General
-
Target
1467d2ecd513e319a32c42d85d6087cc4c6d0e5f7460bd0c2c997b86a56e3c31.bin
-
Size
2.7MB
-
Sample
240806-1z3w1awbqd
-
MD5
4429db8d2ccc93686bb64ea88e1de583
-
SHA1
78ac0bba6aab7e94466050d9c3ddedb7d276ec94
-
SHA256
1467d2ecd513e319a32c42d85d6087cc4c6d0e5f7460bd0c2c997b86a56e3c31
-
SHA512
1e1e596bca6b9085ad9d87bdb34ad6a3287a7a81970e560a832f872a20a8ff6f41edbc43f63457009356eb1d290702cda5df9dcd219bc299cb40628c7d07765b
-
SSDEEP
49152:RfMZIxKJf80Ca6QEl+mHsk7YG82yvH/4WJSKXXOQurvFfB+bH7IR4oWYe3a:RUZNE0CaG3H+b2yvHAWJSY1uD5BdzY3a
Static task
static1
Behavioral task
behavioral1
Sample
1467d2ecd513e319a32c42d85d6087cc4c6d0e5f7460bd0c2c997b86a56e3c31.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
1467d2ecd513e319a32c42d85d6087cc4c6d0e5f7460bd0c2c997b86a56e3c31.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
1467d2ecd513e319a32c42d85d6087cc4c6d0e5f7460bd0c2c997b86a56e3c31.apk
Resource
android-x64-arm64-20240624-en
Malware Config
Extracted
ginp
2.8d
mp43
http://sorryfordelay.top/
http://silverball.cc/
-
uri
api201
Extracted
ginp
http://sorryfordelay.top/api201/
http://silverball.cc/api201/
Targets
-
-
Target
1467d2ecd513e319a32c42d85d6087cc4c6d0e5f7460bd0c2c997b86a56e3c31.bin
-
Size
2.7MB
-
MD5
4429db8d2ccc93686bb64ea88e1de583
-
SHA1
78ac0bba6aab7e94466050d9c3ddedb7d276ec94
-
SHA256
1467d2ecd513e319a32c42d85d6087cc4c6d0e5f7460bd0c2c997b86a56e3c31
-
SHA512
1e1e596bca6b9085ad9d87bdb34ad6a3287a7a81970e560a832f872a20a8ff6f41edbc43f63457009356eb1d290702cda5df9dcd219bc299cb40628c7d07765b
-
SSDEEP
49152:RfMZIxKJf80Ca6QEl+mHsk7YG82yvH/4WJSKXXOQurvFfB+bH7IR4oWYe3a:RUZNE0CaG3H+b2yvHAWJSY1uD5BdzY3a
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Queries information about active data network
-
Requests accessing notifications (often used to intercept notifications before users become aware).
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Requests enabling of the accessibility settings.
-