General
-
Target
F-Secure_SAFE_Internet_Security.apk
-
Size
9.3MB
-
Sample
241017-kdqfsazdja
-
MD5
13d762f8e1cac1134ab798ae1a981f36
-
SHA1
14e27acd7754b8f7c3c0dc26b536a6f8001e399e
-
SHA256
81eaa6b9ff19446b051dc042ea9e636cfa40f866943b548c98964229919a1e0d
-
SHA512
ef30fb4c61474019a726731bae7af422e0889bba747e1cc35375187bfa1e8207ad3c994cb2cd6195c6e0977f0b3034f71d326ee9499b6704b683c312ffcbc267
-
SSDEEP
98304:FpzC1Zb4YYhhxVFbQEAhawknnxFYG7TqmzOzBGTi0tsoot:nzsZTYzXqXc3PFzzhq
Malware Config
Targets
-
-
Target
F-Secure_SAFE_Internet_Security.apk
-
Size
9.3MB
-
MD5
13d762f8e1cac1134ab798ae1a981f36
-
SHA1
14e27acd7754b8f7c3c0dc26b536a6f8001e399e
-
SHA256
81eaa6b9ff19446b051dc042ea9e636cfa40f866943b548c98964229919a1e0d
-
SHA512
ef30fb4c61474019a726731bae7af422e0889bba747e1cc35375187bfa1e8207ad3c994cb2cd6195c6e0977f0b3034f71d326ee9499b6704b683c312ffcbc267
-
SSDEEP
98304:FpzC1Zb4YYhhxVFbQEAhawknnxFYG7TqmzOzBGTi0tsoot:nzsZTYzXqXc3PFzzhq
Score7/10-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Input Injection
1