General
-
Target
ready.apk
-
Size
43.3MB
-
Sample
240810-p87qrsvbrg
-
MD5
8da5a888bb8f41577773e0f420ea4dd9
-
SHA1
ef305c782f1b1f3e6cf26155a1f8c0c80599125d
-
SHA256
3cc12843a0a157b21afe127dcce992283f89f1512bf0cc41cbd447a0a7f40e02
-
SHA512
3e2466f2cdc4d610df406dc63ffd26cc42e4bdd1d8b2fe238bc862b46806e1eb2a9f04f0f02e74edc418e74382777413d72da36ebd7506b7839aa734471a4cc6
-
SSDEEP
786432:uXIbYE9ZiO1ZpFL5UYMylMBeTeLwPx//YTgjbrbP4Ep5TdGEaWs05FOvF0APm6KQ:u4kY1tiYMylMBMx5YTgnP4Ep5hG0Ie6v
Behavioral task
behavioral1
Sample
ready.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral2
Sample
ready.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral3
Sample
ready.apk
Resource
android-33-x64-arm64-20240624-en
Behavioral task
behavioral4
Sample
ready.apk
Resource
android-x86-arm-20240624-en
Malware Config
Targets
-
-
Target
ready.apk
-
Size
43.3MB
-
MD5
8da5a888bb8f41577773e0f420ea4dd9
-
SHA1
ef305c782f1b1f3e6cf26155a1f8c0c80599125d
-
SHA256
3cc12843a0a157b21afe127dcce992283f89f1512bf0cc41cbd447a0a7f40e02
-
SHA512
3e2466f2cdc4d610df406dc63ffd26cc42e4bdd1d8b2fe238bc862b46806e1eb2a9f04f0f02e74edc418e74382777413d72da36ebd7506b7839aa734471a4cc6
-
SSDEEP
786432:uXIbYE9ZiO1ZpFL5UYMylMBeTeLwPx//YTgjbrbP4Ep5TdGEaWs05FOvF0APm6KQ:u4kY1tiYMylMBMx5YTgnP4Ep5hG0Ie6v
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Reads the content of the SMS messages.
-
Reads the content of the call log.
-
Acquires the wake lock
-
Legitimate hosting services abused for malware hosting/C2
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Queries information about active data network
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
Reads information about phone network operator.
-
Requests dangerous framework permissions
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Tries to add a device administrator.
-
MITRE ATT&CK Enterprise v15
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Privilege Escalation
Abuse Elevation Control Mechanism
1Device Administrator Permissions
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Indicator Removal on Host
1Uninstall Malicious Application
1Input Injection
1Discovery
Software Discovery
1Security Software Discovery
1System Network Configuration Discovery
2System Network Connections Discovery
1