General

  • Target

    WonderKlean.apk

  • Size

    4.4MB

  • Sample

    241101-lw7y8a1mar

  • MD5

    7b4cd0491cd187d65825890fabb64dfe

  • SHA1

    c5513e225f6eb1cb17f4666061d7adf9472fec82

  • SHA256

    9856fa366b3f11f0ed955876a24b3025dcb1dbb6400a6125347097a7e37bff06

  • SHA512

    87db1a14282f6466b378b23346235bd05625b037d7ece884dbc738c13fbe07e8991c58dc47db535664f5c08d3eb3e353e02cef34a1e5f07f9ce7f474fe6a3775

  • SSDEEP

    98304:tSyzBVTlmzkV0tnmcQlDZJ7iR2WNVG73t5/vSxUZ9L:bIzRnmtlWR2WNVG73f/KOTL

Malware Config

Targets

    • Target

      WonderKlean.apk

    • Size

      4.4MB

    • MD5

      7b4cd0491cd187d65825890fabb64dfe

    • SHA1

      c5513e225f6eb1cb17f4666061d7adf9472fec82

    • SHA256

      9856fa366b3f11f0ed955876a24b3025dcb1dbb6400a6125347097a7e37bff06

    • SHA512

      87db1a14282f6466b378b23346235bd05625b037d7ece884dbc738c13fbe07e8991c58dc47db535664f5c08d3eb3e353e02cef34a1e5f07f9ce7f474fe6a3775

    • SSDEEP

      98304:tSyzBVTlmzkV0tnmcQlDZJ7iR2WNVG73t5/vSxUZ9L:bIzRnmtlWR2WNVG73f/KOTL

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

MITRE ATT&CK Mobile v15

Tasks