8e938a6df781cfc56fcacfaf6655861bf21670e40ed2f70c0785a68181265985 | Triage

Submit
Reports

Overview

overview

8

Static

static

6

8E938A6DF7...85.apk

android-9-x86

8

Sharing

Copy URL Twitter E-mail

General

Target

8E938A6DF781CFC56FCACFAF6655861BF21670E40ED2F70C0785A68181265985.apk
Size

19.5MB
Sample

240627-kdez2stgmj
MD5

ddcc5379175112b6fb9a03f33290bf0d
SHA1

5018aab45c1ec8aedbff614b3e3a04557b58e9b0
SHA256

8e938a6df781cfc56fcacfaf6655861bf21670e40ed2f70c0785a68181265985
SHA512

76694ba8348f40ffce801e49948aed36d6a7719cc64467d98421fc209443d09bf5b21877af3e9ff98b1b707537ce23638c15f0e694826d3495adf003a1aa2081
SSDEEP

393216:4u9prh8wHUBkzmu3exVPNzpUDTnChrgEX4e4PnaMmpH9gEXPe41qaETqTg4:Bh8AEfRETnQjoe0nBm7jfe4vEud

Score

8^/10

android discovery evasion impact persistence

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

8E938A6DF781CFC56FCACFAF6655861BF21670E40ED2F70C0785A68181265985.apk

Resource

android-x86-arm-20240624-en

discovery evasion impact persistence

android-9-x86

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  8E938A6DF781CFC56FCACFAF6655861BF21670E40ED2F70C0785A68181265985.apk
- Size
  
  19.5MB
- MD5
  
  ddcc5379175112b6fb9a03f33290bf0d
- SHA1
  
  5018aab45c1ec8aedbff614b3e3a04557b58e9b0
- SHA256
  
  8e938a6df781cfc56fcacfaf6655861bf21670e40ed2f70c0785a68181265985
- SHA512
  
  76694ba8348f40ffce801e49948aed36d6a7719cc64467d98421fc209443d09bf5b21877af3e9ff98b1b707537ce23638c15f0e694826d3495adf003a1aa2081
- SSDEEP
  
  393216:4u9prh8wHUBkzmu3exVPNzpUDTnChrgEX4e4PnaMmpH9gEXPe41qaETqTg4:Bh8AEfRETnQjoe0nBm7jfe4vEud
Score

8^/10

discovery evasion impact persistence
- Checks if the Android device is rooted.
  evasion
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Acquires the wake lock
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about active data network
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Checks the presence of a debugger
  evasion
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Privilege Escalation

Defense Evasion

Foreground Persistence

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Process Discovery

System Information Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Tasks

static1

behavioral1

discoveryevasionimpactpersistence

© 2018-2025

Terms | Privacy