General
-
Target
d48543d061ac828a9270250ca89c5720bdd120166a1758269301b89117c60104.bin
-
Size
3.0MB
-
Sample
240806-1yqkaasbmk
-
MD5
90eb34ca97d781dedb32692f324373ce
-
SHA1
1b87d54121e1e0c483bc2940db02a8bffff3cc93
-
SHA256
d48543d061ac828a9270250ca89c5720bdd120166a1758269301b89117c60104
-
SHA512
ac684a7ea25f5b185f1a7cbd4188db5f46208a0edc96491e84ca251e5533b86da9654ae3f614296cb910e6409425d4d9e75ccea35e56fcff3d5455d64dba584c
-
SSDEEP
98304:rgOq+gPwDhK1tTDvOfs6kACxYCSQdQuyn4f:UOq+oIKHvmkxxTSpn4f
Static task
static1
Behavioral task
behavioral1
Sample
d48543d061ac828a9270250ca89c5720bdd120166a1758269301b89117c60104.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
d48543d061ac828a9270250ca89c5720bdd120166a1758269301b89117c60104.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
d48543d061ac828a9270250ca89c5720bdd120166a1758269301b89117c60104.apk
Resource
android-x64-arm64-20240624-en
Malware Config
Extracted
ginp
2.8d
mp68
http://crawlbone.top/
http://jackblack.cc/
-
uri
api201
Extracted
ginp
http://crawlbone.top/api201/
http://jackblack.cc/api201/
Targets
-
-
Target
d48543d061ac828a9270250ca89c5720bdd120166a1758269301b89117c60104.bin
-
Size
3.0MB
-
MD5
90eb34ca97d781dedb32692f324373ce
-
SHA1
1b87d54121e1e0c483bc2940db02a8bffff3cc93
-
SHA256
d48543d061ac828a9270250ca89c5720bdd120166a1758269301b89117c60104
-
SHA512
ac684a7ea25f5b185f1a7cbd4188db5f46208a0edc96491e84ca251e5533b86da9654ae3f614296cb910e6409425d4d9e75ccea35e56fcff3d5455d64dba584c
-
SSDEEP
98304:rgOq+gPwDhK1tTDvOfs6kACxYCSQdQuyn4f:UOq+oIKHvmkxxTSpn4f
-
Checks Android system properties for emulator presence.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Queries information about active data network
-
Queries the mobile country code (MCC)
-
Requests accessing notifications (often used to intercept notifications before users become aware).
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-