antidot | 9916a032b206aee7efb050687e9cdf44db68c0701909d5f464737abfece9a395

Resubmissions

06-07-2024 11:56

240706-n36qva1anh 10

06-07-2024 11:43

240706-nvn6tsxhpk 10

Sharing

Copy URL

Twitter E-mail

General

Target

HWF.apk
Size

111.3MB
Sample

240706-n36qva1anh
MD5

6fff1a315bfae614ca60382f009b43e0
SHA1

22c5002cc80a5cdf57a5ff263c86a9f0dc076125
SHA256

9916a032b206aee7efb050687e9cdf44db68c0701909d5f464737abfece9a395
SHA512

850d09f5a926d3abed78719f5f65d615adec8674766cbfc02b3cdfac2acdd1b4834fed9a735839010ef9089f17558cae126c9fd650f23e75fec31001cc141cf2
SSDEEP

3145728:o+TzrDgr5fVsUMV6fXlZkBRILxKD/TxicnoF:bg1+UMV6fXcBRILkbYF

Score

10^/10

Malware Config

Targets

- Target
  
  HWF.apk
- Size
  
  111.3MB
- MD5
  
  6fff1a315bfae614ca60382f009b43e0
- SHA1
  
  22c5002cc80a5cdf57a5ff263c86a9f0dc076125
- SHA256
  
  9916a032b206aee7efb050687e9cdf44db68c0701909d5f464737abfece9a395
- SHA512
  
  850d09f5a926d3abed78719f5f65d615adec8674766cbfc02b3cdfac2acdd1b4834fed9a735839010ef9089f17558cae126c9fd650f23e75fec31001cc141cf2
- SSDEEP
  
  3145728:o+TzrDgr5fVsUMV6fXlZkBRILxKD/TxicnoF:bg1+UMV6fXcBRILkbYF
Score

1^/10
behavioral1
- Target
  
  PluginHealthModel.zip
- Size
  
  4.2MB
- MD5
  
  403c8d62b849468823f3c8253e721e33
- SHA1
  
  ad883db8df4bb8a3a8238d88bb7499a26c051bda
- SHA256
  
  9f6d815803749db6ba2d110ccb2f0a345fd17b62c4d41f527c692aea3702095d
- SHA512
  
  71e6ee68472a8b2f6db2f8007c924fc453e426790d9fc63d119e1596a9ced928124ec7ede085add8e8d1d25f429a1749c1808990c3ca69a678a3cb1b582b3c90
- SSDEEP
  
  49152:b/EdsdHwpPQa25YHLDyqX6ky3k1Weg9cBG3CFxzAGm5v0OH5oryTiDZAYkwo:b/EQta25YHS7wo
Score

1^/10
behavioral2 behavioral3 behavioral4
- Target
  
  PluginHiAiEngine.zip
- Size
  
  2.5MB
- MD5
  
  c34dc7d5b6977ff96dc6fcaf2d501864
- SHA1
  
  4b091b24bf5f4ffe2e970e9f0e2e4662945316f9
- SHA256
  
  e87a1ccf3c10e68e20b2eba60e5ede2e544f0957176b8e034da56881292d8f2b
- SHA512
  
  268a7584907e1bcdf06c09be60fa63f915ed67bf470e61a4baca9f2a2524be976f8723bdc8805f97d8ae863929759e1b2d80a42dbe5aec025bfe492800ea19f0
- SSDEEP
  
  49152:wwHLgIvu6bczK7nchq3HLOzrGbXfsE6CRybtU2HXfvcCZV0:weLTbQK7nchq3HLO2bPsE6CRyTHPvcCg
Score

1^/10
behavioral5
- Target
  
  amap_resource1_0_0.png
- Size
  
  24KB
- MD5
  
  94a2a5f84a3fd6f0fd9134708ae1b81e
- SHA1
  
  1e21afaa48ed86cb31aaf7b17c3514315364cc99
- SHA256
  
  fc0c21884d4edfa4d93282139a309f204b27271a111a5b158edbc048f730b461
- SHA512
  
  24a175d15cb5cf8d23f0d53b004ed5c9a47646129c816fcae1b46aedabd95bb2c6dd2958d39d6f98f36dec3cd55d6af2d9b8f7013ced4b37a30db566e9a44923
- SSDEEP
  
  384:SevEWnTSCwukBdJ4dVCHyP7MPi3oqYXgnJk:3vEWnSue4+Sf3opQa
Score

1^/10
behavioral6 behavioral7 behavioral8
- Target
  
  base-all.lpk
- Size
  
  19.8MB
- MD5
  
  0781721a27cdc2fd427cc780e74f8e27
- SHA1
  
  9e2c3e152595e83b3f81a1c07993e5897c41a0b3
- SHA256
  
  57b09e6724052165e6cd3113916d23bf005d4b2c501599d43f0c958ed6a13411
- SHA512
  
  1dcc91ae51fb9b06fdcf9d601b56706dc567599bc3ef376bb25845b4e6b8874263808d05332dcef0b0b9ecf75d6b422ac0b1c2261d0eedf5aac4647756a3d9a3
- SSDEEP
  
  49152:oER/kK0dgjFVBPhwz55jpvEvtGljddnyFPcaAFJO0jTb4Yb2Ldj3TQLeNh9lMXQe:J08VITrHDyPD0KA
Score

1^/10
behavioral10 behavioral11 behavioral9
- Target
  
  cn.wwl.xposed.hook.apk
- Size
  
  2.2MB
- MD5
  
  5de49c6a3b9baca77dd6720126292afb
- SHA1
  
  ecd9460a888d29350b773e9f09e22360adc01a84
- SHA256
  
  4bdae8b9c989432d678adfdf262f9ffcc50570f523210491241d366ba25e2c2f
- SHA512
  
  1f58efcaaf5af918bb1241e56efd25f61ac4fc363adb856d8eead2c561f45e1ae7226fcaf8a886bf2e6734a4d8d8dcacd47a1d42c2f5bf60b42bed8edc7ec6e0
- SSDEEP
  
  49152:nq5aIQOkEfXj5zDWDbwweSB/FkpcZG3fjZZ:nqQrOZzqbwweS9Fkptf7
Score

1^/10
behavioral12 behavioral13
- Target
  
  origin.apk
- Size
  
  105.9MB
- MD5
  
  60ed00dfb0f63bd9d7b80e588bbcbf54
- SHA1
  
  ed2a13328f0fc09a5e81987e821efa8c23bddc2f
- SHA256
  
  a9bfa254d1896a2b0580da73bed6f685ae71c06c52e06d555e7ec5a09930cd7e
- SHA512
  
  84611bcc70e2f937420c0f29bbe627796f55ba9eae8cfa9537bde6364e8a87bdaa7928c8b9bf052a2bc88d11549138488638cce0eab394342ffbc9433f4e7051
- SSDEEP
  
  3145728:H+TzrDgr5fVsUMV6fXlZkBRILxKD/Txicny:eg1+UMV6fXcBRILkbi
Score

7^/10

discovery evasion impact persistence
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries information about active data network
  discovery
- Reads information about phone network operator.
  discovery
- Listens for changes in the sensor environment (might be used to detect emulation)
  evasion
behavioral14
- Target
  
  PluginHealthModel.zip
- Size
  
  4.2MB
- MD5
  
  403c8d62b849468823f3c8253e721e33
- SHA1
  
  ad883db8df4bb8a3a8238d88bb7499a26c051bda
- SHA256
  
  9f6d815803749db6ba2d110ccb2f0a345fd17b62c4d41f527c692aea3702095d
- SHA512
  
  71e6ee68472a8b2f6db2f8007c924fc453e426790d9fc63d119e1596a9ced928124ec7ede085add8e8d1d25f429a1749c1808990c3ca69a678a3cb1b582b3c90
- SSDEEP
  
  49152:b/EdsdHwpPQa25YHLDyqX6ky3k1Weg9cBG3CFxzAGm5v0OH5oryTiDZAYkwo:b/EQta25YHS7wo
Score

1^/10
behavioral15 behavioral16 behavioral17
- Target
  
  PluginHiAiEngine.zip
- Size
  
  2.5MB
- MD5
  
  c34dc7d5b6977ff96dc6fcaf2d501864
- SHA1
  
  4b091b24bf5f4ffe2e970e9f0e2e4662945316f9
- SHA256
  
  e87a1ccf3c10e68e20b2eba60e5ede2e544f0957176b8e034da56881292d8f2b
- SHA512
  
  268a7584907e1bcdf06c09be60fa63f915ed67bf470e61a4baca9f2a2524be976f8723bdc8805f97d8ae863929759e1b2d80a42dbe5aec025bfe492800ea19f0
- SSDEEP
  
  49152:wwHLgIvu6bczK7nchq3HLOzrGbXfsE6CRybtU2HXfvcCZV0:weLTbQK7nchq3HLO2bPsE6CRyTHPvcCg
Score

1^/10
behavioral18
- Target
  
  amap_resource1_0_0.png
- Size
  
  24KB
- MD5
  
  94a2a5f84a3fd6f0fd9134708ae1b81e
- SHA1
  
  1e21afaa48ed86cb31aaf7b17c3514315364cc99
- SHA256
  
  fc0c21884d4edfa4d93282139a309f204b27271a111a5b158edbc048f730b461
- SHA512
  
  24a175d15cb5cf8d23f0d53b004ed5c9a47646129c816fcae1b46aedabd95bb2c6dd2958d39d6f98f36dec3cd55d6af2d9b8f7013ced4b37a30db566e9a44923
- SSDEEP
  
  384:SevEWnTSCwukBdJ4dVCHyP7MPi3oqYXgnJk:3vEWnSue4+Sf3opQa
Score

1^/10
behavioral19 behavioral20 behavioral21
- Target
  
  base-all.lpk
- Size
  
  19.8MB
- MD5
  
  0781721a27cdc2fd427cc780e74f8e27
- SHA1
  
  9e2c3e152595e83b3f81a1c07993e5897c41a0b3
- SHA256
  
  57b09e6724052165e6cd3113916d23bf005d4b2c501599d43f0c958ed6a13411
- SHA512
  
  1dcc91ae51fb9b06fdcf9d601b56706dc567599bc3ef376bb25845b4e6b8874263808d05332dcef0b0b9ecf75d6b422ac0b1c2261d0eedf5aac4647756a3d9a3
- SSDEEP
  
  49152:oER/kK0dgjFVBPhwz55jpvEvtGljddnyFPcaAFJO0jTb4Yb2Ldj3TQLeNh9lMXQe:J08VITrHDyPD0KA
Score

1^/10
behavioral22 behavioral23 behavioral24

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

Process Discovery

T1424

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Queries information about running processes on the device

Queries information about active data network

Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation)

MITRE ATT&CK Mobile v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24