General
-
Target
d95dff4e52801d7a1399126fcb1617ff0829cf0916530357caef7d0dfd73578b.bin
-
Size
2.3MB
-
Sample
240623-dv62jaxhqd
-
MD5
363232356841fae677c850fb78c29b24
-
SHA1
e9ab678b80a2ba4bf5a3e98bd2bfd41de67ba616
-
SHA256
d95dff4e52801d7a1399126fcb1617ff0829cf0916530357caef7d0dfd73578b
-
SHA512
9eb11136b1caaadada18dcfab684a7228836493d4bf1608c47514d267471be21dc58732c17fac1d1265549d6314dcdb345b222c748941e41dc35d5593df3b609
-
SSDEEP
49152:VYUwxqJIcFqgnhr+LJG5olrJbeh2OwcoLpVioKNsuuh11UxSlAUUZEFN:VY/xqJhsgnhrmGmlZehi3pVokTNlUZEj
Static task
static1
Behavioral task
behavioral1
Sample
d95dff4e52801d7a1399126fcb1617ff0829cf0916530357caef7d0dfd73578b.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
d95dff4e52801d7a1399126fcb1617ff0829cf0916530357caef7d0dfd73578b.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral3
Sample
d95dff4e52801d7a1399126fcb1617ff0829cf0916530357caef7d0dfd73578b.apk
Resource
android-x64-arm64-20240611.1-en
Malware Config
Extracted
ginp
2.8d
mp43
http://sorryfordelay.top/
http://silverball.cc/
-
uri
api201
Extracted
ginp
http://sorryfordelay.top/api201/
http://silverball.cc/api201/
Targets
-
-
Target
d95dff4e52801d7a1399126fcb1617ff0829cf0916530357caef7d0dfd73578b.bin
-
Size
2.3MB
-
MD5
363232356841fae677c850fb78c29b24
-
SHA1
e9ab678b80a2ba4bf5a3e98bd2bfd41de67ba616
-
SHA256
d95dff4e52801d7a1399126fcb1617ff0829cf0916530357caef7d0dfd73578b
-
SHA512
9eb11136b1caaadada18dcfab684a7228836493d4bf1608c47514d267471be21dc58732c17fac1d1265549d6314dcdb345b222c748941e41dc35d5593df3b609
-
SSDEEP
49152:VYUwxqJIcFqgnhr+LJG5olrJbeh2OwcoLpVioKNsuuh11UxSlAUUZEFN:VY/xqJhsgnhrmGmlZehi3pVokTNlUZEj
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Queries information about active data network
-
Requests accessing notifications (often used to intercept notifications before users become aware).
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Requests enabling of the accessibility settings.
-
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Credential Access
Access Notifications
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
Software Discovery
1Security Software Discovery
1System Network Connections Discovery
1