Overview

overview

8

Static

static

6

546CE9E106...C0.apk

android-9-x86

8

546CE9E106...C0.apk

android-10-x64

8

plugin_32.apk

android-9-x86

1

plugin_64.apk

android-10-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    546CE9E106085C979E8C14399BC144EE489A42C57F4B48A692AEFE36C523FAC0.apk

  • Size

    13.2MB

  • Sample

    240627-j9nfma1bnd

  • MD5

    65b366a7ddb01d94d64490fed93b2d24

  • SHA1

    43c4da0b96a75c36a31758296da30fb9b9e8e8f0

  • SHA256

    546ce9e106085c979e8c14399bc144ee489a42c57f4b48a692aefe36c523fac0

  • SHA512

    95061a5b6e2d16bd703ecfe64b5c5fca8f94d8ad3a6721013e92c6d1761501192de8d2757024c71e5b2d92f58dceb1d747457d746fb7869b6e0f7bc6eaba49be

  • SSDEEP

    196608:RONiXbP41cnEwwcDjq0S45+6dYLLyqpWh7i4HaGahB8XXlJvYy5y:RONirw1cEZsj3SAnqpKG4HaGaGvT5y

Score
8/10
androidbankerdiscoveryevasionimpactpersistence

Malware Config

Targets

    • Target

      546CE9E106085C979E8C14399BC144EE489A42C57F4B48A692AEFE36C523FAC0.apk

    • Size

      13.2MB

    • MD5

      65b366a7ddb01d94d64490fed93b2d24

    • SHA1

      43c4da0b96a75c36a31758296da30fb9b9e8e8f0

    • SHA256

      546ce9e106085c979e8c14399bc144ee489a42c57f4b48a692aefe36c523fac0

    • SHA512

      95061a5b6e2d16bd703ecfe64b5c5fca8f94d8ad3a6721013e92c6d1761501192de8d2757024c71e5b2d92f58dceb1d747457d746fb7869b6e0f7bc6eaba49be

    • SSDEEP

      196608:RONiXbP41cnEwwcDjq0S45+6dYLLyqpWh7i4HaGahB8XXlJvYy5y:RONirw1cEZsj3SAnqpKG4HaGaGvT5y

    Score
    8/10
    discoveryevasionpersistencebankerimpact

    • Checks if the Android device is rooted.

      evasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Queries information about active data network

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries the unique device ID (IMEI, MEID, IMSI)

      discovery

    • Reads information about phone network operator.

      discovery

    • Listens for changes in the sensor environment (might be used to detect emulation)

      evasion
    behavioral1behavioral2

    • Target

      plugin_32.pro

    • Size

      2.0MB

    • MD5

      fc79d1007a9593705f43fe7ea3cbc4af

    • SHA1

      5193f71774f4fd4eb70d10f77703a2fb8f10b04e

    • SHA256

      b57e910047ea395dd5e5d8f0ecb1f1fd1877be0a102bd2e666c8581f1486db20

    • SHA512

      32080c65d0ebbfd4f7090944a6da70b9e76d28c1c002527c008a2c394fb9d1e859ecf0d4502c619c98bd864bc2fbb62e69f7cc97d0689b06e136f861400bea02

    • SSDEEP

      49152:vKj9cMyA0v+4AyV9zKvtYXkH3YQH5RMjUHoDgicn:vKJv8AG+vtY0XYqhn

    Score
    1/10
    behavioral3

    • Target

      plugin_64.pro

    • Size

      1.7MB

    • MD5

      e155a85f1b59c88656ad4230ad3f304c

    • SHA1

      2d2ee0d673f3a6b64a871e537ebb54310ed11d5b

    • SHA256

      abea1e7180eb3c168dba74d3c38457aeb22b80514e38f136a057425f831fc95c

    • SHA512

      e74415b2905dcf25f80a52aaeeb0f672911fd7a505cd374a2463d6c99d86beff989445c646adc2e2931e50ab8f46676d3ff6c6f8a15d7d81939d761206ae7c02

    • SSDEEP

      49152:W9cMyA0v+4AyV9zKvtY62H5RMjUHoDgiccH:sv8AG+vtY68hE

    Score
    1/10
    behavioral4

MITRE ATT&CK Mobile v15

Tasks