antidot | add00a4daf4de36f154c7313a13c155fd5a922119cb087d6cd93ed4b2fe372bc

Resubmissions

10-08-2024 13:29

240810-qrkekswajg 10

10-08-2024 13:26

240810-qpxbcs1dmq 10

10-08-2024 13:26

240810-qpm3pa1dmj 10

Sharing

Copy URL

Twitter E-mail

General

Target

Shield Plus_6.2.apk
Size

8.1MB
Sample

240810-qrkekswajg
MD5

5b7d31fb9202d6b559263fac309eb477
SHA1

587856a9368146e701ad654087329d4636cd62d1
SHA256

add00a4daf4de36f154c7313a13c155fd5a922119cb087d6cd93ed4b2fe372bc
SHA512

42dd54f71a23bc47ea92613b7a8b8b74f01cc8ec8b9e65afbb7c4bdbbb3d51ac510cba8ea68341f603ac177475a034d80f9849467fb6ead64f1db1b9de45366b
SSDEEP

196608:Wyw2BxZNmiYIQFBCuZ4NOzCjj8IkxCfgEK:Dw2T7mibQFBCw4NqcIIkxC4n

Score

10^/10

Malware Config

Targets

- Target
  
  Shield Plus_6.2.apk
- Size
  
  8.1MB
- MD5
  
  5b7d31fb9202d6b559263fac309eb477
- SHA1
  
  587856a9368146e701ad654087329d4636cd62d1
- SHA256
  
  add00a4daf4de36f154c7313a13c155fd5a922119cb087d6cd93ed4b2fe372bc
- SHA512
  
  42dd54f71a23bc47ea92613b7a8b8b74f01cc8ec8b9e65afbb7c4bdbbb3d51ac510cba8ea68341f603ac177475a034d80f9849467fb6ead64f1db1b9de45366b
- SSDEEP
  
  196608:Wyw2BxZNmiYIQFBCuZ4NOzCjj8IkxCfgEK:Dw2T7mibQFBCw4NqcIIkxC4n
Score

8^/10

banker discovery evasion impact
- Checks if the Android device is rooted.
  evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Checks the application is allowed to request package installs through the package installer
  Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).
  evasion
- Requests allowing to install additional applications from unknown sources.
  evasion
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Subvert Trust Controls

T1632

Code Signing Policy Modification

T1632.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Checks if the Android device is rooted.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Checks the application is allowed to request package installs through the package installer

Requests allowing to install additional applications from unknown sources.

Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Mobile v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4