93d1b62a651affea08f11b85b843f37c24b8a3abd70e94e49857780553bc3505 | Triage

Sharing

General

Target

app.apk
Size

108.0MB
Sample

240709-mpw4ta1hrc
MD5

52b96ffe90b26a3651d929529adc4ea4
SHA1

273c25795e39563317de49433ff3f20773840117
SHA256

93d1b62a651affea08f11b85b843f37c24b8a3abd70e94e49857780553bc3505
SHA512

ddc7e1eb07775eade0aa8c0ed0ccb07bf2bbbcd2fe425e330423e87e5772f417d165fecdf3e2dc66caa1ebd410584f3e351636ed3e51903312fc93590179e457
SSDEEP

3145728:WoBUDzJDcsExrvOe3OhU8j9UjDsnvbV875XooJP:WoKzjEx7t30dZmGDVG5XvJ

Score

8^/10

android banker collection discovery evasion impact persistence

Malware Config

Targets

- Target
  
  app.apk
- Size
  
  108.0MB
- MD5
  
  52b96ffe90b26a3651d929529adc4ea4
- SHA1
  
  273c25795e39563317de49433ff3f20773840117
- SHA256
  
  93d1b62a651affea08f11b85b843f37c24b8a3abd70e94e49857780553bc3505
- SHA512
  
  ddc7e1eb07775eade0aa8c0ed0ccb07bf2bbbcd2fe425e330423e87e5772f417d165fecdf3e2dc66caa1ebd410584f3e351636ed3e51903312fc93590179e457
- SSDEEP
  
  3145728:WoBUDzJDcsExrvOe3OhU8j9UjDsnvbV875XooJP:WoKzjEx7t30dZmGDVG5XvJ
Score

8^/10

banker collection discovery evasion impact persistence
- Checks if the Android device is rooted.
  evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Queries account information for other applications stored on the device
  Application may abuse the framework's APIs to collect account information stored on the device.
  collection
- Acquires the wake lock
- Queries information about active data network
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries the mobile country code (MCC)
  discovery
- Reads information about phone network operator.
  discovery
- Checks the presence of a debugger
  evasion
behavioral1 behavioral2

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Software Discovery

Security Software Discovery

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Stored Application Data

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Tasks

static1

behavioral1

bankercollectiondiscoveryevasionimpactpersistence

behavioral2

collectiondiscoveryevasionimpact