General
-
Target
BLC.USSI.apk
-
Size
78.5MB
-
Sample
240803-kxyaqstaqc
-
MD5
064fbab72c516327983edad003977df6
-
SHA1
e7a7733146cec52d6bd157749a2ee84d22cf0e60
-
SHA256
8e4fe9ea053ead9949263504c9b3eefa8b7adbf3b1c0d85863a3e093e44ffc63
-
SHA512
b14780a019ef7edbc8fb5c5d0411a77808a3f44a7bcb07eef469fda5496efa0a87e5727cb2a1d18abd2313e7c7d8cdee7987b90445b7ada3bdf4f2895722a637
-
SSDEEP
1572864:r7g1o2dcZ9YzJI/C4e02ziqeiGDU2KzaQOECzCLyY+hGRYVLTxQ:r7g1VdcHYzJIa42z1BO/E5mvw6LTe
Behavioral task
behavioral1
Sample
BLC.USSI.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
BLC.USSI.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
BLC.USSI.apk
Resource
android-x64-arm64-20240624-en
Malware Config
Extracted
spynote
5.tcp.eu.ngrok.io:12085
Targets
-
-
Target
BLC.USSI.apk
-
Size
78.5MB
-
MD5
064fbab72c516327983edad003977df6
-
SHA1
e7a7733146cec52d6bd157749a2ee84d22cf0e60
-
SHA256
8e4fe9ea053ead9949263504c9b3eefa8b7adbf3b1c0d85863a3e093e44ffc63
-
SHA512
b14780a019ef7edbc8fb5c5d0411a77808a3f44a7bcb07eef469fda5496efa0a87e5727cb2a1d18abd2313e7c7d8cdee7987b90445b7ada3bdf4f2895722a637
-
SSDEEP
1572864:r7g1o2dcZ9YzJI/C4e02ziqeiGDU2KzaQOECzCLyY+hGRYVLTxQ:r7g1VdcHYzJIa42z1BO/E5mvw6LTe
-
Legitimate hosting services abused for malware hosting/C2
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Requests enabling of the accessibility settings.
-
Tries to add a device administrator.
-
MITRE ATT&CK Enterprise v15
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Privilege Escalation
Abuse Elevation Control Mechanism
1Device Administrator Permissions
1