General

  • Target

    6da8e49d8e083ec705985effa03cdb60cdd736f04ed711211b2a3842c815a708.apk

  • Size

    4.5MB

  • Sample

    240916-bql5fssdql

  • MD5

    9be332949fff5d1c9492c2c93f12aced

  • SHA1

    98ff85cb039c913aa902669b12207ca9db938aba

  • SHA256

    6da8e49d8e083ec705985effa03cdb60cdd736f04ed711211b2a3842c815a708

  • SHA512

    c0d4214a75015f3b44c14f9fa6ac60efee8a6dd0e6fda0295b5a337021451ca5d2ecca34bf78cd9ca1edf0bc71ab7d1f0f10e2bcd0d6c9afdb82dc856bb7c958

  • SSDEEP

    98304:BPGInkqO49d7I/ckRh8HVQtstir0D0eVD0ND0gD0EnD0nAzD0rD0ED0/cTf:B+Ikc5I/cLCWD/DcD9DRDCuDiDlDKcT

Malware Config

Targets

    • Target

      6da8e49d8e083ec705985effa03cdb60cdd736f04ed711211b2a3842c815a708.apk

    • Size

      4.5MB

    • MD5

      9be332949fff5d1c9492c2c93f12aced

    • SHA1

      98ff85cb039c913aa902669b12207ca9db938aba

    • SHA256

      6da8e49d8e083ec705985effa03cdb60cdd736f04ed711211b2a3842c815a708

    • SHA512

      c0d4214a75015f3b44c14f9fa6ac60efee8a6dd0e6fda0295b5a337021451ca5d2ecca34bf78cd9ca1edf0bc71ab7d1f0f10e2bcd0d6c9afdb82dc856bb7c958

    • SSDEEP

      98304:BPGInkqO49d7I/ckRh8HVQtstir0D0eVD0ND0gD0EnD0nAzD0rD0ED0/cTf:B+Ikc5I/cLCWD/DcD9DRDCuDiDlDKcT

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the mobile country code (MCC)

    • Requests accessing notifications (often used to intercept notifications before users become aware).

MITRE ATT&CK Mobile v15

Tasks