b6d7db68320d747f0662761abbf6e8f8d96aad1779cb48b92854c9caa84d5905 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

com.celzero.bravedns_45.apk
Size

62.3MB
Sample

240809-rp54ya1gpr
MD5

a687fe97c6a7566d38333e2e482e3e11
SHA1

488255ad7a7a2e9ca9199586f5e6bd1a1f678feb
SHA256

b6d7db68320d747f0662761abbf6e8f8d96aad1779cb48b92854c9caa84d5905
SHA512

8c0dcc172749191d7d44013fd1e2213ff79b9244b9b7847041c67f9c123fc9ab7a2893310f7bdc79f2deca5f854cf6acf10488b21c60ff7b0f70750e99fe29bd
SSDEEP

393216:pfjtXY7rbIrBFTFgRDyJGPmxAq6elOWRB3H1OfcDPSDVSg/L/fJOCuzGLMPPV3uE:p7tX0bdDUwm2M1Op4PV3dRy8RPO0f

Score

7^/10

android banker discovery evasion execution persistence

Malware Config

Targets

- Target
  
  com.celzero.bravedns_45.apk
- Size
  
  62.3MB
- MD5
  
  a687fe97c6a7566d38333e2e482e3e11
- SHA1
  
  488255ad7a7a2e9ca9199586f5e6bd1a1f678feb
- SHA256
  
  b6d7db68320d747f0662761abbf6e8f8d96aad1779cb48b92854c9caa84d5905
- SHA512
  
  8c0dcc172749191d7d44013fd1e2213ff79b9244b9b7847041c67f9c123fc9ab7a2893310f7bdc79f2deca5f854cf6acf10488b21c60ff7b0f70750e99fe29bd
- SSDEEP
  
  393216:pfjtXY7rbIrBFTFgRDyJGPmxAq6elOWRB3H1OfcDPSDVSg/L/fJOCuzGLMPPV3uE:p7tX0bdDUwm2M1Op4PV3dRy8RPO0f
Score

7^/10

banker discovery execution persistence evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
behavioral1 behavioral2

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bankerdiscoveryexecutionpersistence

behavioral2

bankerdiscoveryevasionexecutionpersistence