Overview

overview

8

Static

static

6

f76524d907...e4.apk

android-9-x86

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f76524d907aa6b2e6f192e3e513622ab31489997d0754df775f9f5e8e111e3e4.apk

  • Size

    2.1MB

  • Sample

    240725-mezrystarp

  • MD5

    9495d2a58fb5efe2189ab890fe98a2fa

  • SHA1

    e30941e6adb3411176509c79e0377a9b4903717d

  • SHA256

    f76524d907aa6b2e6f192e3e513622ab31489997d0754df775f9f5e8e111e3e4

  • SHA512

    31e828bec5be506c823c3eeba6c1174d339510c5479ef93f0000453095c319c1c9330c859a133d7ac4af4df4b8ed6caccf744b57a0ecac012a2dbc7ebe46b141

  • SSDEEP

    49152:aaErDVPV5HJzTpkb6flyDqqQT775RPxpXQEg0JT4tYT+x8hw5zpcViOJouzoS8A:aaCpHJzTpkbHDqF75JxpOs42TybpuNoM

Score
8/10
androidcollectioncredential_accessevasionexecutionpersistencestealthtrojan

Malware Config

Targets

    • Target

      f76524d907aa6b2e6f192e3e513622ab31489997d0754df775f9f5e8e111e3e4.apk

    • Size

      2.1MB

    • MD5

      9495d2a58fb5efe2189ab890fe98a2fa

    • SHA1

      e30941e6adb3411176509c79e0377a9b4903717d

    • SHA256

      f76524d907aa6b2e6f192e3e513622ab31489997d0754df775f9f5e8e111e3e4

    • SHA512

      31e828bec5be506c823c3eeba6c1174d339510c5479ef93f0000453095c319c1c9330c859a133d7ac4af4df4b8ed6caccf744b57a0ecac012a2dbc7ebe46b141

    • SSDEEP

      49152:aaErDVPV5HJzTpkb6flyDqqQT775RPxpXQEg0JT4tYT+x8hw5zpcViOJouzoS8A:aaCpHJzTpkbHDqF75JxpOs42TybpuNoM

    Score
    8/10
    collectioncredential_accessevasionexecutionpersistencestealthtrojan

    • Removes its main activity from the application launcher

      stealthtrojanevasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

      evasion

    • Requests accessing notifications (often used to intercept notifications before users become aware).

      collectioncredential_access

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion

    • Requests enabling of the accessibility settings.

    • Listens for changes in the sensor environment (might be used to detect emulation)

      evasion
    behavioral1

MITRE ATT&CK Mobile v15

Tasks