbrcnuGB6Q8duhyUqst+NAEilZ0Y:Z3UGMP+7P+6jLGB6duhfLt2izd

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks