General

  • Target

    ready.apk

  • Size

    43.3MB

  • Sample

    240810-p87qrsvbrg

  • MD5

    8da5a888bb8f41577773e0f420ea4dd9

  • SHA1

    ef305c782f1b1f3e6cf26155a1f8c0c80599125d

  • SHA256

    3cc12843a0a157b21afe127dcce992283f89f1512bf0cc41cbd447a0a7f40e02

  • SHA512

    3e2466f2cdc4d610df406dc63ffd26cc42e4bdd1d8b2fe238bc862b46806e1eb2a9f04f0f02e74edc418e74382777413d72da36ebd7506b7839aa734471a4cc6

  • SSDEEP

    786432:uXIbYE9ZiO1ZpFL5UYMylMBeTeLwPx//YTgjbrbP4Ep5TdGEaWs05FOvF0APm6KQ:u4kY1tiYMylMBMx5YTgnP4Ep5hG0Ie6v

Malware Config

Targets

    • Target

      ready.apk

    • Size

      43.3MB

    • MD5

      8da5a888bb8f41577773e0f420ea4dd9

    • SHA1

      ef305c782f1b1f3e6cf26155a1f8c0c80599125d

    • SHA256

      3cc12843a0a157b21afe127dcce992283f89f1512bf0cc41cbd447a0a7f40e02

    • SHA512

      3e2466f2cdc4d610df406dc63ffd26cc42e4bdd1d8b2fe238bc862b46806e1eb2a9f04f0f02e74edc418e74382777413d72da36ebd7506b7839aa734471a4cc6

    • SSDEEP

      786432:uXIbYE9ZiO1ZpFL5UYMylMBeTeLwPx//YTgjbrbP4Ep5TdGEaWs05FOvF0APm6KQ:u4kY1tiYMylMBMx5YTgnP4Ep5hG0Ie6v

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Reads the content of the SMS messages.

    • Reads the content of the call log.

    • Acquires the wake lock

    • Launchs application uninstaller.

    • Legitimate hosting services abused for malware hosting/C2

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

    • Queries information about active data network

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

    • Requests dangerous framework permissions

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

    • Tries to add a device administrator.

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Tasks