cac7a1b90b169fd4a6524e4f8d6ea0444b68700d436b93c3e3ed72aa548632ca | Triage

Resubmissions

14/09/2024, 20:47

240914-zk7qzawakd 8

14/09/2024, 20:38

240914-ze6xgsvfkh 8

14/09/2024, 20:32

240914-zbentsvblk 8

14/09/2024, 20:17

240914-y26pkatgna 8

13/09/2024, 20:45

240913-zjnxgaxglq 8

13/09/2024, 20:03

240913-ys6m7swfpg 8

13/09/2024, 19:50

240913-ykbg4awcla 8

13/09/2024, 19:35

240913-yaszdsvfmh 8

Sharing

General

Target

com-mod-fitia-mod-apk-unlocked-18-7-0-792.apk
Size

47.8MB
Sample

240914-zbentsvblk
MD5

87242433cd4ffdf0230a1d38a5c62167
SHA1

5cf197cc6bb44a4811344b05becda64ecc197c44
SHA256

cac7a1b90b169fd4a6524e4f8d6ea0444b68700d436b93c3e3ed72aa548632ca
SHA512

dd44064a53df67446063a4c62840241bebd5099ab28a2b085a2ca1ddde861c200e38da9e8eb78e56fa2cfa3cb3117b770d5e62b5b13a37327e4eebd77c61c143
SSDEEP

786432:mr4UU46Dj9PRQ/6x7gYyEW3FS0IXQCX51bQ1B2T3Wkx1D8OT4z03B6zC9+lnc:m0UMj9S/6+YTWV9VYkChHT+yB6zCH

Score

8^/10

android discovery evasion execution persistence

Malware Config

Targets

- Target
  
  com-mod-fitia-mod-apk-unlocked-18-7-0-792.apk
- Size
  
  47.8MB
- MD5
  
  87242433cd4ffdf0230a1d38a5c62167
- SHA1
  
  5cf197cc6bb44a4811344b05becda64ecc197c44
- SHA256
  
  cac7a1b90b169fd4a6524e4f8d6ea0444b68700d436b93c3e3ed72aa548632ca
- SHA512
  
  dd44064a53df67446063a4c62840241bebd5099ab28a2b085a2ca1ddde861c200e38da9e8eb78e56fa2cfa3cb3117b770d5e62b5b13a37327e4eebd77c61c143
- SSDEEP
  
  786432:mr4UU46Dj9PRQ/6x7gYyEW3FS0IXQCX51bQ1B2T3Wkx1D8OT4z03B6zC9+lnc:m0UMj9S/6+YTWV9VYkChHT+yB6zCH
Score

8^/10

discovery evasion execution persistence
- Checks if the Android device is rooted.
  evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Acquires the wake lock
- Queries information about active data network
  discovery
- Queries the mobile country code (MCC)
  discovery
- Reads information about phone network operator.
  discovery
- Checks the presence of a debugger
  evasion
- Listens for changes in the sensor environment (might be used to detect emulation)
  evasion
behavioral1 behavioral2

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Broadcast Receivers

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Hide Artifacts

User Evasion

Credential Access

Discovery

Process Discovery

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionexecutionpersistence

behavioral2

discoveryevasionexecutionpersistence