b42069ac7eed7d2f4ea14971325d0e4dd7730732d868eaf0606142a5894e30d8 | Triage

Sharing

General

Target

inat-box-v13-rc2.apk
Size

10.8MB
Sample

240626-rf5rta1bkm
MD5

9c6cae30bd0dccca546a60b36c36c0eb
SHA1

b004c1554c34e88e5d773b354159246c261ae04f
SHA256

b42069ac7eed7d2f4ea14971325d0e4dd7730732d868eaf0606142a5894e30d8
SHA512

937d45c85de983673948545715afe90b27906c9f5b5152c34074d469cc11149c1de0bbbe92d970bbfe983cf5e9a4d8035c0dc18f8c16d531bf6f6199056a0e3d
SSDEEP

196608:x6gVh4mcVyYZrRxNRR0GAetwwo1alPLFC1vhzqAkFcdgFsNmUP0ZFn:xLBSX0GEwZLYFhz9kFcdc8NM7

Score

8^/10

android banker collection credential_access discovery evasion execution impact persistence

Malware Config

Targets

- Target
  
  inat-box-v13-rc2.apk
- Size
  
  10.8MB
- MD5
  
  9c6cae30bd0dccca546a60b36c36c0eb
- SHA1
  
  b004c1554c34e88e5d773b354159246c261ae04f
- SHA256
  
  b42069ac7eed7d2f4ea14971325d0e4dd7730732d868eaf0606142a5894e30d8
- SHA512
  
  937d45c85de983673948545715afe90b27906c9f5b5152c34074d469cc11149c1de0bbbe92d970bbfe983cf5e9a4d8035c0dc18f8c16d531bf6f6199056a0e3d
- SSDEEP
  
  196608:x6gVh4mcVyYZrRxNRR0GAetwwo1alPLFC1vhzqAkFcdgFsNmUP0ZFn:xLBSX0GEwZLYFhz9kFcdc8NM7
Score

8^/10

banker discovery evasion execution impact persistence collection credential_access
- Checks if the Android device is rooted.
  evasion
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Acquires the wake lock
- Legitimate hosting services abused for malware hosting/C2
- Queries information about active data network
  discovery
- Queries the mobile country code (MCC)
  discovery
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Broadcast Receivers

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Clipboard Data

Discovery

Software Discovery

Security Software Discovery

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Clipboard Data

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Data Manipulation

Transmitted Data Manipulation

Tasks

static1

behavioral1

bankerdiscoveryevasionexecutionimpactpersistence

behavioral2

bankercollectioncredential_accessdiscoveryevasionexecutionimpactpersistence