bazarloader | 851f3f8ea378a611f5a7b1171717f3ea5660f7a27ad0d5c34ab2a0414fafbcf1 | Triage

Sharing

General

Target

Tasker.ver.6.3.13.build.5395.apk
Size

36.8MB
Sample

240918-pnc1na1hrm
MD5

e44093c41d157e1e2c761d4a63b3515c
SHA1

3a38c12467834fc155c755090573bf67d205dbf5
SHA256

851f3f8ea378a611f5a7b1171717f3ea5660f7a27ad0d5c34ab2a0414fafbcf1
SHA512

4bc640be5addebb4ad1189f2efedb322328b4094c9d0565597b20a9f4642891014305d354cb385c5bf6acd1ba36eac0c997354ad25b51d4155e1e8164b69a1c7
SSDEEP

786432:Ie8y4HOQKcAm6qRrHPwCQ7X+j7P3AAUs7i2IRSPzOd8R8USMnU:IeCHJN1Po07PQALe2I4Pzs8RxSh

Score

10^/10

bazarloader smsagent android collection credential_access discovery evasion impact persistence

Malware Config

Targets

- Target
  
  Tasker.ver.6.3.13.build.5395.apk
- Size
  
  36.8MB
- MD5
  
  e44093c41d157e1e2c761d4a63b3515c
- SHA1
  
  3a38c12467834fc155c755090573bf67d205dbf5
- SHA256
  
  851f3f8ea378a611f5a7b1171717f3ea5660f7a27ad0d5c34ab2a0414fafbcf1
- SHA512
  
  4bc640be5addebb4ad1189f2efedb322328b4094c9d0565597b20a9f4642891014305d354cb385c5bf6acd1ba36eac0c997354ad25b51d4155e1e8164b69a1c7
- SSDEEP
  
  786432:Ie8y4HOQKcAm6qRrHPwCQ7X+j7P3AAUs7i2IRSPzOd8R8USMnU:IeCHJN1Po07PQALe2I4Pzs8RxSh
Score

7^/10

collection credential_access discovery evasion impact persistence
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries the mobile country code (MCC)
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Privilege Escalation

Defense Evasion

Foreground Persistence

Virtualization/Sandbox Evasion

System Checks

Credential Access

Clipboard Data

Discovery

System Information Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Clipboard Data

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Data Manipulation

Transmitted Data Manipulation

Tasks

static1

bazarloadersmsagent

behavioral1

collectioncredential_accessdiscoveryevasionimpactpersistence

behavioral2

collectioncredential_accessevasionimpactpersistence

behavioral3

collectioncredential_accessevasionimpactpersistence