General
-
Target
WonderKlean.apk
-
Size
4.4MB
-
Sample
241101-lw7y8a1mar
-
MD5
7b4cd0491cd187d65825890fabb64dfe
-
SHA1
c5513e225f6eb1cb17f4666061d7adf9472fec82
-
SHA256
9856fa366b3f11f0ed955876a24b3025dcb1dbb6400a6125347097a7e37bff06
-
SHA512
87db1a14282f6466b378b23346235bd05625b037d7ece884dbc738c13fbe07e8991c58dc47db535664f5c08d3eb3e353e02cef34a1e5f07f9ce7f474fe6a3775
-
SSDEEP
98304:tSyzBVTlmzkV0tnmcQlDZJ7iR2WNVG73t5/vSxUZ9L:bIzRnmtlWR2WNVG73f/KOTL
Malware Config
Targets
-
-
Target
WonderKlean.apk
-
Size
4.4MB
-
MD5
7b4cd0491cd187d65825890fabb64dfe
-
SHA1
c5513e225f6eb1cb17f4666061d7adf9472fec82
-
SHA256
9856fa366b3f11f0ed955876a24b3025dcb1dbb6400a6125347097a7e37bff06
-
SHA512
87db1a14282f6466b378b23346235bd05625b037d7ece884dbc738c13fbe07e8991c58dc47db535664f5c08d3eb3e353e02cef34a1e5f07f9ce7f474fe6a3775
-
SSDEEP
98304:tSyzBVTlmzkV0tnmcQlDZJ7iR2WNVG73t5/vSxUZ9L:bIzRnmtlWR2WNVG73f/KOTL
Score7/10-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Input Injection
1