General

  • Target

    QYADZO.apk

  • Size

    40.1MB

  • Sample

    241009-xx8spaweqa

  • MD5

    c57e877b317a6ae1c731fc398eae134a

  • SHA1

    19615fcb1d0cfcc30c114c4f69a62082b5615857

  • SHA256

    845df5afe3977d1d0109d725cf63b0c21e23f870ccf2de613f66f96e8ea145bd

  • SHA512

    6bd7d975a9a2ec29c6b0ebeb2117f922e5173775e6a3541baa1d9abf8901b8a46e53a8fa04b1b9aa6e51408a7716bc0228ec58268653a5290ec569121d637e5c

  • SSDEEP

    786432:H38Ym2d67A9Ls3unQn1SxlMTpxABB9F5d3fHQ62G3Zu3V0u/U1S2h:ITn1SvMNxABB9vdx3ZgygUhh

Malware Config

Targets

    • Target

      QYADZO.apk

    • Size

      40.1MB

    • MD5

      c57e877b317a6ae1c731fc398eae134a

    • SHA1

      19615fcb1d0cfcc30c114c4f69a62082b5615857

    • SHA256

      845df5afe3977d1d0109d725cf63b0c21e23f870ccf2de613f66f96e8ea145bd

    • SHA512

      6bd7d975a9a2ec29c6b0ebeb2117f922e5173775e6a3541baa1d9abf8901b8a46e53a8fa04b1b9aa6e51408a7716bc0228ec58268653a5290ec569121d637e5c

    • SSDEEP

      786432:H38Ym2d67A9Ls3unQn1SxlMTpxABB9F5d3fHQ62G3Zu3V0u/U1S2h:ITn1SvMNxABB9vdx3ZgygUhh

    • 888RAT

      888RAT is an Android remote administration tool.

    • Android Xamalicious payload

    • Xamalicious

      Xamalicious is an Android backdoor malware implemented with Xamarin framework first seen in December 2023.

    • Acquires the wake lock

    • Checks the application is allowed to request package installs through the package installer

      Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Queries information about active data network

    • Requests allowing to install additional applications from unknown sources.

    • Requests dangerous framework permissions

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

    • Requests enabling of the accessibility settings.

    • Tries to add a device administrator.

MITRE ATT&CK Mobile v15

Tasks