General
-
Target
WonderKlean.apk
-
Size
4.4MB
-
Sample
241101-lw7y8a1mar
-
MD5
7b4cd0491cd187d65825890fabb64dfe
-
SHA1
c5513e225f6eb1cb17f4666061d7adf9472fec82
-
SHA256
9856fa366b3f11f0ed955876a24b3025dcb1dbb6400a6125347097a7e37bff06
-
SHA512
87db1a14282f6466b378b23346235bd05625b037d7ece884dbc738c13fbe07e8991c58dc47db535664f5c08d3eb3e353e02cef34a1e5f07f9ce7f474fe6a3775
-
SSDEEP
98304:tSyzBVTlmzkV0tnmcQlDZJ7iR2WNVG73t5/vSxUZ9L:bIzRnmtlWR2WNVG73f/KOTL
Behavioral task
behavioral1
Sample
WonderKlean.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
WonderKlean.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
WonderKlean.apk
Resource
android-x64-arm64-20240624-en
Malware Config
Targets
-
-
Target
WonderKlean.apk
-
Size
4.4MB
-
MD5
7b4cd0491cd187d65825890fabb64dfe
-
SHA1
c5513e225f6eb1cb17f4666061d7adf9472fec82
-
SHA256
9856fa366b3f11f0ed955876a24b3025dcb1dbb6400a6125347097a7e37bff06
-
SHA512
87db1a14282f6466b378b23346235bd05625b037d7ece884dbc738c13fbe07e8991c58dc47db535664f5c08d3eb3e353e02cef34a1e5f07f9ce7f474fe6a3775
-
SSDEEP
98304:tSyzBVTlmzkV0tnmcQlDZJ7iR2WNVG73t5/vSxUZ9L:bIzRnmtlWR2WNVG73f/KOTL
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Input Injection
1