Overview

overview

10

Static

static

10

oogleWebBr...id.apk

android-10-x64

8

oogleWebBr...id.apk

android-11-x64

8

oogleWebBr...id.apk

android-13-x64

8

oogleWebBr...id.apk

android-9-x86

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    oogleWebBrowserAndroid.apk

  • Size

    12.1MB

  • Sample

    240917-tepqba1fka

  • MD5

    d0d130c855a790da28fdd744535ef07f

  • SHA1

    e9760321509f198ffd80667cc8fa34c4c76f4cc7

  • SHA256

    e6746d0069dea77ecd1d7a611c45e5af220643c23f7b473e1bc2ed8aa2923475

  • SHA512

    e6a08e435d5ea53de01c765c7747e2bcfea9dc99e67ac4e8b5d5cdfd7f07894e9554b04aca9d0310a7cc09b180bfa84f7e9192c03e79ae8f664a230a740a2a5f

  • SSDEEP

    196608:wvyd7pyOZgwi70nk6zLxs1yuyc3u4Ly3UUnKEO++lUU4tjBZPqECEtZWk:wvi7E4gh0k6z2UHc3u4GnKA+lUx

Score
10/10
smswormandroidcollectioncredential_accessdiscoveryevasionexecutionimpactpersistence

Malware Config

Targets

    • Target

      oogleWebBrowserAndroid.apk

    • Size

      12.1MB

    • MD5

      d0d130c855a790da28fdd744535ef07f

    • SHA1

      e9760321509f198ffd80667cc8fa34c4c76f4cc7

    • SHA256

      e6746d0069dea77ecd1d7a611c45e5af220643c23f7b473e1bc2ed8aa2923475

    • SHA512

      e6a08e435d5ea53de01c765c7747e2bcfea9dc99e67ac4e8b5d5cdfd7f07894e9554b04aca9d0310a7cc09b180bfa84f7e9192c03e79ae8f664a230a740a2a5f

    • SSDEEP

      196608:wvyd7pyOZgwi70nk6zLxs1yuyc3u4Ly3UUnKEO++lUU4tjBZPqECEtZWk:wvi7E4gh0k6z2UHc3u4GnKA+lUx

    Score
    8/10
    collectioncredential_accessdiscoveryevasionexecutionimpactpersistence

    • Checks if the Android device is rooted.

      evasion

    • Checks Android system properties for emulator presence.

      evasion

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

      evasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

      collectioncredential_accessimpact

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Acquires the wake lock

    • Queries information about active data network

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Reads information about phone network operator.

      discovery

    • Requests cell location

      Uses Android APIs to to get current cell information.

      collectiondiscovery
    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Mobile v15

Tasks