antidot | f650d333d32fce85a906bded4fc57213c90052b08f9ace1c0cca5e658eeb7432

General

Target

f650d333d32fce85a906bded4fc57213c90052b08f9ace1c0cca5e658eeb7432.bin
Size

2.9MB
Sample

240727-1w89lstgpa
MD5

eb252a58ad9b57f0a570ae558acc2944
SHA1

c29cff7b0613440d721bd2aeb28136df6360720a
SHA256

f650d333d32fce85a906bded4fc57213c90052b08f9ace1c0cca5e658eeb7432
SHA512

26fa710f68231309c43013d62266319bfca20590cbc76ea7b399cfc7208da6c53fb13d2a06134ebe907c094cc18b555c5a47d48c12184c587f1c6efec13e8c93
SSDEEP

49152:gSwIWI9ccWpr8U5qMxPZSpp/QtcnHJtLQAj7iXVDuWVcT+BFkcGZplDesZ8RygCf:FwInccW2xvpRQmHca7QbVTBFkVrp7RTb

Score

10^/10

Malware Config

Targets

- Target
  
  f650d333d32fce85a906bded4fc57213c90052b08f9ace1c0cca5e658eeb7432.bin
- Size
  
  2.9MB
- MD5
  
  eb252a58ad9b57f0a570ae558acc2944
- SHA1
  
  c29cff7b0613440d721bd2aeb28136df6360720a
- SHA256
  
  f650d333d32fce85a906bded4fc57213c90052b08f9ace1c0cca5e658eeb7432
- SHA512
  
  26fa710f68231309c43013d62266319bfca20590cbc76ea7b399cfc7208da6c53fb13d2a06134ebe907c094cc18b555c5a47d48c12184c587f1c6efec13e8c93
- SSDEEP
  
  49152:gSwIWI9ccWpr8U5qMxPZSpp/QtcnHJtLQAj7iXVDuWVcT+BFkcGZplDesZ8RygCf:FwInccW2xvpRQmHca7QbVTBFkVrp7RTb
Score

6^/10

execution persistence evasion
- Checks the application is allowed to request package installs through the package installer
  Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).
  evasion
behavioral1 behavioral2 behavioral3
- Target
  
  xuwexi
- Size
  
  3.0MB
- MD5
  
  a38a3000393bb258f4308a7ca69b7d0b
- SHA1
  
  6bcb76a2f0f9ca53aa7391ee4a9bcf30f3df0eea
- SHA256
  
  46af9709835a5d664094a40c2922af519e39aa04324fc57626f4cfb1dd62162d
- SHA512
  
  58ef0a50eb2ecd9d2d8c6196c45f716cad2faa8a18cc7aee21d9c26ce7e8e0041a6b7111c931fead6a8c444b89be850ebb24e27f1935549315f5c28dbcf9a6c7
- SSDEEP
  
  49152:wox/YEdJsYI0xkzx18pUpzhjDzgGGUc32Dkuk:woKGKRGUc324uk
Score

7^/10

banker collection credential_access discovery evasion execution impact persistence
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Reads the content of the SMS messages.
  collection
- Performs UI accessibility actions on behalf of the user
  Application may abuse the accessibility service to prevent their removal.
  evasion
- Queries information about active data network
  discovery
- Queries the mobile country code (MCC)
  discovery
- Requests uninstalling the application.
  evasion
behavioral4 behavioral5 behavioral6