General

  • Target

    xiaoji_1.8.15.apk

  • Size

    153.0MB

  • Sample

    241015-wwkh2ayhla

  • MD5

    e2fa3c03fa93ad23b919045b52c849f3

  • SHA1

    5b1c97bc5d3e5d3b766b34a14dfc02067e455281

  • SHA256

    05c0d01cc79838578f1ebdf32702c6615f26695261040203b7bea21879e8727b

  • SHA512

    61a3435e7be6449e8b5ef59968adbe1b2aa0fd1c645cc19a238ffe05658b2de1a9a0590c4fae18dc9e68d94d96cea21a22e94c6be36791eef5fe8b24d22e96c7

  • SSDEEP

    3145728:tbOCTIOT/y5+vbA8FsVonPxy1b1WH2XBsZGpzzxllEb0VvzDb:/J65CbA8bJyPLX8G1SAVv7

Malware Config

Targets

    • Target

      xiaoji_1.8.15.apk

    • Size

      153.0MB

    • MD5

      e2fa3c03fa93ad23b919045b52c849f3

    • SHA1

      5b1c97bc5d3e5d3b766b34a14dfc02067e455281

    • SHA256

      05c0d01cc79838578f1ebdf32702c6615f26695261040203b7bea21879e8727b

    • SHA512

      61a3435e7be6449e8b5ef59968adbe1b2aa0fd1c645cc19a238ffe05658b2de1a9a0590c4fae18dc9e68d94d96cea21a22e94c6be36791eef5fe8b24d22e96c7

    • SSDEEP

      3145728:tbOCTIOT/y5+vbA8FsVonPxy1b1WH2XBsZGpzzxllEb0VvzDb:/J65CbA8bJyPLX8G1SAVv7

    • Checks if the Android device is rooted.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Acquires the wake lock

    • Legitimate hosting services abused for malware hosting/C2

    • Queries information about active data network

    • Queries the mobile country code (MCC)

    • Checks the presence of a debugger

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Tasks