829363eeefcda1a03f9e86ffc6e540fcc95a29774d24e6e8322d517976dfce3b | Triage

Resubmissions

11-07-2024 00:25

240711-aqm63s1cjb 7

11-07-2024 00:23

240711-apyw7a1bpc 7

Sharing

General

Target

Bonlab_2.0_APKPure.apk
Size

76.7MB
Sample

240711-aqm63s1cjb
MD5

bffad66f7d641f55682d9093bce86755
SHA1

39c2f26a07067e7f04387d8045182c5c9333c12c
SHA256

829363eeefcda1a03f9e86ffc6e540fcc95a29774d24e6e8322d517976dfce3b
SHA512

cbcc59c9a522a5c24496871631d3bad9bbb91f420fb277d1d88fb1ca2795311568e30545b2145871b28b15168347b9046a49f833b8443d92d626e879ce46ed2c
SSDEEP

1572864:2PSO3fke+d9l9nHkGHgssCD/7flitfBNBfXSUR5xsoAdLU6Y7fbE:+S9/nHfHgssCD/7flitfBNBfXSUR5xsF

Score

7^/10

android collection credential_access discovery evasion impact persistence

Malware Config

Targets

- Target
  
  Bonlab_2.0_APKPure.apk
- Size
  
  76.7MB
- MD5
  
  bffad66f7d641f55682d9093bce86755
- SHA1
  
  39c2f26a07067e7f04387d8045182c5c9333c12c
- SHA256
  
  829363eeefcda1a03f9e86ffc6e540fcc95a29774d24e6e8322d517976dfce3b
- SHA512
  
  cbcc59c9a522a5c24496871631d3bad9bbb91f420fb277d1d88fb1ca2795311568e30545b2145871b28b15168347b9046a49f833b8443d92d626e879ce46ed2c
- SSDEEP
  
  1572864:2PSO3fke+d9l9nHkGHgssCD/7flitfBNBfXSUR5xsoAdLU6Y7fbE:+S9/nHfHgssCD/7flitfBNBfXSUR5xsF
Score

7^/10

discovery evasion persistence collection credential_access impact
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Queries information about active data network
  discovery
- Queries the mobile country code (MCC)
  discovery
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Virtualization/Sandbox Evasion

System Checks

Credential Access

Clipboard Data

Discovery

Process Discovery

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Clipboard Data

Command and Control

Exfiltration

Impact

Data Manipulation

Transmitted Data Manipulation

Tasks

static1

behavioral1

discoveryevasionpersistence

behavioral2

collectioncredential_accessdiscoveryevasionimpact