General
-
Target
you_tv_player.apk
-
Size
30.9MB
-
Sample
240823-b9w4rsyhmg
-
MD5
f91fb4b5e96eef3d3b6a76ffbf33afa9
-
SHA1
365c0ca17666b8541501b553e56e49ae00016a2d
-
SHA256
5eb4699148872722744f13e66bcf22fed82c2a00cb7e3190167736d0a123fa45
-
SHA512
885bb1a9de9e2984ba9829e4c4484bafbda1d338d560053e90373bd7ec683684a5c29a35e8e4fb5847d0db05d081c3d43228183cb9f1cfac125cc66895b21b91
-
SSDEEP
786432:aHUgfKng6pY2U9b02WVYGdyhZq5yEULQb18DG:kUgyng6pY9AOGd2Zqg9QbGK
Malware Config
Targets
-
-
Target
you_tv_player.apk
-
Size
30.9MB
-
MD5
f91fb4b5e96eef3d3b6a76ffbf33afa9
-
SHA1
365c0ca17666b8541501b553e56e49ae00016a2d
-
SHA256
5eb4699148872722744f13e66bcf22fed82c2a00cb7e3190167736d0a123fa45
-
SHA512
885bb1a9de9e2984ba9829e4c4484bafbda1d338d560053e90373bd7ec683684a5c29a35e8e4fb5847d0db05d081c3d43228183cb9f1cfac125cc66895b21b91
-
SSDEEP
786432:aHUgfKng6pY2U9b02WVYGdyhZq5yEULQb18DG:kUgyng6pY9AOGd2Zqg9QbGK
Score8/10-
Checks if the Android device is rooted.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Acquires the wake lock
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about active data network
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC)
-
Checks the presence of a debugger
-
MITRE ATT&CK Enterprise v15
MITRE ATT&CK Mobile v15
Defense Evasion
Foreground Persistence
1Virtualization/Sandbox Evasion
1System Checks
1