General
-
Target
1467d2ecd513e319a32c42d85d6087cc4c6d0e5f7460bd0c2c997b86a56e3c31.bin
-
Size
2.7MB
-
Sample
240806-1z3w1awbqd
-
MD5
4429db8d2ccc93686bb64ea88e1de583
-
SHA1
78ac0bba6aab7e94466050d9c3ddedb7d276ec94
-
SHA256
1467d2ecd513e319a32c42d85d6087cc4c6d0e5f7460bd0c2c997b86a56e3c31
-
SHA512
1e1e596bca6b9085ad9d87bdb34ad6a3287a7a81970e560a832f872a20a8ff6f41edbc43f63457009356eb1d290702cda5df9dcd219bc299cb40628c7d07765b
-
SSDEEP
49152:RfMZIxKJf80Ca6QEl+mHsk7YG82yvH/4WJSKXXOQurvFfB+bH7IR4oWYe3a:RUZNE0CaG3H+b2yvHAWJSY1uD5BdzY3a
Static task
static1
Behavioral task
behavioral1
Sample
1467d2ecd513e319a32c42d85d6087cc4c6d0e5f7460bd0c2c997b86a56e3c31.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
1467d2ecd513e319a32c42d85d6087cc4c6d0e5f7460bd0c2c997b86a56e3c31.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
1467d2ecd513e319a32c42d85d6087cc4c6d0e5f7460bd0c2c997b86a56e3c31.apk
Resource
android-x64-arm64-20240624-en
Malware Config
Extracted
ginp
2.8d
mp43
http://sorryfordelay.top/
http://silverball.cc/
-
uri
api201
Extracted
ginp
http://sorryfordelay.top/api201/
http://silverball.cc/api201/
Targets
-
-
Target
1467d2ecd513e319a32c42d85d6087cc4c6d0e5f7460bd0c2c997b86a56e3c31.bin
-
Size
2.7MB
-
MD5
4429db8d2ccc93686bb64ea88e1de583
-
SHA1
78ac0bba6aab7e94466050d9c3ddedb7d276ec94
-
SHA256
1467d2ecd513e319a32c42d85d6087cc4c6d0e5f7460bd0c2c997b86a56e3c31
-
SHA512
1e1e596bca6b9085ad9d87bdb34ad6a3287a7a81970e560a832f872a20a8ff6f41edbc43f63457009356eb1d290702cda5df9dcd219bc299cb40628c7d07765b
-
SSDEEP
49152:RfMZIxKJf80Ca6QEl+mHsk7YG82yvH/4WJSKXXOQurvFfB+bH7IR4oWYe3a:RUZNE0CaG3H+b2yvHAWJSY1uD5BdzY3a
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Queries information about active data network
-
Requests accessing notifications (often used to intercept notifications before users become aware).
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Requests enabling of the accessibility settings.
-
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Credential Access
Access Notifications
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
Software Discovery
1Security Software Discovery
1System Network Connections Discovery
1