General

  • Target

    Awis.apk

  • Size

    50.6MB

  • Sample

    241014-kgpnnaxbnr

  • MD5

    551a66eaeca041150d3ad7b97818e1d8

  • SHA1

    6a0647685a5ec46577f6a0047a69f1babaec34e4

  • SHA256

    efc9046eb845437f48ad0f99b67d2c39c12b5cfb227d50538f74e096bd702d2a

  • SHA512

    35d43120524afd1a29c0cda090a7d161c302fc237662d1799b42edba5469347e767276a2c2e1c342a65053d93d3fcf30582f5502c45506d976f6411b0a607196

  • SSDEEP

    786432:CAUseE0pJ79dIPtcRQOBjHZyIiAIb30aX:CPE0wcRdHZyIiAIb30aX

Malware Config

Targets

    • Target

      Awis.apk

    • Size

      50.6MB

    • MD5

      551a66eaeca041150d3ad7b97818e1d8

    • SHA1

      6a0647685a5ec46577f6a0047a69f1babaec34e4

    • SHA256

      efc9046eb845437f48ad0f99b67d2c39c12b5cfb227d50538f74e096bd702d2a

    • SHA512

      35d43120524afd1a29c0cda090a7d161c302fc237662d1799b42edba5469347e767276a2c2e1c342a65053d93d3fcf30582f5502c45506d976f6411b0a607196

    • SSDEEP

      786432:CAUseE0pJ79dIPtcRQOBjHZyIiAIb30aX:CPE0wcRdHZyIiAIb30aX

    • Checks if the Android device is rooted.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Queries information about active data network

    • Queries the mobile country code (MCC)

    • Reads information about phone network operator.

    • Checks the presence of a debugger

MITRE ATT&CK Mobile v15

Tasks