Resubmissions

01-10-2024 07:11

241001-hz38na1cja 10

17-07-2024 14:21

240717-rpe8hsvarr 10

17-07-2024 14:16

240717-rlesksxeqg 10

General

  • Target

    kaspersky-aid.zip

  • Size

    3.6MB

  • Sample

    240717-rpe8hsvarr

  • MD5

    124a3499e3d12cef76bcb439981291f0

  • SHA1

    3ebd6fa388e717be4971fe6fe285d1cdb86d909d

  • SHA256

    ade4e9a428d4c9fd1c1ac4eba0cb0f3d2c84aed19a3cefec01a99faa0ff8cc02

  • SHA512

    9579231f239e85cbba44cb37dff85df16524b7d74c13ef5afc5b1c974c3d3035225230007f9404fe73d596c54b5d3d5fbf0c71a9b66064a4370567b53a26abf1

  • SSDEEP

    49152:5ftea/ZQDEqa5I1cHz81ERuQJmbIFNnjuA/jqTHAsEuH0gRhfDOEA/5Tt5/x363H:cs5A1ERuumMNjEHTE/gRBot58pN4g

Malware Config

Targets

    • Target

      kaspersky.apk

    • Size

      4.4MB

    • MD5

      5e261da4ac9993f2f2ef53e848a8cced

    • SHA1

      0580118cf5ca999ba3972022c87cf3446dfb4029

    • SHA256

      ba1877ba560a1b53c23abf4d37b8dbc8a1ccf347e59e0a27559f7859bd127e35

    • SHA512

      c5ea2f4afbf1747833f69998f347c0adb6a0108a1a3f00fac4774be2906580deb9ce82c40764491c4bdde1c951d24f1f24fc27e0cd6b45ab92059c7946a5285a

    • SSDEEP

      98304:gHf6S1i+W+/M8rKDkZzE/T4gnkmzRzBKTL0tk4F2T:gyC0BwZg/TzDzm0Lg

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

MITRE ATT&CK Mobile v15

Tasks