General
-
Target
b698518ac071ba29e81ab8ebba49c364f5e8e7392e0c7814eb16ed9ab5735367.bin
-
Size
3.2MB
-
Sample
240801-1ycnessfph
-
MD5
1b2373f564e753a89759dad9ebef7881
-
SHA1
a76e21464c04c7fffb0ebe6422c16eb12bce58a7
-
SHA256
b698518ac071ba29e81ab8ebba49c364f5e8e7392e0c7814eb16ed9ab5735367
-
SHA512
2a1f677f52201f2ce70f65b5028680504d7186dfe1eb49361714932b7402c58156432d96e2830e49b194e5f07abc8bee8f2d99063ef619902ac53e16dad2ade3
-
SSDEEP
98304:VDhdjz8JfSdyXBilBrY1dzpIeQzL8ynPLmBFqno45U:/dj4JKdyXWBQ5QzIumx4i
Static task
static1
Behavioral task
behavioral1
Sample
b698518ac071ba29e81ab8ebba49c364f5e8e7392e0c7814eb16ed9ab5735367.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
b698518ac071ba29e81ab8ebba49c364f5e8e7392e0c7814eb16ed9ab5735367.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
b698518ac071ba29e81ab8ebba49c364f5e8e7392e0c7814eb16ed9ab5735367.apk
Resource
android-x64-arm64-20240624-en
Malware Config
Extracted
ginp
2.8d
mp72
http://sweetseventeen.top/
http://jackblack.cc/
-
uri
api201
Extracted
ginp
http://sweetseventeen.top/api201/
http://jackblack.cc/api201/
Targets
-
-
Target
b698518ac071ba29e81ab8ebba49c364f5e8e7392e0c7814eb16ed9ab5735367.bin
-
Size
3.2MB
-
MD5
1b2373f564e753a89759dad9ebef7881
-
SHA1
a76e21464c04c7fffb0ebe6422c16eb12bce58a7
-
SHA256
b698518ac071ba29e81ab8ebba49c364f5e8e7392e0c7814eb16ed9ab5735367
-
SHA512
2a1f677f52201f2ce70f65b5028680504d7186dfe1eb49361714932b7402c58156432d96e2830e49b194e5f07abc8bee8f2d99063ef619902ac53e16dad2ade3
-
SSDEEP
98304:VDhdjz8JfSdyXBilBrY1dzpIeQzL8ynPLmBFqno45U:/dj4JKdyXWBQ5QzIumx4i
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Queries information about active data network
-
Queries the mobile country code (MCC)
-
Requests accessing notifications (often used to intercept notifications before users become aware).
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-