General
-
Target
优酷28.apk
-
Size
4.5MB
-
Sample
241018-z1jn3sycpf
-
MD5
9dd919eaecd6e6ceabcfef4e4a7d0760
-
SHA1
bcfcb18e834fbf40ce804ec09dc1e6c8989373cb
-
SHA256
27e1dde4dcab9a1b8885ec0cfb7fe65f4733e6b13bbfe3a9feddd8220a4f1826
-
SHA512
3bfea8b4c1941bb3be4d577c634477f53f8cb9c5a3648080582e977a010718e6e34a659ed209dbee8577dbf225c193160a954949cb652d9931ff1b2567b974a2
-
SSDEEP
98304:1fzBT7dhX1sDJ5viyAdGMP4vjT7mzDD+LrgMB0t+XmBurh:rd4jv1AAMP4vHqzfweCbh
Malware Config
Targets
-
-
Target
优酷28.apk
-
Size
4.5MB
-
MD5
9dd919eaecd6e6ceabcfef4e4a7d0760
-
SHA1
bcfcb18e834fbf40ce804ec09dc1e6c8989373cb
-
SHA256
27e1dde4dcab9a1b8885ec0cfb7fe65f4733e6b13bbfe3a9feddd8220a4f1826
-
SHA512
3bfea8b4c1941bb3be4d577c634477f53f8cb9c5a3648080582e977a010718e6e34a659ed209dbee8577dbf225c193160a954949cb652d9931ff1b2567b974a2
-
SSDEEP
98304:1fzBT7dhX1sDJ5viyAdGMP4vjT7mzDD+LrgMB0t+XmBurh:rd4jv1AAMP4vHqzfweCbh
Score7/10-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Requests enabling of the accessibility settings.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Input Injection
1