General
-
Target
a57722c7f7226f0aa9d0522201de4f90464ec0767312bd70d068c0874c5db086.bin
-
Size
3.2MB
-
Sample
240805-1yzsystekg
-
MD5
3a4ecfc9a36e7a4e95c5373a160ed226
-
SHA1
498a8f609fc55d8c84300fc019dd104b047989a4
-
SHA256
a57722c7f7226f0aa9d0522201de4f90464ec0767312bd70d068c0874c5db086
-
SHA512
9cb5e48cc1220652e3d2601bcdda1605b55679909b13c1bc57c8a1dc61dd774fde559aeaeecef95e5e5e685b79394fb3a43f184f7f38f88b66958a5420a57953
-
SSDEEP
49152:cZGm9XFAIv30HGRwE5DrVYVnIZ4BEdfh0Tgu4lP8W1Ge7V1JMl2tZbw90rFJ+7s:cdDhcYwcVYVHEdG/458W1Gelu0rjZ
Static task
static1
Behavioral task
behavioral1
Sample
a57722c7f7226f0aa9d0522201de4f90464ec0767312bd70d068c0874c5db086.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
a57722c7f7226f0aa9d0522201de4f90464ec0767312bd70d068c0874c5db086.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
a57722c7f7226f0aa9d0522201de4f90464ec0767312bd70d068c0874c5db086.apk
Resource
android-x64-arm64-20240624-en
Malware Config
Extracted
ginp
2.8d
mp70
http://coldcoolcoco.top/
http://jackblack.cc/
-
uri
api201
Extracted
ginp
http://coldcoolcoco.top/api201/
http://jackblack.cc/api201/
Targets
-
-
Target
a57722c7f7226f0aa9d0522201de4f90464ec0767312bd70d068c0874c5db086.bin
-
Size
3.2MB
-
MD5
3a4ecfc9a36e7a4e95c5373a160ed226
-
SHA1
498a8f609fc55d8c84300fc019dd104b047989a4
-
SHA256
a57722c7f7226f0aa9d0522201de4f90464ec0767312bd70d068c0874c5db086
-
SHA512
9cb5e48cc1220652e3d2601bcdda1605b55679909b13c1bc57c8a1dc61dd774fde559aeaeecef95e5e5e685b79394fb3a43f184f7f38f88b66958a5420a57953
-
SSDEEP
49152:cZGm9XFAIv30HGRwE5DrVYVnIZ4BEdfh0Tgu4lP8W1Ge7V1JMl2tZbw90rFJ+7s:cdDhcYwcVYVHEdG/458W1Gelu0rjZ
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Queries information about active data network
-
Queries the mobile country code (MCC)
-
Requests accessing notifications (often used to intercept notifications before users become aware).
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-