General
-
Target
376ff4dbea2e3570a5cb98a8b335c0503d050fecd7bb4f65d252b1b596d14fc7.apk
-
Size
4.6MB
-
Sample
240920-bm8jaa1hlr
-
MD5
14e70653b82895367d33ec8570c9038e
-
SHA1
bc03f1ba99cfb61c5b09b8925fc2f7a0e9e12470
-
SHA256
376ff4dbea2e3570a5cb98a8b335c0503d050fecd7bb4f65d252b1b596d14fc7
-
SHA512
988678f6d1e5e257587fc3ee63fe4f23bfcc6791ed067864f051adeb1112dd5cf9238ba54051ce0795246505d31550ccac1967c6659f0d50702b2eab2a46a470
-
SSDEEP
98304:Yo8yiWPe+Xpf0rJeTfr3D0eyD0WD0rD0EUD0nAQD04D0fD0dO3:Y3yiWDr3DgD/D2DqDCVDxDuDyO3
Behavioral task
behavioral1
Sample
376ff4dbea2e3570a5cb98a8b335c0503d050fecd7bb4f65d252b1b596d14fc7.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
376ff4dbea2e3570a5cb98a8b335c0503d050fecd7bb4f65d252b1b596d14fc7.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
376ff4dbea2e3570a5cb98a8b335c0503d050fecd7bb4f65d252b1b596d14fc7.apk
Resource
android-x64-arm64-20240624-en
Malware Config
Targets
-
-
Target
376ff4dbea2e3570a5cb98a8b335c0503d050fecd7bb4f65d252b1b596d14fc7.apk
-
Size
4.6MB
-
MD5
14e70653b82895367d33ec8570c9038e
-
SHA1
bc03f1ba99cfb61c5b09b8925fc2f7a0e9e12470
-
SHA256
376ff4dbea2e3570a5cb98a8b335c0503d050fecd7bb4f65d252b1b596d14fc7
-
SHA512
988678f6d1e5e257587fc3ee63fe4f23bfcc6791ed067864f051adeb1112dd5cf9238ba54051ce0795246505d31550ccac1967c6659f0d50702b2eab2a46a470
-
SSDEEP
98304:Yo8yiWPe+Xpf0rJeTfr3D0eyD0WD0rD0EUD0nAQD04D0fD0dO3:Y3yiWDr3DgD/D2DqDCVDxDuDyO3
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Queries the mobile country code (MCC)
-
Requests accessing notifications (often used to intercept notifications before users become aware).
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Foreground Persistence
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Access Notifications
1Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1