ff8e99f730b89bd508048c84c9fdc60981f5503f7d21fdd9f4769f1609ee93ae | Triage

Sharing

Copy URL Twitter E-mail

General

Target

FF8E99F730B89BD508048C84C9FDC60981F5503F7D21FDD9F4769F1609EE93AE.apk
Size

3.0MB
Sample

240627-kemraathlr
MD5

f7ebe4b22c4aa4a6d81862dda2f50712
SHA1

764922f4ab7afbd3d7f3a1ad5d433c564f35307e
SHA256

ff8e99f730b89bd508048c84c9fdc60981f5503f7d21fdd9f4769f1609ee93ae
SHA512

1ec03ce560051192fa1d193f209d31916d9cafce662f97147f3b58186d7081a1296f12c703896076ebfc6761d02415ea783272a2f58823607f557316428d20d2
SSDEEP

49152:TkSQ4lU4HHg5Z6gZxSwGRADm2Nymlxgg5H1FcChTvcsoLDXbiRbilWn:TkSQ4l3Hg5Z6HqD/Nyux5V2ChIDXt4n

Score

8^/10

android collection credential_access discovery evasion impact persistence

Malware Config

Targets

- Target
  
  FF8E99F730B89BD508048C84C9FDC60981F5503F7D21FDD9F4769F1609EE93AE.apk
- Size
  
  3.0MB
- MD5
  
  f7ebe4b22c4aa4a6d81862dda2f50712
- SHA1
  
  764922f4ab7afbd3d7f3a1ad5d433c564f35307e
- SHA256
  
  ff8e99f730b89bd508048c84c9fdc60981f5503f7d21fdd9f4769f1609ee93ae
- SHA512
  
  1ec03ce560051192fa1d193f209d31916d9cafce662f97147f3b58186d7081a1296f12c703896076ebfc6761d02415ea783272a2f58823607f557316428d20d2
- SSDEEP
  
  49152:TkSQ4lU4HHg5Z6gZxSwGRADm2Nymlxgg5H1FcChTvcsoLDXbiRbilWn:TkSQ4l3Hg5Z6HqD/Nyux5V2ChIDXt4n
Score

8^/10

discovery evasion persistence collection credential_access impact
- Checks if the Android device is rooted.
  evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries the mobile country code (MCC)
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Virtualization/Sandbox Evasion

System Checks

Credential Access

Clipboard Data

Discovery

Process Discovery

System Information Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Clipboard Data

Command and Control

Exfiltration

Impact

Data Manipulation

Transmitted Data Manipulation

Tasks

static1

behavioral1

discoveryevasionpersistence

behavioral2

collectioncredential_accessdiscoveryevasionimpactpersistence

behavioral3

collectioncredential_accessdiscoveryevasionimpact