8c19b11d942a5547ac6d220b20ea6e8d28fac7344e296bdcddbb7e34877c4a0e | Triage

Resubmissions

03/09/2024, 15:47

240903-s8n57s1hpg 8

03/09/2024, 15:43

240903-s6a6ka1hjf 6

03/09/2024, 15:27

240903-sv5k2azgjj 6

Sharing

Copy URL Twitter E-mail

General

Target

Walgreens_85.6_APKPure.apk
Size

179.7MB
Sample

240903-s8n57s1hpg
MD5

7f0516c687b2a0342db58b83e1073362
SHA1

29317dc7f7466cddb9de8875fbc35ef0f3f43c73
SHA256

8c19b11d942a5547ac6d220b20ea6e8d28fac7344e296bdcddbb7e34877c4a0e
SHA512

63edf093f87c2f32e7ec161d59d239cf7412056985d2f491792716f966d5144dd5d4e2f3285b326e750436fcf60e95d95b79a35fc0eb06f89913c1e143cfd047
SSDEEP

1572864:bzDeJMsljhITiSJbPSauXIzQ8cqmv7xGIWEpkpsRroc:b2KpJYIzVpw7

Score

8^/10

android collection credential_access discovery evasion execution impact persistence

Malware Config

Targets

- Target
  
  Walgreens_85.6_APKPure.apk
- Size
  
  179.7MB
- MD5
  
  7f0516c687b2a0342db58b83e1073362
- SHA1
  
  29317dc7f7466cddb9de8875fbc35ef0f3f43c73
- SHA256
  
  8c19b11d942a5547ac6d220b20ea6e8d28fac7344e296bdcddbb7e34877c4a0e
- SHA512
  
  63edf093f87c2f32e7ec161d59d239cf7412056985d2f491792716f966d5144dd5d4e2f3285b326e750436fcf60e95d95b79a35fc0eb06f89913c1e143cfd047
- SSDEEP
  
  1572864:bzDeJMsljhITiSJbPSauXIzQ8cqmv7xGIWEpkpsRroc:b2KpJYIzVpw7
Score

8^/10

collection credential_access discovery evasion execution impact persistence
- Checks if the Android device is rooted.
  evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Acquires the wake lock
- Queries information about active data network
  discovery
- Reads information about phone network operator.
  discovery
- Checks the presence of a debugger
  evasion
behavioral1 behavioral2

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Virtualization/Sandbox Evasion

System Checks

Credential Access

Clipboard Data

Discovery

Process Discovery

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Clipboard Data

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Data Manipulation

Transmitted Data Manipulation

Tasks

static1

behavioral1

behavioral2

collectioncredential_accessdiscoveryevasionexecutionimpactpersistence