General
-
Target
HappyMod.apk
-
Size
16.1MB
-
Sample
240722-ak1vzsvbqm
-
MD5
59cb3493eeca1fcf3d5257d945aae149
-
SHA1
92838a6f30f896c3cad166c382effdb8036f6b44
-
SHA256
343ffdf592afed3b85c61e856e6aa706b6ca95f50ba968433e8629d50d0a0219
-
SHA512
8ec8d3edb795d536854413c56cb114728c5234b725fcec33ab99df7a55522a4ccf3cf2930e9b810a38801f84d9509a24a909f5ea74eccd138239efb325363bb9
-
SSDEEP
393216:Dp0TcbMT8jhcEb7NYivQBSWALHi9mD41cnhVS3dxkc:DacQT8cE+iIYLJmOhVS3duc
Malware Config
Targets
-
-
Target
HappyMod.apk
-
Size
16.1MB
-
MD5
59cb3493eeca1fcf3d5257d945aae149
-
SHA1
92838a6f30f896c3cad166c382effdb8036f6b44
-
SHA256
343ffdf592afed3b85c61e856e6aa706b6ca95f50ba968433e8629d50d0a0219
-
SHA512
8ec8d3edb795d536854413c56cb114728c5234b725fcec33ab99df7a55522a4ccf3cf2930e9b810a38801f84d9509a24a909f5ea74eccd138239efb325363bb9
-
SSDEEP
393216:Dp0TcbMT8jhcEb7NYivQBSWALHi9mD41cnhVS3dxkc:DacQT8cE+iIYLJmOhVS3duc
Score8/10-
Checks if the Android device is rooted.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about active data network
-
Reads information about phone network operator.
-
Checks the presence of a debugger
-
Listens for changes in the sensor environment (might be used to detect emulation)
-
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
2System Checks
2