General

  • Target

    b59c810d72c17eba8799da50ddab2c1cb8328397525b647f427b312ec789316a

  • Size

    10.9MB

  • Sample

    241014-ky77bsxdqn

  • MD5

    d12c948cd2451ad863baeff25dda3e80

  • SHA1

    d649c64ec69c6aff1f53cea52d17e7bc60345e33

  • SHA256

    b59c810d72c17eba8799da50ddab2c1cb8328397525b647f427b312ec789316a

  • SHA512

    6b122d12840cf39d5d920ddaa9955f0795ebadea43d85968a48478aa7a4bdcccf542d0cb9af40661ccf5c64259cffbc336036860994c4bae778ce23656474c2b

  • SSDEEP

    196608:Pq/DWXKXsxxWXNtRPpzsT05T09y4HteJ6reTag7XHAqk6L+tf2Znr6mXVUvaU0Vs:yKXKXMxW74T05T0jHKaoXetf20mXfU06

Malware Config

Targets

    • Target

      b59c810d72c17eba8799da50ddab2c1cb8328397525b647f427b312ec789316a

    • Size

      10.9MB

    • MD5

      d12c948cd2451ad863baeff25dda3e80

    • SHA1

      d649c64ec69c6aff1f53cea52d17e7bc60345e33

    • SHA256

      b59c810d72c17eba8799da50ddab2c1cb8328397525b647f427b312ec789316a

    • SHA512

      6b122d12840cf39d5d920ddaa9955f0795ebadea43d85968a48478aa7a4bdcccf542d0cb9af40661ccf5c64259cffbc336036860994c4bae778ce23656474c2b

    • SSDEEP

      196608:Pq/DWXKXsxxWXNtRPpzsT05T09y4HteJ6reTag7XHAqk6L+tf2Znr6mXVUvaU0Vs:yKXKXMxW74T05T0jHKaoXetf20mXfU06

    • Checks if the Android device is rooted.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about active data network

    • Queries the mobile country code (MCC)

    • Target

      fuhao.apk

    • Size

      5.6MB

    • MD5

      648bb5a0470e1b6de2c18841c26ff0ad

    • SHA1

      615d5e28e2076f352d448120916f4e5bbcf84590

    • SHA256

      c93cc53666392d60b6d3b5635e8fa8eaf56601ba10b6086d21535e5447389803

    • SHA512

      d3b38f5a1efd19f3796776b8bdcd9a016d71e3fa523e423b259b0c4e33a5fcba3958fcf9b949b3776abe457724f79759f133ac529fd59d23c30c472b4a57f33a

    • SSDEEP

      98304:MCx1IOrJd9bKViefjr1yNnc33v0eWBEENEzI+CC2Kobh/SaA:jxWG93+nunc38LBPNEzIvCbi/SaA

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks