General

  • Target

    94a5076bce7386929eb5a59f2e2c9a8ed6954a81a127b238d06f6bfbe62660f4.bin

  • Size

    4.2MB

  • Sample

    241018-1zcd2ssfqp

  • MD5

    04b3bd3141066913ad86adff56d78bff

  • SHA1

    57ab9db092806e770b42d3a32b04538763ba858f

  • SHA256

    94a5076bce7386929eb5a59f2e2c9a8ed6954a81a127b238d06f6bfbe62660f4

  • SHA512

    f117e98d85b8c706479979140bd85a38863a3c13458019a33b5aed3cc2a09d1891b3165a1eb097a5d3d8cf76e0e47032692867092ec46514523f70d371c98606

  • SSDEEP

    98304:JZSn/oTRPREuAZ4gCECoW5ovw8MpdbYdq+UjKgkbrMf:unS5SGEZWqNIk9U2dbrA

Malware Config

Targets

    • Target

      94a5076bce7386929eb5a59f2e2c9a8ed6954a81a127b238d06f6bfbe62660f4.bin

    • Size

      4.2MB

    • MD5

      04b3bd3141066913ad86adff56d78bff

    • SHA1

      57ab9db092806e770b42d3a32b04538763ba858f

    • SHA256

      94a5076bce7386929eb5a59f2e2c9a8ed6954a81a127b238d06f6bfbe62660f4

    • SHA512

      f117e98d85b8c706479979140bd85a38863a3c13458019a33b5aed3cc2a09d1891b3165a1eb097a5d3d8cf76e0e47032692867092ec46514523f70d371c98606

    • SSDEEP

      98304:JZSn/oTRPREuAZ4gCECoW5ovw8MpdbYdq+UjKgkbrMf:unS5SGEZWqNIk9U2dbrA

    • Checks if the Android device is rooted.

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Legitimate hosting services abused for malware hosting/C2

    • Queries information about active data network

    • Queries the mobile country code (MCC)

    • Reads information about phone network operator.

    • Requests cell location

      Uses Android APIs to to get current cell information.

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Tasks