Overview

overview

10

Static

static

10

COMPLEMENTO APP.apk

android-10-x64

7

COMPLEMENTO APP.apk

android-13-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    COMPLEMENTO APP.zip

  • Size

    3.6MB

  • Sample

    241022-tlh64stcjb

  • MD5

    8cda9d38e0f9d282dc9a409ef4e5fa2b

  • SHA1

    6e34d2aa63eba4232a974983624a9d577da0e9ab

  • SHA256

    b160c7dd397822ec555dc9e479b37b55d512722ca530d95378d2eabdb05e52cd

  • SHA512

    723c6925a52a2c62bf48143dc6ee1c79e6d110a4d21a10318d53383c4c21850c38850cfdac8761cf2b86e41788cb662a13f2f71d2eebe1f76fb9cca4d6b3985a

  • SSDEEP

    98304:Tnz4/i1j2KyQOfenyeuppfBiGcvI7mZH31XQQ5eQby1kj:LWi8Kyrfen1uppfBi3g7mhFQzQeyj

Score
10/10
spynoteandroidbankercollectioncredential_accessdiscoveryevasionexecutionpersistence

Malware Config

Targets

    • Target

      COMPLEMENTO APP.apk

    • Size

      4.4MB

    • MD5

      b339d6014337c9ff62ba7879d30519a7

    • SHA1

      cad7f6bb1f1cbf282c08f87850cfbf016599924e

    • SHA256

      414ba6e44f6ad4c1432315c0ea34deae4e0c9b57abe68f2dae2ab353f303ba2c

    • SHA512

      d1c4f12526473963757fee763a6389db0fe587147b0eced4af3a363d8feb69174076c657aba8abd7a609c3f9c11df0803db3a425dba347a79a67587258c2cf63

    • SSDEEP

      98304:xS6mzB/T9mzIgE0tJiLmiLV5OAQr6ccquyA7qQlZTJzlT8+p2GzVV:xNyQz/3GmiLHO56ccvGITDR2iVV

    Score
    7/10
    bankercollectioncredential_accessdiscoveryevasionexecutionpersistence

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Acquires the wake lock

    • Checks the application is allowed to request package installs through the package installer

      Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).

      evasion

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

      evasion
    behavioral1behavioral2

MITRE ATT&CK Mobile v15

Tasks