xamalicious | 7f99ef9c1d5fb449a8394ee0694de6477f7d9f75154ac4a05c2fecb7a0fe6580 | Triage

Sharing

General

Target

Anikin-v2.0.2.apk
Size

66.4MB
Sample

240626-vczm6swdpk
MD5

d283e20da64ae2d25d9b4cb206bb8e9f
SHA1

31f90c6c4353e024abb59787ad7d2d8061fe960e
SHA256

7f99ef9c1d5fb449a8394ee0694de6477f7d9f75154ac4a05c2fecb7a0fe6580
SHA512

9ff3abe1c3bd385bedb122ecf736c5b71761924ba78cb2a1a2bfa4c40e56e0f8f464d0c7f9d982204b6224a534700f20949d902cecea6fa881d2dfecb3c62955
SSDEEP

1572864:vZRHWqptmED+eP4zwfFhVkOk/g5Wou2XySu:vZBmO+m4zEFhVk9Ie

Score

10^/10

xamalicious android evasion persistence

Malware Config

Targets

- Target
  
  Anikin-v2.0.2.apk
- Size
  
  66.4MB
- MD5
  
  d283e20da64ae2d25d9b4cb206bb8e9f
- SHA1
  
  31f90c6c4353e024abb59787ad7d2d8061fe960e
- SHA256
  
  7f99ef9c1d5fb449a8394ee0694de6477f7d9f75154ac4a05c2fecb7a0fe6580
- SHA512
  
  9ff3abe1c3bd385bedb122ecf736c5b71761924ba78cb2a1a2bfa4c40e56e0f8f464d0c7f9d982204b6224a534700f20949d902cecea6fa881d2dfecb3c62955
- SSDEEP
  
  1572864:vZRHWqptmED+eP4zwfFhVkOk/g5Wou2XySu:vZBmO+m4zEFhVk9Ie
Score

7^/10

persistence evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2